PayloadsAllTheThings/README.md
2017-02-27 20:03:11 +01:00

47 lines
2.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Payloads All The Things
A list of useful payloads and bypasses for Web Application Security.
Feel free to improve with your payloads and techniques !
I <3 pull requests :)
# Tools
* [Web Developper](https://addons.mozilla.org/en-Gb/firefox/addon/web-developer/)
* [Hackbar](https://addons.mozilla.org/en-Gb/firefox/addon/hackbar/?src=search)
* [Burp Proxy](https://portswigger.net)
* [Fiddler](https://www.telerik.com/download/fiddler)
* [DirBuster](https://sourceforge.net/projects/dirbuster/)
* [GoBuster](https://github.com/OJ/gobuster)
* [Knockpy](https://github.com/guelfoweb/knock)
* [SQLmap](http://sqlmap.org)
* [Eyewitness](https://github.com/ChrisTruncer/EyeWitness)
* [Nikto](https://cirt.net/nikto2)
* [Recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng)
* [Wappalyzer](https://wappalyzer.com/download)
# More resources
Book's list:
* [Web Hacking 101](https://leanpub.com/web-hacking-101)
* [The Web Application Hacker's Handbook](https://www.amazon.fr/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470)
* [OWASP Testing Guide v4](https://www.owasp.org/index.php/OWASP_Testing_Project)
* [Penetration Testing: A Hands-On Introduction to Hacking](http://amzn.to/2dhHTSn)
* [The Hacker Playbook 2: Practical Guide to Penetration Testing](http://amzn.to/2d9wYKa)
* [The Mobile Application Hackers Handbook](http://amzn.to/2cVOIrE)
Blogs/Websites
* http://blog.zsec.uk/101-web-testing-tooling/
* https://blog.innerht.ml
* https://blog.zsec.uk
* https://www.exploit-db.com/google-hacking-database
* https://www.arneswinnen.net
* https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter/1102
Practice
* [Root-Me](https://www.root-me.org)
* [Zenk-Security](https://www.zenk-security.com/epreuves.php)
* [W3Challs](https://w3challs.com/)
* [NewbieContest](https://www.newbiecontest.org/)
* [Vulnhub](https://www.vulnhub.com/)
* [The Cryptopals Crypto Challenges](https://cryptopals.com/)
* [Penetration Testing Practice Labs](http://www.amanhardikar.com/mindmaps/Practice.html)
* [alert(1) to win](https://alf.nu/alert1)
* [Hacksplaining](https://www.hacksplaining.com/exercises)