?? A curated list of Web Security materials and resources.

?? Cross Site Scripting ( XSS ) Vulnerability Payload List

?? SQL Injection Payload List

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透??、SRC漏洞?掘、爆破、Fuzzing等字典收集?目。

China's first CTFTools framework.中???首?CTF工具?架,旨在?助CTFer快速攻克??

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

CyberSecurityRSS: A collection of cybersecurity rss to make you better!

?? Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. ?? Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. ?? Authorization with JWT/PASETO tokens. ??

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

?? XML External Entity (XXE) Injection Payload List

An HTTP/HTTPS intercept proxy written in Go.

Useful Google Dorks for WebSecurity and Bug Bounty

Twitter vulnerable snippets

??安全???料，?迎?充

?? PHP / ASP - Shell Backdoor List ??

一款功能强大的漏洞?描器，子域名爆破使用aioDNS，asyncio?步快速?描，覆盖目?全方位???行批量漏洞?描，中?件信息收集，自?收集ip代理，探?Waf信息?自?使用?保?本机??Ip，在本机Ip被Waf?死后，自?切?代理Ip?行?描，Waf信息收集(??外100+款waf信息)包括安全狗，云?，阿里云，云盾，??云等，提供部分已知waf bypass 方案，中?件漏洞??(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令?行,文件包含, ssrf 漏洞?描, 支持自定?漏洞?箱推送功能

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

?? Server Side Template Injection Payloads

Scrape domain names from SSL certificates of arbitrary hosts

?? RFI/LFI Payload List