这是一个带有漏洞的Web应用系统,在这里包含了常见的web安全漏洞。 如果你是一个Web渗透测试学习人员且正发愁没有合适的靶场进行练习,那么它可能正合你意。
This is a web application system with vulnerabilities, which contains common web security vulnerabilities. If you are a web penetration test learner and are worried about not having the right range to practice, then it may be just what you want.
PoCBox - 赏金猎人的脆弱性测试辅助平台
生成漏洞验证代码(便于撰写报告)、在线测试(便于快速手工测试)
测试:JSONP劫持、CORS、Flash跨域资源读取、Google Hack语法生成、URL测试字典生成、JavaScript URL跳转、302 URL跳转
中英文语言切换(默认为英文)
Pocbox - a vulnerability testing platform for bounty hunters
Generate vulnerability verification code (easy to write reports), online test (easy to test quickly and manually)
Test: jsonp hijacking, CORS, flash cross domain resource reading, Google hack syntax generation, URL test dictionary generation, JavaScript URL jump, 302 URL jump
Chinese English language switch (default is English)
XSS平台 CTF工具 Web安全工具
XSS platform CTF tool web security tool
DoraBox - 基础Web漏洞训练靶场,名字起源于哆啦A梦的英文,希望DoraBox能让你像大雄借助哆啦A梦的百宝袋一样学习到一些东西。
SQL注入:数字型、字符型、搜索型
XSS:反射型、存储型、DOM型
文件包含:任意、目录限制
文件上传:任意、JS限制、MIME限制、扩展名限制、内容限制
代码/命令执行:任意
SSRF:SSRF(回显)
其他:条件竞争(支付&上传)、任意文件读取、XXE
CSRF:增加CSRF读取型(JSONP劫持、CORS跨域资源读取)
除此之外还有一些poc在项目的PoC目录中。
Dorabox - Basic Web vulnerability training range, whose name originated from Doraemon's English, I hope Doraemon can let you learn something like da Xiong with Doraemon's treasure bag.
SQL injection: digital type, character type, search type
XSS: reflective, storage, DOM
File include: arbitrary, directory limit
File upload: arbitrary, JS limit, mime limit, extension limit, content limit
Code / command execution: any
SSRF: SSRF (echo)
Others: conditional competition (payment & upload), arbitrary file reading, xxE
CSRF: add CSRF read type (jsonp hijack, CORS cross domain resource read)
In addition, there are some POCS in the POC directory of the project.
集成了该框架学习的pdf、代码等学习资源,帮助零基础学员学习入门
It integrates PDF, code and other learning resources of the framework to help zero foundation students learn how to get started
实战攻防演习之蓝队视角下的防御体系构建
The construction of defense system from the perspective of blue team
腾讯小程序云开发课程从零基础到实战.
Tencent small program cloud development course from zero foundation to practice.
xsspayload
Xsspayload All In One