CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting information is certainly very useful for conducting further penetration testing, and analyzing websites with the same server.

AMWScan (PHP Antimalware Scanner) is a free tool to scan php files and analyze your project to find any malicious code inside it.

PHPMailer < 5.2.18 Remote Code Execution exploit and vulnerable container

Bypassing disabled exec functions in PHP (c) CRLF

Multi-language web CGI interfaces exploits.

Reference: http://www.secgeek.net/bookfresh-vulnerability/

A simple PHP application to learn SQL Injection detection and exploitation techniques.

Yet Another PHP Shell - The most complete PHP reverse shell

Collection of malware files found on hacked WordPress sites

365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack.

Advanced Web Browser Fingerprinting

A webshell plugin and interactive shell for pentesting a Moodle instance.

PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4) Back Office Remote Code Execution (CVE-2018-19126)

Webshell Jumping Edition

Terminal like php shell (PHP+jQuery WebShell)

XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.

Exploit to trigger RCE for CVE-2018-16763 on FuelCMS <= 1.4.1 and interactive shell.

Full and complete RCE exploit for Magento Polyshell

Exploit the vulnerability to install arbitrary applications in k61v1 without ROOT

A support web page for my eJPT / eCPPT Certification Process