mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 18:36:10 +00:00
47 lines
2.1 KiB
Markdown
47 lines
2.1 KiB
Markdown
# Payloads All The Things
|
||
A list of useful payloads and bypasses for Web Application Security.
|
||
Feel free to improve with your payloads and techniques !
|
||
I <3 pull requests :)
|
||
|
||
# Tools
|
||
|
||
* [Web Developper](https://addons.mozilla.org/en-Gb/firefox/addon/web-developer/)
|
||
* [Hackbar](https://addons.mozilla.org/en-Gb/firefox/addon/hackbar/?src=search)
|
||
* [Burp Proxy](https://portswigger.net)
|
||
* [Fiddler](https://www.telerik.com/download/fiddler)
|
||
* [DirBuster](https://sourceforge.net/projects/dirbuster/)
|
||
* [GoBuster](https://github.com/OJ/gobuster)
|
||
* [Knockpy](https://github.com/guelfoweb/knock)
|
||
* [SQLmap](http://sqlmap.org)
|
||
* [Eyewitness](https://github.com/ChrisTruncer/EyeWitness)
|
||
* [Nikto](https://cirt.net/nikto2)
|
||
* [Recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng)
|
||
* [Wappalyzer](https://wappalyzer.com/download)
|
||
|
||
# More resources
|
||
Book's list:
|
||
* [Web Hacking 101](https://leanpub.com/web-hacking-101)
|
||
* [The Web Application Hacker's Handbook](https://www.amazon.fr/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470)
|
||
* [OWASP Testing Guide v4](https://www.owasp.org/index.php/OWASP_Testing_Project)
|
||
* [Penetration Testing: A Hands-On Introduction to Hacking](http://amzn.to/2dhHTSn)
|
||
* [The Hacker Playbook 2: Practical Guide to Penetration Testing](http://amzn.to/2d9wYKa)
|
||
* [The Mobile Application Hacker’s Handbook](http://amzn.to/2cVOIrE)
|
||
|
||
Blogs/Websites
|
||
* http://blog.zsec.uk/101-web-testing-tooling/
|
||
* https://blog.innerht.ml
|
||
* https://blog.zsec.uk
|
||
* https://www.exploit-db.com/google-hacking-database
|
||
* https://www.arneswinnen.net
|
||
* https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter/1102
|
||
|
||
Practice
|
||
* [Root-Me](https://www.root-me.org)
|
||
* [Zenk-Security](https://www.zenk-security.com/epreuves.php)
|
||
* [W3Challs](https://w3challs.com/)
|
||
* [NewbieContest](https://www.newbiecontest.org/)
|
||
* [Vulnhub](https://www.vulnhub.com/)
|
||
* [The Cryptopals Crypto Challenges](https://cryptopals.com/)
|
||
* [Penetration Testing Practice Labs](http://www.amanhardikar.com/mindmaps/Practice.html)
|
||
* [alert(1) to win](https://alf.nu/alert1)
|
||
* [Hacksplaining](https://www.hacksplaining.com/exercises) |