105
GitHub - swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass...
source link: https://github.com/swisskyrepo/PayloadsAllTheThings
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
README.md
Payloads All The Things
A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I <3 pull requests :)
All sections contain:
- README.md - vulnerability description and how to exploit it
- Intruders - a set of files to give to Burp Intruder
- Some exploits
You might also like :
- [Methodology and Resources](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology and Resources/)
- [CVE Exploits](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/CVE Exploits)
- Shellshock
- HeartBleed
- Apache Struts 2
Tools
- Kali Linux
- Web Developper
- Hackbar
- Burp Proxy
- Fiddler
- DirBuster
- GoBuster
- Knockpy
- SQLmap
- Nikto
- Nessus
- Recon-ng
- Wappalyzer
- Metasploit
Online Challenges
- Hack The Box
- Root-Me
- Zenk-Security
- W3Challs
- NewbieContest
- Vulnhub
- The Cryptopals Crypto Challenges
- Penetration Testing Practice Labs
- alert(1) to win
- Hacksplaining
- HackThisSite
- PentesterLab : Learn Web Penetration Testing: The Right Way
Bug Bounty
Docker
Command Linkdocker pull remnux/metasploit
docker-metasploit
docker pull paoloo/sqlmap
docker-sqlmap
docker pull kalilinux/kali-linux-docker
official Kali Linux
docker pull owasp/zap2docker-stable
official OWASP ZAP
docker pull wpscanteam/wpscan
official WPScan
docker pull infoslack/dvwa
Damn Vulnerable Web Application (DVWA)
docker pull danmx/docker-owasp-webgoat
OWASP WebGoat Project docker image
docker pull opendns/security-ninjas
Security Ninjas
docker pull ismisepaul/securityshepherd
OWASP Security Shepherd
docker-compose build && docker-compose up
OWASP NodeGoat
docker pull citizenstig/nowasp
OWASP Mutillidae II Web Pen-Test Practice Application
docker pull bkimminich/juice-shop
OWASP Juice Shop
More resources
Book's list:
- Web Hacking 101
- OWASP Testing Guide v4
- Penetration Testing: A Hands-On Introduction to Hacking
- The Hacker Playbook 2: Practical Guide to Penetration Testing
- The Mobile Application Hacker’s Handbook
- Black Hat Python: Python Programming for Hackers and Pentesters
- Metasploit: The Penetration Tester's Guide
- The Database Hacker's Handbook, David Litchfield et al., 2005
- The Shellcoders Handbook by Chris Anley et al., 2007
- The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009
- The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011
- iOS Hackers Handbook by Charlie Miller et al., 2012
- Android Hackers Handbook by Joshua J. Drake et al., 2014
- The Browser Hackers Handbook by Wade Alcorn et al., 2014
- The Mobile Application Hackers Handbook by Dominic Chell et al., 2015
- Car Hacker's Handbook by Craig Smith, 2016
Blogs/Websites
- http://blog.zsec.uk/101-web-testing-tooling/
- https://blog.innerht.ml
- https://blog.zsec.uk
- https://www.exploit-db.com/google-hacking-database
- https://www.arneswinnen.net
- https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter/1102
### Youtube
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK