mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 10:26:09 +00:00
Update _template_vuln page
This commit is contained in:
parent
d6ce9cd317
commit
dc349c10c3
@ -1,23 +1,30 @@
|
||||
# CONTRIBUTING
|
||||
|
||||
PayloadsAllTheThings' Team :heart: pull requests :)
|
||||
PayloadsAllTheThings' Team :heart: pull requests.
|
||||
|
||||
Feel free to improve with your payloads and techniques !
|
||||
|
||||
You can also contribute with a :beers: IRL, or using the sponsor button.
|
||||
You can also contribute with a :beers: IRL, or using the [sponsor](https://github.com/sponsors/swisskyrepo) button.
|
||||
|
||||
## Pull Requests Guidelines
|
||||
|
||||
In order to provide the safest payloads for the community, the following rules must be followed for **every** Pull Request.
|
||||
|
||||
- Payloads must be sanitized
|
||||
- Use `id`, and `whoami`, for RCE Proof of Concepts
|
||||
- Use `[REDACTED]` when the user has to replace a domain for a callback. E.g: XSSHunter, BurpCollaborator etc.
|
||||
- Use `10.10.10.10` and `10.10.10.11` when the payload require IP addresses
|
||||
- Use `Administrator` for privileged users and `User` for normal account
|
||||
- Use `P@ssw0rd`, `Password123`, `password` as default passwords for your examples
|
||||
- Prefer commonly used name for machines such as `DC01`, `EXCHANGE01`, `WORKSTATION01`, etc
|
||||
- Use `id`, and `whoami`, for RCE Proof of Concepts
|
||||
- Use `[REDACTED]` when the user has to replace a domain for a callback. E.g: XSSHunter, BurpCollaborator etc.
|
||||
- Use `10.10.10.10` and `10.10.10.11` when the payload require IP addresses
|
||||
- Use `Administrator` for privileged users and `User` for normal account
|
||||
- Use `P@ssw0rd`, `Password123`, `password` as default passwords for your examples
|
||||
- Prefer commonly used name for machines such as `DC01`, `EXCHANGE01`, `WORKSTATION01`, etc
|
||||
- References must have an `author`, a `title` and a `link`. The `date` is not mandatory but appreciated :)
|
||||
|
||||
Every pull request will be checked with `markdownlint` to ensure consistent writing and Markdown best practices. You can validate your files locally using the following Docker command:
|
||||
|
||||
```ps1
|
||||
docker run -v $PWD:/workdir davidanson/markdownlint-cli2:v0.15.0 "**/*.md" --config .github/.markdownlint.json --fix
|
||||
```
|
||||
|
||||
## Techniques Folder
|
||||
|
||||
Every section should contains the following files, you can use the `_template_vuln` folder to create a new technique folder:
|
||||
@ -29,35 +36,4 @@ Every section should contains the following files, you can use the `_template_vu
|
||||
|
||||
## README.md format
|
||||
|
||||
Use the following example to create a new technique `README.md` file.
|
||||
|
||||
```markdown
|
||||
# Vulnerability Title
|
||||
|
||||
> Vulnerability description
|
||||
|
||||
## Summary
|
||||
|
||||
* [Tools](#tools)
|
||||
* [Something](#something)
|
||||
* [Subentry 1](#sub1)
|
||||
* [Subentry 2](#sub2)
|
||||
* [References](#references)
|
||||
|
||||
## Tools
|
||||
|
||||
- [Tool 1](https://example.com)
|
||||
- [Tool 2](https://example.com)
|
||||
|
||||
## Something
|
||||
|
||||
Quick explanation
|
||||
|
||||
### Subentry 1
|
||||
|
||||
Something about the subentry 1
|
||||
|
||||
## References
|
||||
|
||||
- [Blog title - Author, Date](https://example.com)
|
||||
```
|
||||
Use the example folder [_template_vuln/](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/_template_vuln/). The main page is [README.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/_template_vuln/README.md).
|
||||
|
@ -2,32 +2,31 @@
|
||||
|
||||
Twitter is very common in the InfoSec area. Many advices and tips on bug hunting or CTF games are posted every day. It is worth following the feeds of some successful security researchers and hackers.
