mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 10:26:09 +00:00
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
bountybugbountybypasscheatsheetenumerationhackinghacktoberfestmethodologypayloadpayloadspenetration-testingpentestprivilege-escalationredteamsecurityvulnerabilityweb-application
CRLF injection | ||
CSV injection | ||
CVE Shellshock Heartbleed | ||
NoSQL injection | ||
Open redirect | ||
PHP include | ||
PHP juggling type | ||
PHP serialization | ||
Remote commands execution | ||
SQL injection | ||
SSRF injection | ||
Tar commands execution | ||
Traversal directory | ||
Upload insecure files | ||
XSS injection | ||
XXE injections | ||
.gitignore | ||
Methodology_and_enumeration.md | ||
README.md |
Payloads All The Things
A list of usefull payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I <3 pull requests :)
Last modifications :
- XSS paylods improved
- CRLF payloads improved
- SQLi payloads improved
- Enumeration added (WIP)
Tools
- Web Developper
- Hackbar
- Burp Proxy
- Fiddler
- DirBuster
- GoBuster
- Knockpy
- SQLmap
- Eyewitness
- Nikto
- Recon-ng
- Wappalyzer
More resources
Book's list:
- Web Hacking 101 - https://leanpub.com/web-hacking-101
- The Web Application Hacker's Handbook - https://www.amazon.fr/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470
Blogs/Websites