SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

🐶 A curated list of Web Security materials and resources.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

🎯 SQL Injection Payload List

China's first CTFTools framework.中国国内首个CTF工具框架,旨在帮助CTFer快速攻克难关

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐

CyberSecurityRSS: A collection of cybersecurity rss to make you better!

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

🎯 XML External Entity (XXE) Injection Payload List

Useful Google Dorks for WebSecurity and Bug Bounty

Twitter vulnerable snippets

An HTTP/HTTPS intercept proxy written in Go.

网络安全学习资料，欢迎补充

🎯 PHP / ASP - Shell Backdoor List 🎯

🎯 Server Side Template Injection Payloads

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Scrape domain names from SSL certificates of arbitrary hosts

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.