|
||||
|
||||
## Accounts
|
||||
|
||||
### Accounts
|
||||
|
||||
- [@Stök - Bug bounty hunter, cybersecurity educational content creator](https://twitter.com/stokfredrik)
|
||||
- [@NahamSec - Hacker & content creator & co-founder bugbountyforum and http://recon.dev](https://twitter.com/NahamSec)
|
||||
- [@dawgyg - Bug bounty hunter, reformed blackhat, Synack red team member](https://twitter.com/thedawgyg)
|
||||
- [@putsi - Bug bounty hunter and white hat hacker in Team ROT](https://twitter.com/putsi)
|
||||
- [@thecybermentor - Offers cybersecurity and hacking courses](https://twitter.com/thecybermentor)
|
||||
- [@InsiderPhD - PhD student, occasional bug bounty hunter & educational cyber security youtuber](https://twitter.com/InsiderPhD)
|
||||
- [@LiveOverflow - Content creator and hacker producing videos on various IT security topics and participating in hacking contests](https://twitter.com/LiveOverflow)
|
||||
- [@EdOverflow - Web developer, security researcher and triager for numerous vulnerability disclosure programs](https://twitter.com/edoverflow)
|
||||
- [@r0bre - Bug Hunter for web- and systemsecurity, iOS Security researcher](https://twitter.com/r0bre)
|
||||
- [@intigriti - European ethical hacking & bug bounty platform](https://twitter.com/intigriti)
|
||||
- [@Hacker0x01 - American bug bounty platform](https://twitter.com/Hacker0x01)
|
||||
- [@bugcrowd - Another american bug bounty platform](https://twitter.com/Bugcrowd)
|
||||
- [@hakluke - Bug bounty hunter, content creator, creator of some great pentesting tools like hakrawler](https://twitter.com/hakluke)
|
||||
- [@spaceraccoon - Security researcher and white hat hacker. Has worked on several bug bounty programs](https://twitter.com/spaceraccoonsec)
|
||||
- [@samwcyo - Full time bug bounty hunter](https://twitter.com/samwcyo)
|
||||
- [@Th3G3nt3lman - Security Research & Bug bounty hunter](https://twitter.com/Th3G3nt3lman)
|
||||
- [@securinti - Dutch bug bounty hunter & head of hackers and bord member @ intigriti](https://twitter.com/securinti)
|
||||
- [@jobertabma - Co-founder of HackerOne, security researcher](https://twitter.com/jobertabma)
|
||||
- [@codingo_ - Global Head of Security Ops and Researcher Enablement bugcrowd, Maintainer of some great pentesting tools like NoSQLMap or VHostScan](https://twitter.com/codingo_)
|
||||
- [@TomNomNom - security researcher, maintainer of many very useful pentesting tools](https://twitter.com/TomNomNom)
|
||||
- [@orange_8361 - bug bounty hunter and security researcher, specialized on RCE bugs](https://twitter.com/orange_8361)
|
||||
- [@d0nutptr - part-time bug hunter, Lead Security Engineer at graplsec](https://twitter.com/d0nutptr)
|
||||
- [@filedescriptor - security researcher, bug hunter and content creator at 0xReconless](https://twitter.com/filedescriptor)
|
||||
- [@0xReconless - Security research, blogs, and videos by filedescriptor, ngalongc & EdOverflow](https://twitter.com/0xReconless)
|
||||
- [@pentest_swissky - Author of PayloadsAllTheThings & SSRFmap](https://twitter.com/pentest_swissky)
|
||||
- [@bugcrowd - Another american bug bounty platform](https://twitter.com/Bugcrowd)
|
||||
- [@codingo_ - Global Head of Security Ops and Researcher Enablement bugcrowd, Maintainer of some great pentesting tools like NoSQLMap or VHostScan](https://twitter.com/codingo_)
|
||||
- [@d0nutptr - part-time bug hunter, Lead Security Engineer at graplsec](https://twitter.com/d0nutptr)
|
||||
- [@dawgyg - Bug bounty hunter, reformed blackhat, Synack red team member](https://twitter.com/thedawgyg)
|
||||
- [@EdOverflow - Web developer, security researcher and triager for numerous vulnerability disclosure programs](https://twitter.com/edoverflow)
|
||||
- [@filedescriptor - security researcher, bug hunter and content creator at 0xReconless](https://twitter.com/filedescriptor)
