wanderer/ PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-06-22 04:09:13 +02:00
Code Issues Releases Activity
1,522 Commits 2 Branches 5 Tags 55 MiB
Commit Graph

1522 Commits

Author SHA1 Message Date
Quentin Ligier 6bbdc85aa2
XXE: Improve the documentation 
- Add two references: "OWASP XXE prevention cheat sheet" and "XXE: How to become a Jedi"
- Describe the Parameters Laugh attack
- Expand the WAF bypass method with UTF-7
- Update the summary
 2022-10-03 17:14:22 +02:00
Swissky bbe4bbce05
Merge pull request #552 from swisskyrepo/hacktober-methodo-rework 
Methodology and enumeration rework
 2022-10-02 13:14:35 +02:00
Swissky 99a1304af9 Methodology and enumeration rework 2022-10-02 13:13:16 +02:00
Swissky 3f1689b9bc
Merge pull request #551 from swisskyrepo/hacktober-blind-ssti 
Blind SSTI Jinja
 2022-10-02 12:27:07 +02:00
Swissky 4ed3e3b6b9 Blind SSTI Jinja 2022-10-02 12:24:39 +02:00
Swissky 444d8ad169
Merge pull request #549 from InTruder-Sec/master 
Added PortSwigger Labs to the repo
 2022-10-02 12:16:08 +02:00
Swissky 6b9f6de7dd
Merge pull request #548 from mschader/patch-7 
Java RMI: Add remote-method-guesser to tools
 2022-10-02 12:14:51 +02:00
Deep Dhakate a670a26eea Update 2022-10-02 06:13:01 +00:00
Markus bd6a1b759a
Java RMI: Add remote-method-guesser to tools 
This also includes slight adjustments to the README.md to adhere to the current contribution example layout
 2022-10-01 22:04:49 +02:00
Deep Dhakate 9f0c70d46f update 2022-10-01 19:56:49 +00:00
Swissky 9d1421a6c3
Merge pull request #547 from mschader/patch-6 
Api Key Leaks: Add Trivy to tools section
 2022-10-01 19:01:47 +02:00
Markus b7d275d5b0
Api Key Leaks: Add Trivy to tools section 2022-10-01 17:20:51 +02:00
Swissky 72a8556dc9 NodeJS Serialization 2022-09-23 11:21:29 +02:00
Swissky 7a528ccb3f
Merge pull request #545 from noraj/patch-1 
Blind NoSQL scripts
 2022-09-23 00:38:05 +02:00
Alexandre ZANNI 7e2fa15462
Blind NoSQL scripts 
- add missing menu item
- use better string interpolation for python script
- add ruby script
 2022-09-23 00:36:41 +02:00
Swissky 2d30e22121 DPAPI - Data Protection API 2022-09-23 00:35:34 +02:00
Swissky 6b76c452a7
Merge pull request #544 from Processus-Thief/master 
update hekatomb to install with pip
 2022-09-22 16:12:23 +02:00
Processus Thief 8d564ff78b update hekatomb to install with pip 
hekatomb is now available on pypi to simplify its installation
 2022-09-22 16:10:20 +02:00
Swissky 097756da1c
Merge pull request #543 from noraj/patch-1 
add 3 template engines + add lang in menu
 2022-09-21 11:42:32 +02:00
Alexandre ZANNI 3e68276fb7
add 3 template engines + add lang in menu 2022-09-21 11:28:57 +02:00
Swissky c3421582bc
Merge pull request #542 from Processus-Thief/master 
Adding Hekatomb.py to DPAPI credentials stealing
 2022-09-20 22:31:07 +02:00
Processus Thief 885f8bdb8f Adding Hekatomb.py to DPAPI credentials stealing 
Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations.
Then it will download all DPAPI blob of all users from all computers.
Finally, it will extract domain controller private key through RPC uses it to decrypt all credentials.

