# Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I <3 pull requests :) # Tools * [Web Developper](https://addons.mozilla.org/en-Gb/firefox/addon/web-developer/) * [Hackbar](https://addons.mozilla.org/en-Gb/firefox/addon/hackbar/?src=search) * [Burp Proxy](https://portswigger.net) * [Fiddler](https://www.telerik.com/download/fiddler) * [DirBuster](https://sourceforge.net/projects/dirbuster/) * [GoBuster](https://github.com/OJ/gobuster) * [Knockpy](https://github.com/guelfoweb/knock) * [SQLmap](http://sqlmap.org) * [Eyewitness](https://github.com/ChrisTruncer/EyeWitness) * [Nikto](https://cirt.net/nikto2) * [Recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) * [Wappalyzer](https://wappalyzer.com/download) # More resources Book's list: * [Web Hacking 101](https://leanpub.com/web-hacking-101) * [The Web Application Hacker's Handbook](https://www.amazon.fr/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470) * [OWASP Testing Guide v4](https://www.owasp.org/index.php/OWASP_Testing_Project) * [Penetration Testing: A Hands-On Introduction to Hacking](http://amzn.to/2dhHTSn) * [The Hacker Playbook 2: Practical Guide to Penetration Testing](http://amzn.to/2d9wYKa) * [The Mobile Application Hacker’s Handbook](http://amzn.to/2cVOIrE) Blogs/Websites * http://blog.zsec.uk/101-web-testing-tooling/ * https://blog.innerht.ml * https://blog.zsec.uk * https://www.exploit-db.com/google-hacking-database * https://www.arneswinnen.net * https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter/1102 Practice * [Root-Me](https://www.root-me.org) * [Zenk-Security](https://www.zenk-security.com/epreuves.php) * [W3Challs](https://w3challs.com/) * [NewbieContest](https://www.newbiecontest.org/) * [Vulnhub](https://www.vulnhub.com/) * [The Cryptopals Crypto Challenges](https://cryptopals.com/) * [Penetration Testing Practice Labs](http://www.amanhardikar.com/mindmaps/Practice.html) * [alert(1) to win](https://alf.nu/alert1) * [Hacksplaining](https://www.hacksplaining.com/exercises)