2016-10-20 02:54:29 +00:00
|
|
|
# Payloads All The Things
|
2016-10-18 11:36:18 +00:00
|
|
|
A list of usefull payloads and bypasses for Web Application Security
|
2016-11-02 13:26:00 +00:00
|
|
|
Feel free to improve with your payloads and techniques !
|
|
|
|
I <3 pull requests :)
|
2016-10-18 07:06:10 +00:00
|
|
|
|
2016-11-02 13:26:00 +00:00
|
|
|
Last modifications :
|
|
|
|
* XSS paylods improved
|
|
|
|
* CRLF payloads improved
|
|
|
|
* SQLi payloads improved
|
|
|
|
* Enumeration added (WIP)
|
|
|
|
|
2016-11-03 16:56:15 +00:00
|
|
|
# Tools
|
|
|
|
|
|
|
|
* [Web Developper](https://addons.mozilla.org/en-Gb/firefox/addon/web-developer/)
|
|
|
|
* [Hackbar](https://addons.mozilla.org/en-Gb/firefox/addon/hackbar/?src=search)
|
|
|
|
* [Burp Proxy](https://portswigger.net)
|
|
|
|
* [Fiddler](https://www.telerik.com/download/fiddler)
|
|
|
|
* [DirBuster](https://sourceforge.net/projects/dirbuster/)
|
|
|
|
* [GoBuster](https://github.com/OJ/gobuster)
|
|
|
|
* [Knockpy](https://github.com/guelfoweb/knock)
|
|
|
|
* [SQLmap](http://sqlmap.org)
|
|
|
|
* [Eyewitness](https://github.com/ChrisTruncer/EyeWitness)
|
|
|
|
* [Nikto](https://cirt.net/nikto2)
|
|
|
|
* [Recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng)
|
2016-11-06 05:42:50 +00:00
|
|
|
* [Wappalyzer](https://wappalyzer.com/download)
|
2016-11-02 13:26:00 +00:00
|
|
|
|
|
|
|
# More resources
|
|
|
|
Book's list:
|
|
|
|
* Web Hacking 101 - https://leanpub.com/web-hacking-101
|
|
|
|
* The Web Application Hacker's Handbook - https://www.amazon.fr/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470
|
2016-11-03 16:56:15 +00:00
|
|
|
|
|
|
|
Blogs/Websites
|
|
|
|
* http://blog.zsec.uk/101-web-testing-tooling/
|
|
|
|
* https://blog.innerht.ml
|
|
|
|
* https://blog.zsec.uk
|
|
|
|
* https://www.exploit-db.com/google-hacking-database
|
|
|
|
* https://www.arneswinnen.net
|