PayloadsAllTheThings/CONTRIBUTING.md

CONTRIBUTING

PayloadsAllTheThings' Team ❤️ pull requests.

Feel free to improve with your payloads and techniques !

You can also contribute with a 🍻 IRL, or using the sponsor button.

Pull Requests Guidelines

In order to provide the safest payloads for the community, the following rules must be followed for every Pull Request.

• Payloads must be sanitized
  • Use id, and whoami, for RCE Proof of Concepts
  • Use [REDACTED] when the user has to replace a domain for a callback. E.g: XSSHunter, BurpCollaborator etc.
  • Use 10.10.10.10 and 10.10.10.11 when the payload require IP addresses
  • Use Administrator for privileged users and User for normal account
  • Use P@ssw0rd, Password123, password as default passwords for your examples
  • Prefer commonly used name for machines such as DC01, EXCHANGE01, WORKSTATION01, etc
• References must have an author, a title and a link. The date is not mandatory but appreciated :)

Every pull request will be checked with markdownlint to ensure consistent writing and Markdown best practices. You can validate your files locally using the following Docker command:

docker run -v $PWD:/workdir davidanson/markdownlint-cli2:v0.15.0 "**/*.md" --config .github/.markdownlint.json --fix

Techniques Folder

Every section should contains the following files, you can use the _template_vuln folder to create a new technique folder:

• README.md - vulnerability description and how to exploit it, including several payloads, more below
• Intruder - a set of files to give to Burp Intruder
• Images - pictures for the README.md
• Files - some files referenced in the README.md

README.md format

Use the example folder _template_vuln/. The main page is README.md.