mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 18:36:10 +00:00
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
bountybugbountybypasscheatsheetenumerationhackinghacktoberfestmethodologypayloadpayloadspenetration-testingpentestprivilege-escalationredteamsecurityvulnerabilityweb-application
1b190939c4
This example was used on hackthebox where it leaked the root flag of a machine on free servers. This resulted in every user being able to get the root flag before they have even completed the box which isn't fair to others. This example should either be changed or removed completely to combat copy-pasting without knowing what you're doing. |
||
---|---|---|
_template_vuln | ||
.github | ||
API Key Leaks | ||
AWS Amazon Bucket S3 | ||
Command Injection | ||
CORS Misconfiguration | ||
CRLF Injection | ||
CSRF Injection | ||
CSV Injection | ||
CVE Exploits | ||
Directory Traversal | ||
File Inclusion | ||
GraphQL Injection | ||
Insecure Deserialization | ||
Insecure Direct Object References | ||
Insecure Management Interface | ||
Insecure Source Code Management | ||
JSON Web Token | ||
Kubernetes | ||
LaTeX Injection | ||
LDAP Injection | ||
Methodology and Resources | ||
NoSQL Injection | ||
OAuth | ||
Open Redirect | ||
Race Condition | ||
SAML Injection | ||
Server Side Request Forgery | ||
Server Side Template Injection | ||
SQL Injection | ||
Type Juggling | ||
Upload Insecure Files | ||
Web Cache Deception | ||
Web Sockets | ||
XPATH Injection | ||
XSLT Injection | ||
XSS Injection | ||
XXE Injection | ||
.gitignore | ||
BOOKS.md | ||
LICENSE | ||
README.md | ||
YOUTUBE.md |
Payloads All The Things
A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I ❤️ pull requests :)
You can also contribute with a 🍻 IRL
Every section contains the following files, you can use the _template_vuln
folder to create a new chapter:
- README.md - vulnerability description and how to exploit it
- Intruder - a set of files to give to Burp Intruder
- Images - pictures for the README.md
- Files - some files referenced in the README.md
You might also like the Methodology and Resources
folder :
- Methodology and Resources
- Active Directory Attack.md
- Cloud - AWS Pentest.md
- Cloud - Azure Pentest.md
- Cobalt Strike - Cheatsheet.md
- Linux - Persistence.md
- Linux - Privilege Escalation.md
- Metasploit - Cheatsheet.md
- Methodology and enumeration.md
- Network Pivoting Techniques.md
- Network Discovery.md
- Reverse Shell Cheatsheet.md
- Subdomains Enumeration.md
- Windows - Download and Execute.md
- Windows - Mimikatz.md
- Windows - Persistence.md
- Windows - Post Exploitation Koadic.md
- Windows - Privilege Escalation.md
- Windows - Using credentials.md
- CVE Exploits
You want more ? Check the Books and Youtube videos selections.