A list of useful payloads

工具

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

https://github.com/swisskyrepo/PayloadsAllTheThings

Payloads All The Things

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I <3 pull requests 🙂

You can also contribute with a beer IRL or with buymeacoffee.com

Every section contains the following files, you can use the _template_vuln folder to create a new chapter:

  • README.md – vulnerability description and how to exploit it
  • Intruder – a set of files to give to Burp Intruder
  • Images – pictures for the README.md
  • Files – some files referenced in the README.md

You might also like :

Try Harder

Ever wonder where you can use your knowledge ? The following list will help you find “targets” to improve your skills.

Book’s list

Grab a book and relax, these ones are the best security books (in my opinion).

More resources

Blogs/Websites

Youtube

微信 OR 支付宝 扫描二维码
为本文作者 打个赏
pay_weixin pay_zhifubao
如果文章对您有帮助,欢迎打赏赞助作者
没有评论

发表评论

工具
信息收集框架(神器)

地址:https://osintframework.com/

工具
使用imxss接收跨域资源共享漏洞(CORS)窃取的信息

imxss是什么? ImXSS是国内首套Java研发的Xss跨站脚本测试平台。ImXSS前身是Xss …

工具
SecLists

SecLists是安全测试人员的伴侣。它是在安全评估期间使用的多种类型的字典的集合。字典类型包括用户 …