- PayloadsAllTheThings
- SQLi, XSS http://www.dvwa.co.uk/
- XSS https://github.com/google/firing-range
- Markdown xss and all payload
- SQLi https://github.com/Audi-1/sqli-labs
- IBM XSS test suite: http://researcher.watson.ibm.com/researcher/view_group_subpage.php?id=1598
- Path traversal https://github.com/wireghoul/dotdotpwn
docker pull kalilinux/kali-linux-docker
official Kali Linuxdocker pull owasp/zap2docker-stable
- official OWASP ZAPdocker pull wpscanteam/wpscan
- official WPScandocker pull pandrew/metasploit
- docker-metasploitdocker pull citizenstig/dvwa
- Damn Vulnerable Web Application (DVWA)docker pull wpscanteam/vulnerablewordpress
- Vulnerable WordPress Installationdocker pull hmlio/vaas-cve-2014-6271
- Vulnerability as a service: Shellshockdocker pull hmlio/vaas-cve-2014-0160
- Vulnerability as a service: Heartbleeddocker pull opendns/security-ninjas
- Security Ninjasdocker pull diogomonica/docker-bench-security
- Docker Bench for Securitydocker pull ismisepaul/securityshepherd
- OWASP Security Shepherddocker pull danmx/docker-owasp-webgoat
- OWASP WebGoat Project docker imagedocker-compose build && docker-compose up
- OWASP NodeGoatdocker pull citizenstig/nowasp
- OWASP Mutillidae II Web Pen-Test Practice Applicationdocker pull bkimminich/juice-shop
- OWASP Juice Shop- OWASP Broken Web Applications Project https://github.com/chuckfw/owaspbwa/
- WASP Vulnerable Web Applications Directory Project/Pages/Offline https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project/Pages/Offline
- http://noxxi.de/research/http-evader-explained-6-whitespace.html
- https://github.com/wisec/domxsswiki/wiki
- Nginx Anti XSS & SQL Injection. https://github.com/nbs-system/naxsi
- Malware domain list: http://www.malwaredomainlist.com/hostslist/hosts.txt
- http://groups.csail.mit.edu/pag/ardilla/
- https://blog.haschek.at/2017/how-to-defend-your-website-with-zip-bombs.html