mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 18:36:10 +00:00
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
bountybugbountybypasscheatsheetenumerationhackinghacktoberfestmethodologypayloadpayloadspenetration-testingpentestprivilege-escalationredteamsecurityvulnerabilityweb-application
AWS Amazon Bucket S3 | ||
CRLF injection | ||
CSV injection | ||
CVE Shellshock Heartbleed | ||
Git Svn insecure files | ||
NoSQL injection | ||
OAuth | ||
Open redirect | ||
PHP include | ||
PHP juggling type | ||
PHP serialization | ||
Remote commands execution | ||
SQL injection | ||
SSRF injection | ||
Tar commands execution | ||
Traversal directory | ||
Upload insecure files | ||
Web cache deception | ||
XSS injection | ||
XXE injections | ||
.gitignore | ||
Methodology_and_enumeration.md | ||
README.md |
Payloads All The Things
A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I <3 pull requests :)
Tools
- Web Developper
- Hackbar
- Burp Proxy
- Fiddler
- DirBuster
- GoBuster
- Knockpy
- SQLmap
- Eyewitness
- Nikto
- Recon-ng
- Wappalyzer
More resources
Book's list:
- Web Hacking 101
- The Web Application Hacker's Handbook
- OWASP Testing Guide v4
- Penetration Testing: A Hands-On Introduction to Hacking
- The Hacker Playbook 2: Practical Guide to Penetration Testing
- The Mobile Application Hacker’s Handbook
Blogs/Websites
- http://blog.zsec.uk/101-web-testing-tooling/
- https://blog.innerht.ml
- https://blog.zsec.uk
- https://www.exploit-db.com/google-hacking-database
- https://www.arneswinnen.net
- https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter/1102
Practice