yrahman / PayloadsAllTheThings Public

forked from swisskyrepo/PayloadsAllTheThings

Notifications You must be signed in to change notification settings
Fork 0
Star 0

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

0 stars 14.8k forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 25 Commits
CRLF injection		CRLF injection
CSV injection		CSV injection
CVE Shellshock Heartbleed		CVE Shellshock Heartbleed
NoSQL injection		NoSQL injection
Open redirect		Open redirect
PHP include		PHP include
PHP juggling type		PHP juggling type
PHP serialization		PHP serialization
Remote commands execution		Remote commands execution
SQL injection		SQL injection
SSRF injection		SSRF injection
Tar commands execution		Tar commands execution
Traversal directory		Traversal directory
Upload insecure files		Upload insecure files
XSS injection		XSS injection
XXE files		XXE files
Enumeration_and_fingerprinting.md		Enumeration_and_fingerprinting.md
README.md		README.md

Repository files navigation

Payloads All The Things

A list of usefull payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I <3 pull requests :)

Last modifications :

XSS paylods improved
CRLF payloads improved
SQLi payloads improved
Enumeration added (WIP)

TODO : Basic methodology for hunting bugs and vulnerabilities

More resources

Book's list:

Web Hacking 101 - https://leanpub.com/web-hacking-101
The Web Application Hacker's Handbook - https://www.amazon.fr/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470

About

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Report repository

Releases

Packages

No packages published

Languages

Python 55.5%
HTML 39.6%
Ruby 3.8%
Other 1.1%