ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-01-31 07:27:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
758 Commits 2 Branches 6 Tags 38 MiB
Python 83.8%
Ruby 6.3%
ASP.NET 3.8%
XSLT 2.6%
Classic ASP 1.4%
Other 1.9%
e37aff2fcd
Go to file
clem9669 e37aff2fcd
Add useful always existing windows file 
Adding always existing file in recent Windows machine. Ideal to test path traversal but nothing much interesting inside
2020-06-23 14:26:46 +00:00
_template_vuln SAML exploitation + ASREP roasting + Kerbrute 2019-03-24 13:16:23 +01:00
.github Update FUNDING.yml with buymeacoffee 2019-09-13 17:49:47 +02:00
API Key Leaks Windows Persistence 2020-06-01 21:37:32 +02:00
AWS Amazon Bucket S3 AWS Patterns 2020-02-23 20:58:53 +01:00
Command Injection clarification in 'bypass character filter' 2020-06-04 17:26:45 +02:00
CORS Misconfiguration Bind shell cheatsheet (Fix #194) 2020-05-24 14:09:46 +02:00
CRLF Injection Added Summary in CRLF 2019-12-17 22:12:35 +05:30
CSRF Injection Updated Summary and Fixed Broken Links in CSRF 2019-12-17 22:21:53 +05:30
CSV Injection HQL Injection + references update 2019-06-16 23:45:52 +02:00
CVE Exploits fixing typo in file name 2020-01-28 17:41:01 +00:00
Directory Traversal Add useful always existing windows file 2020-06-23 14:26:46 +00:00
File Inclusion added additional way to chain php filters 2020-02-20 06:40:30 -05:00
GraphQL Injection Fix - SSTI Payloads 2020-04-21 11:13:19 +02:00
Insecure Deserialization add more refs 2020-05-16 22:58:11 +02:00
Insecure Direct Object References Command injection rewritten 2019-04-21 19:50:50 +02:00
Insecure Management Interface Fix name's capitalization 2019-03-07 00:07:55 +01:00
Insecure Source Code Management ImageMagik Ghost Script + Typo git summary 2019-06-26 00:07:06 +02:00
JSON Web Token RoadRecon + JSON None refs 2020-04-17 16:34:51 +02:00
Kubernetes Docker escape and exploit 2020-03-29 16:48:09 +02:00
LaTeX Injection Fix name's capitalization 2019-03-07 00:07:55 +01:00
LDAP Injection add ruby script 2020-02-21 23:49:50 +01:00
Methodology and Resources Active Directory - Mitigations 2020-06-18 11:55:48 +02:00
NoSQL Injection Bind shell cheatsheet (Fix #194) 2020-05-24 14:09:46 +02:00
OAuth Masscan + AD password in description + ZSH revshell bugfix + Mimikatz lsass.dmp 2019-05-12 21:34:09 +02:00
Open Redirect Added new payloads 2019-11-14 18:26:35 +08:00
Race Condition Race Condition - First Draft 2020-01-26 12:43:59 +01:00
SAML Injection XSW 4 Fix #205 2020-05-12 14:27:25 +02:00
Server Side Request Forgery Added DNS Rebinding 2020-06-21 16:31:16 -05:00
Server Side Template Injection corrected a single quotation mark closure error 2020-05-29 18:35:22 +08:00
SQL Injection Bind shell cheatsheet (Fix #194) 2020-05-24 14:09:46 +02:00
Type Juggling Magic Hashes + SQL fuzz 2020-04-26 21:43:42 +02:00
Upload Insecure Files Update README.md 2020-05-14 00:10:12 +02:00
Web Cache Deception Fix dead youtube link 2019-10-02 20:09:41 -04:00
Web Sockets Added: Cross-Site WebSocket Hijacking (CSWSH) 2020-04-11 16:24:32 +02:00
XPATH Injection Bind shell cheatsheet (Fix #194) 2020-05-24 14:09:46 +02:00
XSLT Injection AD mitigations 2019-12-26 12:09:23 +01:00
XSS Injection Update README.md 2020-06-17 11:42:26 +04:30
XXE Injection XXE ref. refactor 2020-06-22 15:53:07 +02:00
.gitignore Shell IPv6 + Sandbox credential 2019-01-07 18:15:45 +01:00
BOOKS.md README rewrite : BOOKS and YOUTUBE 2019-05-12 22:43:42 +02:00
LICENSE Create License 2019-05-25 16:27:35 +02:00
README.md README - Summary update 2020-03-19 12:03:32 +01:00
YOUTUBE.md added Hacksplained's YT channel 2020-04-23 13:11:51 +02:00

README.md

Payloads All The Things

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I ❤️ pull requests :)

You can also contribute with a 🍻 IRL

Every section contains the following files, you can use the _template_vuln folder to create a new chapter:

  • README.md - vulnerability description and how to exploit it
  • Intruder - a set of files to give to Burp Intruder
  • Images - pictures for the README.md
  • Files - some files referenced in the README.md

You might also like the Methodology and Resources folder :

You want more ? Check the Books and Youtube videos selections.