The OSTE meta scanner is a comprehensive web vulnerability scanner that combines multiple DAST scanners, including Nikto Scanner, ZAP, Nuclei, SkipFish, and Wapiti.
-
Updated
Sep 8, 2025 - Python
The OSTE meta scanner is a comprehensive web vulnerability scanner that combines multiple DAST scanners, including Nikto Scanner, ZAP, Nuclei, SkipFish, and Wapiti.
OS Command Injection Vulnerability Payload List
Vulnerable Web application made with PHP/SQL designed to help new web testers gain some experience and test DAST tools for identifying web vulnerabilities. Containing some of the most well-known vulnerabilities such as SQL, cross-site scripting (XSS), OS command injections, our intention to expand more vulnerabilities for learning purposes.
A collection of payloads for different vulnerabilities, best payload lists in one repository
An API for escaping different kind of queries
This repository is a Dockerized php application containing a LFI (Local File Inclusion) vulnerability which can lead to RCE (Remote Code Execution).
Writeups for portswigger labs.
Red Team utilities for setting up CWP CentOS 7 payload & reverse shell (Red Team 9 - CW2023)
Executing shell commands via HTTP server
Exploit for CVE-2017-12945.
WAFManis is a Protocol-Level WAF Evasion Fuzzing Tool that automates the discovery of evasion vulnerabilities in Web Application Firewalls (WAFs) by fuzzing HTTP requests to identify potential bypass techniques.
CVE-2025-3969: Exploit PoC (OS CMD injection, Web Shell, Interactive Shell)
Executing shell commands via UDP server
A threat actor may inject arbitrary operating system (OS) commands on target
SQL Injection and OS Command Injection demo application.
PoC for CVE-2015-10141 – Xdebug unauthenticated RCE
A deliberately vulnerable web application for security training and CTF practice. Built with Node.js, Express & MySQL. Covers OS Command Injection, SQL Injection, XSS (GET/POST), CSRF (GET/POST), and SSRF — each with an interactive demo page.
Professional write-up and technical documentation for the "Blind OS Command Injection with Time Delays" lab from PortSwigger Web Security Academy. This repository explains the vulnerability, root cause, exploitation methodology, security impact, remediation recommendations, and includes proof of successful lab completion for educational purposes.
From deobfuscating code.js to root, CVE-2023-0386
OS Command Injection Labs - writeup
Add a description, image, and links to the os-command-injection topic page so that developers can more easily learn about it.
To associate your repository with the os-command-injection topic, visit your repo's landing page and select "manage topics."