Share Center
Share Center
Projects
PikaChu靶场
- Name : PikaChu
- Categories : Pentest Ranges
这是一个带有漏洞的Web应用系统,在这里包含了常见的web安全漏洞。 如果你是一个Web渗透测试学习人员且正发愁没有合适的靶场进行练习,那么它可能正合你意。
This is a web application system with vulnerabilities, which contains common web security vulnerabilities. If you are a web penetration test learner and are worried about not having the right range to practice, then it may be just what you want.
PocBox
- Name : PocBox
- Categories : Pentest Tools
PoCBox - 赏金猎人的脆弱性测试辅助平台
生成漏洞验证代码(便于撰写报告)、在线测试(便于快速手工测试)
测试:JSONP劫持、CORS、Flash跨域资源读取、Google Hack语法生成、URL测试字典生成、JavaScript URL跳转、302 URL跳转
中英文语言切换(默认为英文)
Pocbox - a vulnerability testing platform for bounty hunters
Generate vulnerability verification code (easy to write reports), online test (easy to test quickly and manually)
Test: jsonp hijacking, CORS, flash cross domain resource reading, Google hack syntax generation, URL test dictionary generation, JavaScript URL jump, 302 URL jump
Chinese English language switch (default is English)
BlueLotus_XSSReceiver
- Client : BlueLotus_XSSReceiver
- Categories : Pentest Tools
XSS平台 CTF工具 Web安全工具
XSS platform CTF tool web security tool
DoraBox靶场
- Name : DoraBox
- Categories : Pentest Ranges
DoraBox - 基础Web漏洞训练靶场,名字起源于哆啦A梦的英文,希望DoraBox能让你像大雄借助哆啦A梦的百宝袋一样学习到一些东西。
SQL注入:数字型、字符型、搜索型
XSS:反射型、存储型、DOM型
文件包含:任意、目录限制
文件上传:任意、JS限制、MIME限制、扩展名限制、内容限制
代码/命令执行:任意
SSRF:SSRF(回显)
其他:条件竞争(支付&上传)、任意文件读取、XXE
CSRF:增加CSRF读取型(JSONP劫持、CORS跨域资源读取)
除此之外还有一些poc在项目的PoC目录中。
Dorabox - Basic Web vulnerability training range, whose name originated from Doraemon's English, I hope Doraemon can let you learn something like da Xiong with Doraemon's treasure bag.
SQL injection: digital type, character type, search type
XSS: reflective, storage, DOM
File include: arbitrary, directory limit
File upload: arbitrary, JS limit, mime limit, extension limit, content limit
Code / command execution: any
SSRF: SSRF (echo)
Others: conditional competition (payment & upload), arbitrary file reading, xxE
CSRF: add CSRF read type (jsonp hijack, CORS cross domain resource read)
In addition, there are some POCS in the POC directory of the project.
SpringBoot框架学习
- Client : SpringBoot框架学习
- Categories : Resource
集成了该框架学习的pdf、代码等学习资源,帮助零基础学员学习入门
It integrates PDF, code and other learning resources of the framework to help zero foundation students learn how to get started
奇安信蓝队体系防御构建
- Client : 奇安信蓝队体系防御构建
- Categories : Resource
实战攻防演习之蓝队视角下的防御体系构建
The construction of defense system from the perspective of blue team
腾讯小程序云开发课程
- Client : 腾讯小程序云开发课程
- Categories : Resources
腾讯小程序云开发课程从零基础到实战.
Tencent small program cloud development course from zero foundation to practice.
XSS_Bypass
- Client : XSS_Bypass
- Categories : Resource
xsspayload
Xsspayload All In One