SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

A curated list of resources for learning about application security

A fully RESTful server implementation for CodeIgniter using one library, one config file and one controller.

Debug bar for PHP

A database of PHP security advisories

Jumpstart your CodeIgniter web applications with a modular, HMVC-ready, backend.

Twitter vulnerable snippets

⛔️DEPRECATED CodeIgniter base CRUD model to remove repetition and increase productivity

daloRADIUS is an advanced RADIUS web management application for managing hotspots and general-purpose ISP deployments. It features user management, graphical reporting, accounting, a billing engine…

STOP USING THIS USE GUZZLE INSTEAD >.<

An abstraction layer for git written in PHP

XBOW Validation Benchmarks

Shout-out supporters in your GitHub README file.

Slurps down every stable version of every plugin in the WordPress plugin directory.

SQL injection vulnerabilities in Stack Overflow PHP questions

Challenges & author writeups from ZeroDays CTF 2025.

68 Knowledge Base

A WordPress plugin that validates your site's XML-RPC endpoint, helping diagnose login and communication issues with WordPress mobile apps.

Drupal 8 community video curriculum

Dockercon 2016 Security Workshop

Dynamic HTML Tables

Snyk PHP Goof - A vulnerable PHP demo application

Menu Navigation extension for CodeIgniter PHP framework

Migrate Drupal 7 Sites to Wordpress 3.9, and Wordpress 4

Base CRUD pattern for Codeigniter

A composer plugin that checks if your application uses dependencies with known security vulnerabilities (it uses SensioLabs Security Checker)

Some regexes and string manipulation to clean the chaotic JSON produced by ChatGPT (when frequency_penalty ~ 1)

XBOW Validation Benchmarks -- Forked by ZeroPath

Proposal for the `is_literal()` function

og_forum fork