Authentication oauth 2fa-bypass
- [/] cyllective/oauth-labs: oauth-labs: an intentionally vulnerable set of OAuth 2.0 labs for security training and learning oauth-vulns
- [-] melonattacker/oauth-exploit-lab: Lab to understand OAuth v2 vulnerabilities and attack techniques. oath-vulns
- [-] TryHackMe | OAuth Vulnerabilities: for premium user oauth-vulns
- TryHackMe | Multi-Factor Authentication 2fa-bypass
- TryHackMe | Hammer 2fa-bypass
- its-Marvin/weak2fa-for-ctf: Simple site with a bad implementation of 2FA for security CTF events 2fa-bypass
- SCIM Playground | scim.dev SCIM
CSPT CSPT
Recon reconnaise
- Hack The Box - Wanderer Pro Labs - %50/month.
XSS XSS
- XSS game
- alert(1) to win
- prompt(1) to win - 0x0
- Practice XSS Challenges Learn by Solving Real-World Payloads
- XSS Challenges (by yamagata21) - Stage #1
- YesWeHack - Dojo
- PwnFunction/xss.pwnfunction.com: DOM XSS Game
- terjanq/same-origin-xss: Same Origin XSS challenge
- breakthenet/CTF-XSS: XSS cookie stealing challenge - single button deploy, just set your custom CTF Flag in the setup process!
- 0xAbbarhSF/XSS-Lab: Collection Of some XSS Bypass and Evading Techniques Plus Walkthrough :v, Cross-site scripting is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy
- 0x0elliot/XSS-CTF-With-Python: A Web CTF that was originally made for AppSec Village DEFCON 29 CTFs [5th August 2021 - 8th August 2021] and had the name “Send me something interesting!”
- image2ascii2-ctfchallenge/index.py at main · Dev-AviSingh/image2ascii2-ctfchallenge
- do0dl3/xss-labs: xss 跨站漏洞平台
- tegal1337/0l4bs: Cross-site scripting labs for web application security enthusiasts
- Re13orn/xss-lab: 20 level xss lab by network!!!
SSRF SSRF
- incredibleindishell/SSRF_Vulnerable_Lab: This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
- ProbiusOfficial/ssrf-labs: 【Hello-CTF labs】一个ssrf的综合靶场,包含RCE,SQL注入,Tomcat,Redis,MySQL提权等ssrf攻击场景
- Captain-K-101/Ssrf-labs: This Lab contain the sample codes Basic Labs related to Server-Side Request Forgery attack
- selectarget/SSRF_labs: 国光SSRF靶场 docker一键启动
- RishabhPathak93/SSRF-LABS
- shubham-s-pandey/ssrflabs: SSRF Labs script
- j0rd1s3rr4n0/FinSecure_Bank: 🏦 FinSecure Bank — Educational SSRF Demo Lab simulating a vulnerable fintech app to teach secure development and ethical hacking.
LFI
- paralax/lfi-labs: small set of PHP scripts to practice exploiting LFI, RFI and CMD injection vulns
- Chocapikk/lfi-training: LFI Challenge - Capture The Flag (CTF)
SQL Injection
- breakthenet/HackMe-SQL-Injection-Challenges: Pen test your “friend’s” online MMORPG game - specific focus, sql injection opportunities
- netlight/security-challenge: SQL injection challenge
- digininja/nosqlilab: A lab for playing with NoSQL Injection
- incredibleindishell/sqlite-lab: This code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/
- himadriganguly/sqlilabs: Lab set-up for learning SQL Injection Techniques
HTTP Request Smuggling
- BenjiTrapp/http-request-smuggling-lab: Two hacking challenges related to HTTP request smuggling
- later
Cache Poisoning
API
- theowni/Damn-Vulnerable-RESTaurant-API-Game: Damn Vulnerable Restaurant is an intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethical hackers and security engineers. API (try to use github.com/intruder-io/autoswagger).