A small set of PHP scripts designed for practicing exploiting LFI, RFI, and CMD injection vulnerabilities, primarily used for training and testing purposes. It allows users to test detection products, exploit tools, etc., by adding them to an Apache VirtualHost directive for testing purposes. Can be set up on UN*X + Apache + PHP, run as a Docker instance using the Dockerfile, or as a Vagrant instance using the Vagrantfile. Inspired by Jose Nazario, it provides useful links for LFI/RFI/CMD injection background.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Boston Key Party CTF 2013 - cybersecurity competition with challenges in various domains.
A series of vulnerable virtual machine images with documentation to teach Linux, Apache, PHP, MySQL security.
A university course focused on vulnerability research, reverse engineering, and binary exploitation to teach practical offensive security skills.
Markdown version of OWASP Testing Checklist v4 for various platforms.
A cybersecurity challenge where you play the role of an incident response consultant investigating an intrusion at Precision Widgets of North Dakota.
A non-profit organization providing live-fire cyber warfare ranges for training and up-skilling cybersecurity professionals.
A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.
A workshop on hacking Bluetooth Smart locks, covering architecture, vulnerabilities, and exploitation techniques.
PINNED

Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.