ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-01-31 07:27:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
bb98bd9339
PayloadsAllTheThings/README.md
Swissky b57c7c9e3d README - Youtube references
2017-03-30 20:24:48 +02:00

53 lines
2.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Payloads All The Things
A list of useful payloads and bypasses for Web Application Security.
Feel free to improve with your payloads and techniques !
I <3 pull requests :)
# Tools
* [Web Developper](https://addons.mozilla.org/en-Gb/firefox/addon/web-developer/)
* [Hackbar](https://addons.mozilla.org/en-Gb/firefox/addon/hackbar/?src=search)
* [Burp Proxy](https://portswigger.net)
* [Fiddler](https://www.telerik.com/download/fiddler)
* [DirBuster](https://sourceforge.net/projects/dirbuster/)
* [GoBuster](https://github.com/OJ/gobuster)
* [Knockpy](https://github.com/guelfoweb/knock)
* [SQLmap](http://sqlmap.org)
* [Eyewitness](https://github.com/ChrisTruncer/EyeWitness)
* [Nikto](https://cirt.net/nikto2)
* [Recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng)
* [Wappalyzer](https://wappalyzer.com/download)
# More resources
Book's list:
* [Web Hacking 101](https://leanpub.com/web-hacking-101)
* [The Web Application Hacker's Handbook](https://www.amazon.fr/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470)
* [OWASP Testing Guide v4](https://www.owasp.org/index.php/OWASP_Testing_Project)
* [Penetration Testing: A Hands-On Introduction to Hacking](http://amzn.to/2dhHTSn)
* [The Hacker Playbook 2: Practical Guide to Penetration Testing](http://amzn.to/2d9wYKa)
* [The Mobile Application Hackers Handbook](http://amzn.to/2cVOIrE)
Blogs/Websites
* http://blog.zsec.uk/101-web-testing-tooling/
* https://blog.innerht.ml
* https://blog.zsec.uk
* https://www.exploit-db.com/google-hacking-database
* https://www.arneswinnen.net
* https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter/1102
Youtube
* [Hunting for Top Bounties - Nicolas Grégoire](https://www.youtube.com/watch?v=mQjTgDuLsp4)
* [BSidesSF 101 The Tales of a Bug Bounty Hunter - Arne Swinnen](https://www.youtube.com/watch?v=dsekKYNLBbc)
* [Security Fest 2016 The Secret life of a Bug Bounty Hunter - Frans Rosén](https://www.youtube.com/watch?v=KDo68Laayh8)
Practice
* [Root-Me](https://www.root-me.org)
* [Zenk-Security](https://www.zenk-security.com/epreuves.php)
* [W3Challs](https://w3challs.com/)
* [NewbieContest](https://www.newbiecontest.org/)
* [Vulnhub](https://www.vulnhub.com/)
* [The Cryptopals Crypto Challenges](https://cryptopals.com/)
* [Penetration Testing Practice Labs](http://www.amanhardikar.com/mindmaps/Practice.html)
* [alert(1) to win](https://alf.nu/alert1)
* [Hacksplaining](https://www.hacksplaining.com/exercises)
* [PentesterLab :Learn Web Penetration Testing: The Right Way](https://pentesterlab.com/)
Reference in New Issue View Git Blame Copy Permalink