- PayloadsAllTheThings
- SQLi, XSS http://www.dvwa.co.uk/
- XSS https://github.com/google/firing-range
- Markdown xss and all payload
- SQLi https://github.com/Audi-1/sqli-labs
- IBM XSS test suite: http://researcher.watson.ibm.com/researcher/view_group_subpage.php?id=1598
- Path traversal https://github.com/wireghoul/dotdotpwn
docker pull kalilinux/kali-linux-dockerofficial Kali Linuxdocker pull owasp/zap2docker-stable- official OWASP ZAPdocker pull wpscanteam/wpscan- official WPScandocker pull pandrew/metasploit- docker-metasploitdocker pull citizenstig/dvwa- Damn Vulnerable Web Application (DVWA)docker pull wpscanteam/vulnerablewordpress- Vulnerable WordPress Installationdocker pull hmlio/vaas-cve-2014-6271- Vulnerability as a service: Shellshockdocker pull hmlio/vaas-cve-2014-0160- Vulnerability as a service: Heartbleeddocker pull opendns/security-ninjas- Security Ninjasdocker pull diogomonica/docker-bench-security- Docker Bench for Securitydocker pull ismisepaul/securityshepherd- OWASP Security Shepherddocker pull danmx/docker-owasp-webgoat- OWASP WebGoat Project docker imagedocker-compose build && docker-compose up- OWASP NodeGoatdocker pull citizenstig/nowasp- OWASP Mutillidae II Web Pen-Test Practice Applicationdocker pull bkimminich/juice-shop- OWASP Juice Shop- OWASP Broken Web Applications Project https://github.com/chuckfw/owaspbwa/
- WASP Vulnerable Web Applications Directory Project/Pages/Offline https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project/Pages/Offline
- http://noxxi.de/research/http-evader-explained-6-whitespace.html
- https://github.com/wisec/domxsswiki/wiki
- Nginx Anti XSS & SQL Injection. https://github.com/nbs-system/naxsi
- Malware domain list: http://www.malwaredomainlist.com/hostslist/hosts.txt
- http://groups.csail.mit.edu/pag/ardilla/
- https://blog.haschek.at/2017/how-to-defend-your-website-with-zip-bombs.html