|
||||
- [@GentilKiwi - Author of Mimikatz & Kekeo](https://twitter.com/gentilkiwi)
|
||||
- [@Hacker0x01 - American bug bounty platform](https://twitter.com/Hacker0x01)
|
||||
- [@hakluke - Bug bounty hunter, content creator, creator of some great pentesting tools like hakrawler](https://twitter.com/hakluke)
|
||||
- [@InsiderPhD - PhD student, occasional bug bounty hunter & educational cyber security youtuber](https://twitter.com/InsiderPhD)
|
||||
- [@intigriti - European ethical hacking & bug bounty platform](https://twitter.com/intigriti)
|
||||
- [@jobertabma - Co-founder of HackerOne, security researcher](https://twitter.com/jobertabma)
|
||||
- [@LiveOverflow - Content creator and hacker producing videos on various IT security topics and participating in hacking contests](https://twitter.com/LiveOverflow)
|
||||
- [@NahamSec - Hacker & content creator & co-founder bugbountyforum and http://recon.dev](https://twitter.com/NahamSec)
|
||||
- [@orange_8361 - bug bounty hunter and security researcher, specialized on RCE bugs](https://twitter.com/orange_8361)
|
||||
- [@pentest_swissky - Author of PayloadsAllTheThings & SSRFmap](https://twitter.com/pentest_swissky)
|
||||
- [@putsi - Bug bounty hunter and white hat hacker in Team ROT](https://twitter.com/putsi)
|
||||
- [@r0bre - Bug Hunter for web- and systemsecurity, iOS Security researcher](https://twitter.com/r0bre)
|
||||
- [@samwcyo - Full time bug bounty hunter](https://twitter.com/samwcyo)
|
||||
- [@securinti - Dutch bug bounty hunter & head of hackers and bord member @ intigriti](https://twitter.com/securinti)
|
||||
- [@spaceraccoon - Security researcher and white hat hacker. Has worked on several bug bounty programs](https://twitter.com/spaceraccoonsec)
|
||||
- [@Stök - Bug bounty hunter, cybersecurity educational content creator](https://twitter.com/stokfredrik)
|
||||
- [@Th3G3nt3lman - Security Research & Bug bounty hunter](https://twitter.com/Th3G3nt3lman)
|
||||
- [@thecybermentor - Offers cybersecurity and hacking courses](https://twitter.com/thecybermentor)
|
||||
- [@TomNomNom - security researcher, maintainer of many very useful pentesting tools](https://twitter.com/TomNomNom)
|
||||
|
@ -27,7 +27,6 @@
|
||||
- [EP004: Bug Hunters | HACKING GOOGLE](https://youtu.be/IoXiXlCNoXg)
|
||||
- [EP005: Project Zero | HACKING GOOGLE](https://youtu.be/My_13FXODdU)
|
||||
|
||||
|
||||
## Conferences
|
||||
|
||||
- [Hunting for Top Bounties - Nicolas Grégoire](https://www.youtube.com/watch?v=mQjTgDuLsp4)
|
||||
|
@ -11,12 +11,10 @@
|
||||
* [Labs](#labs)
|
||||
* [References](#references)
|
||||
|
||||
|
||||
## Tools
|
||||
|
||||
- [username/tool1](https://github.com/username/tool1) - Description of the tool
|
||||
- [username/tool2](https://github.com/username/tool2) - Description of the tool
|
||||
|
||||
* [username/tool1](https://github.com/username/tool1) - Description of the tool
|
||||
* [username/tool2](https://github.com/username/tool2) - Description of the tool
|
||||
|
||||
## Methodology
|
||||
|
||||
@ -28,18 +26,14 @@ Exploit
|
||||
|
||||
### Subentry 1
|
||||
|
||||
|
||||
### Subentry 2
|
||||
|
||||
|
||||
## Labs
|
||||
|
||||
- [Company - Lab 1](#link-to-the-lab)
|
||||
- [Company - Lab 2](#link-to-the-lab)
|
||||
- [Company - Challenge 1](#link-to-the-challenge)
|
||||
- [Company - Challenge 2](#link-to-the-challenge)
|
||||
|
||||
* [Root Me - Lab 1](https://root-me.org)
|
||||
* [PortSwigger - Lab 2](https://portswigger.net)
|
||||
* [HackTheBox - Lab 3](https://www.hackthebox.com)
|
||||
|
||||
## References
|
||||
|
||||
- [Blog title - Author (@handle) - Month XX, 202X](https://example.com)
|
||||
* [Blog title - Author (@handle) - Month XX, 202X](https://example.com)
|
||||
|
Loading…
Reference in New Issue
Block a user