HELLO WORLD
Share Center

Share Center

Projects
Pika
View More View More
PikaChu靶场 Pentest Ranges
Pika
PikaChu靶场
  • Name : PikaChu
  • Categories : Pentest Ranges

这是一个带有漏洞的Web应用系统,在这里包含了常见的web安全漏洞。 如果你是一个Web渗透测试学习人员且正发愁没有合适的靶场进行练习,那么它可能正合你意。

This is a web application system with vulnerabilities, which contains common web security vulnerabilities. If you are a web penetration test learner and are worried about not having the right range to practice, then it may be just what you want.

Visit Project Visit Project
PocBox
View More View More
PocBox Pentest Tools
PocBox
PocBox
  • Name : PocBox
  • Categories : Pentest Tools

PoCBox - 赏金猎人的脆弱性测试辅助平台​

生成漏洞验证代码(便于撰写报告)、在线测试(便于快速手工测试)

测试:JSONP劫持、CORS、Flash跨域资源读取、Google Hack语法生成、URL测试字典生成、JavaScript URL跳转、302 URL跳转

中英文语言切换(默认为英文)

Pocbox - a vulnerability testing platform for bounty hunters

Generate vulnerability verification code (easy to write reports), online test (easy to test quickly and manually)

Test: jsonp hijacking, CORS, flash cross domain resource reading, Google hack syntax generation, URL test dictionary generation, JavaScript URL jump, 302 URL jump

Chinese English language switch (default is English)

Visit Project Visit Project
xss
View More View More
BlueLotus_XSSReceiver Pentest Tools
xss
BlueLotus_XSSReceiver
  • Client : BlueLotus_XSSReceiver
  • Categories : Pentest Tools

XSS平台 CTF工具 Web安全工具

XSS platform CTF tool web security tool

Visit Project Visit Project
DoraBox
View More View More
DoraBox靶场 Pentest Ranges
DoraBox
DoraBox靶场
  • Name : DoraBox
  • Categories : Pentest Ranges

DoraBox - 基础Web漏洞训练靶场,名字起源于哆啦A梦的英文,希望DoraBox能让你像大雄借助哆啦A梦的百宝袋一样学习到一些东西。​

SQL注入:数字型、字符型、搜索型​

XSS:反射型、存储型、DOM型​

文件包含:任意、目录限制​

文件上传:任意、JS限制、MIME限制、扩展名限制、内容限制​

代码/命令执行:任意​

SSRF:SSRF(回显)​

其他:条件竞争(支付&上传)、任意文件读取、XXE​

CSRF:增加CSRF读取型(JSONP劫持、CORS跨域资源读取)​

除此之外还有一些poc在项目的PoC目录中。​

Dorabox - Basic Web vulnerability training range, whose name originated from Doraemon's English, I hope Doraemon can let you learn something like da Xiong with Doraemon's treasure bag.

SQL injection: digital type, character type, search type

XSS: reflective, storage, DOM

File include: arbitrary, directory limit

File upload: arbitrary, JS limit, mime limit, extension limit, content limit

Code / command execution: any

SSRF: SSRF (echo)

Others: conditional competition (payment & upload), arbitrary file reading, xxE

CSRF: add CSRF read type (jsonp hijack, CORS cross domain resource read)

In addition, there are some POCS in the POC directory of the project.

Visit Project Visit Project
SpringBoot
View More View More
SpringBoot框架学习 Resources
SpringBoot
SpringBoot框架学习
  • Client : SpringBoot框架学习
  • Categories : Resource

集成了该框架学习的pdf、代码等学习资源,帮助零基础学员学习入门

It integrates PDF, code and other learning resources of the framework to help zero foundation students learn how to get started

Visit Project Visit Project
Blue
View More View More
奇安信蓝队体系防御构建 Resources
Blue
奇安信蓝队体系防御构建
  • Client : 奇安信蓝队体系防御构建
  • Categories : Resource

实战攻防演习之蓝队视角下的防御体系构建

The construction of defense system from the perspective of blue team

Visit Project Visit Project
weUI
View More View More
腾讯小程序云开发课程 Resources
weUI
腾讯小程序云开发课程
  • Client : 腾讯小程序云开发课程
  • Categories : Resources

腾讯小程序云开发课程从零基础到实战.

Tencent small program cloud development course from zero foundation to practice.

Visit Project Visit Project
xsswaf
View More View More
XSS_Bypass Resource
demo
XSS_Bypass
  • Client : XSS_Bypass
  • Categories : Resource

xsspayload

Xsspayload All In One

Visit Project Visit Project