More infos here : https://github.com/Processus-Thief/HEKATOMB
 2022-09-20 16:56:07 +02:00
Swissky 267713c0fb YAML Deserialization 2022-09-16 16:37:40 +02:00
Swissky e677f07197
Merge pull request #539 from dhmosfunk/master 
add a new tool for manually http request smuggling exploitation
 2022-09-16 08:53:00 +02:00
Dhmos Funk b4e7add674
add simple http smuggler generator for easiest manually exploitation 2022-09-16 02:30:57 +03:00
Dhmos Funk d5aed653e8
Update README.md 2022-09-14 18:05:31 +03:00
Swissky b8afbc8f92 Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings 2022-09-13 22:04:58 +02:00
Swissky c7dd67986c Oracle SQL 2022-09-13 22:04:21 +02:00
Swissky d32c48bad8
Merge pull request #538 from clem9669/master 
XSS: Adding brutelogic polyglot
 2022-09-13 15:03:34 +02:00
clem9669 88134256c8
Adding brutelogic polyglot 
Adding brutelogic polyglot from blog post.
 2022-09-13 11:58:10 +00:00
Swissky 0ca060c049
Merge pull request #537 from dhmosfunk/master 
Update the Postgresql time based payloads for database,table,columns extract
 2022-09-10 16:44:20 +02:00
Dhmos Funk aa89a909d1
Update PostgreSQL Injection.md 2022-09-10 15:56:31 +03:00
Swissky 38fa931b84
Merge pull request #525 from mrThe/patch-1 
Add boolean-error-based vector for the sqlite
 2022-09-07 14:02:54 +02:00
Swissky 7663594118
Update SQLite Injection.md 2022-09-07 14:02:38 +02:00
Swissky e11a37e6a2
Merge pull request #515 from vladko312/patch-1 
Added a new SSTI tool
 2022-09-07 14:01:09 +02:00
Swissky d24e3f2d61
Merge pull request #497 from kz-cyber/xss/angular-xss-2 
[update] Angular XSS payload
 2022-09-07 00:34:29 +02:00
Swissky b6e7210ee0
Merge pull request #501 from fantesykikachu/win-p3-revshell 
Add Windows Python3 Reverse Shell
 2022-09-06 23:23:50 +02:00
Swissky 86e8feca7c
Merge pull request #499 from p3n7a90n/NosqliPayloads 
Added basic SSJI paylods
 2022-09-06 23:17:12 +02:00
Swissky 26e9cb6dc1
Merge pull request #504 from MilyMilo/master 
Add new ruby yaml gadget chain
 2022-09-06 23:16:13 +02:00
Swissky fb7f10eab8
Merge pull request #485 from ajdumanhug/master 
SSRF: Don't encode entire IP
 2022-09-06 23:15:20 +02:00
Swissky 8d609b1460
Update README.md 2022-09-06 23:15:12 +02:00
Swissky 84fa229a44
Merge pull request #463 from nismo-s13/master 
Delete Parser & Curl < 7.54.png
 2022-09-06 23:13:55 +02:00
Swissky 3e8ef29223
Merge pull request #536 from CravateRouge/patch-1 
Update bloodyAD attacks
 2022-09-06 19:32:21 +02:00
CravateRouge dad7362da6
Update bloodyAD attacks 2022-09-06 19:13:34 +02:00
Swissky 191a72c57e Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings 2022-09-06 10:05:16 +02:00
Swissky 2be739ea4f Fixing TGS/ST 2022-09-06 10:03:49 +02:00
Swissky bdc2d55dd9
Merge pull request #533 from 0xsyr0/patch-1 
Quick fix for WSUS malicious patch
 2022-09-04 20:54:17 +02:00
Swissky 9e2471a472 SCCM Network Account 2022-09-04 20:51:23 +02:00
Swissky fae02107df Jetty RCE Credits 2022-09-04 14:24:16 +02:00
Swissky 4bc5f724b2 Moving learning resources into a specific folder 2022-09-03 16:17:23 +02:00