JAVA 漏洞靶场 (Vulnerability Environment For Java)

Solutions and write-ups from security-based competitions also known as Capture The Flag competition

A comprehensive browser extension designed for authorized security testing and penetration testing activities. CyberInject provides quick access to common security payloads across multiple vulnerability categories.

Argus is used to test for Blind XSS and SSRF vulnerbilities or any sort of OOB detection

A deliberately vulnerable web application built with Node.js, Express, and MySQL for security training. It provides a safe environment to learn about and exploit common web vulnerabilities like SQL Injection, XSS, CSRF, SSRF, and OS Command Injection.

Capture HTTP requests with ease! Create a private bucket, capture requests, and analyze the results. Useful for security and E2E testing.

This is a Nodejs Module To prevent SSRF based attack's. Blocks request to Private IP and mitigate from further Bypass

Cloud security simulation: SSRF attack chain + Wazuh SIEM + AI threat detection

A deliberately vulnerable web application for security training and CTF practice. Built with Node.js, Express & MySQL. Covers OS Command Injection, SQL Injection, XSS (GET/POST), CSRF (GET/POST), and SSRF — each with an interactive demo page.

End-to-end AI training-data platform — stealth crawl → LLM annotate → hybrid (dense + BM25) RAG → authenticated multi-tenant FastAPI. Live demo, load-tested at P95 54 ms / ~609 req/s, 120 tests.

Browser-based bug bounty workflow toolkit — 15 hunting phases, 269 PortSwigger lab solutions, auto-filled bash scripts, and a full recon pipeline.