wanderer/ PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-05-06 12:56:08 +02:00
Code Issues Releases Activity
A list of useful payloads and bypass for Web Application Security and Pentest/CTF https://github.com/swisskyrepo/PayloadsAllTheThings
1,574 Commits 2 Branches 5 Tags 48 MiB
Python 86.2%
Ruby 6.4%
ASP.NET 3.8%
Classic ASP 1.4%
PHP 1.3%
Other 0.8%
Go to file
llamasoft 78ff651643 Add Linux evasion to its own article 
Linux evasion techniques were previously included as part of persistence,
but the number of techniques are varied enough where it likely should
be its own article.
 		2022-10-14 17:30:25 -04:00
.github Shadow Credentials 2022-08-05 12:00:41 +02:00
API Key Leaks Api Key Leaks: Add Trivy to tools section 2022-10-01 17:20:51 +02:00
AWS Amazon Bucket S3 update URL 0dayallday is not working, same article found in blackmarble.sh 2022-10-08 23:32:31 -05:00
Account Takeover update 10 password reset flaws URL 2022-10-08 23:30:31 -05:00
Argument Injection Update README.md 2022-10-11 18:49:17 +02:00
CORS Misconfiguration update 2022-10-01 19:56:49 +00:00
CRLF Injection Normalize Titles 2022-10-12 12:13:55 +02:00
CSRF Injection update 2022-10-01 19:56:49 +00:00
CSV Injection Normalize Titles 2022-10-12 12:13:55 +02:00
CVE Exploits Normalize Titles 2022-10-12 12:13:55 +02:00
Command Injection use web archive to retrieve a readable version of this website - currently unavailable 2022-10-08 23:31:43 -05:00
DNS Rebinding Add DNS rebinding 2021-10-27 16:19:56 -04:00
Dependency Confusion Windows Management Instrumentation Event Subscription 2022-04-24 15:01:18 +02:00
Directory Traversal Normalize Titles 2022-10-12 12:13:55 +02:00
File Inclusion use web archive to retrieve a readable version of this website - currently unavailable 2022-10-08 23:31:43 -05:00
GraphQL Injection Normalize Titles 2022-10-12 12:13:55 +02:00
HTTP Parameter Pollution fix: Fix spelling 2022-08-09 11:02:21 +02:00
Insecure Deserialization Normalize Titles 2022-10-12 12:13:55 +02:00
Insecure Direct Object References Update 2022-10-02 06:13:01 +00:00
Insecure Management Interface Normalize Titles 2022-10-12 12:13:55 +02:00
Insecure Source Code Management Normalize Titles 2022-10-12 12:13:55 +02:00
JSON Web Token Update 2022-10-02 06:13:01 +00:00
Java RMI Update README.md 2022-10-12 20:35:32 +02:00
Kubernetes fix: Fix spelling 2022-08-09 11:02:21 +02:00
LDAP Injection Normalize Titles 2022-10-12 12:13:55 +02:00
LaTeX Injection LaTeX Injection catcode 2022-02-22 15:57:04 +01:00
Methodology and Resources Add Linux evasion to its own article 2022-10-14 17:30:25 -04:00
NoSQL Injection Normalize Titles 2022-10-12 12:13:55 +02:00
OAuth Misconfiguration Normalize Titles 2022-10-12 12:13:55 +02:00
Open Redirect Update 2022-10-02 06:13:01 +00:00
Race Condition fix: Fix spelling 2022-08-09 11:02:21 +02:00
Request Smuggling add simple http smuggler generator for easiest manually exploitation 2022-09-16 02:30:57 +03:00
SAML Injection Add ZAP Addon in Tools 2022-05-01 00:47:18 +09:00
SQL Injection Normalize Titles 2022-10-12 12:13:55 +02:00
Server Side Request Forgery Update 2022-10-02 06:13:01 +00:00
Server Side Template Injection Normalize Titles 2022-10-12 12:13:55 +02:00
Tabnabbing Fix typos 2020-12-13 04:34:10 +11:00
Type Juggling Fixing TGS/ST 2022-09-06 10:03:49 +02:00
Upload Insecure Files Normalize Titles 2022-10-12 12:13:55 +02:00
Web Cache Deception Normalize Titles 2022-10-12 12:13:55 +02:00
Web Sockets Normalize Titles 2022-10-12 12:13:55 +02:00
XPATH Injection Normalize Titles 2022-10-12 12:13:55 +02:00
XSLT Injection fix: Fix spelling 2022-08-09 11:02:21 +02:00
XSS Injection Update XSS_Polyglots.txt 2022-10-05 09:45:15 +00:00
XXE Injection Add reference 2022-10-05 10:20:05 +02:00
_LEARNING_AND_SOCIALS .NET Deserialization 2022-10-11 21:52:46 +02:00
_template_vuln SAML exploitation + ASREP roasting + Kerbrute 2019-03-24 13:16:23 +01:00
.gitignore YAML Deserialization 2022-09-16 16:37:40 +02:00
CONTRIBUTING.md PR Guidelines + User Hunting + HopLa Configuration 2022-06-30 16:33:35 +02:00
LICENSE Create License 2019-05-25 16:27:35 +02:00
README.md Add Linux evasion to its own article 2022-10-14 17:30:25 -04:00

README.md

Payloads All The Things

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques !
I ❤️ pull requests :)

You can also contribute with a 🍻 IRL, or using the sponsor button

Sponsor Tweet

An alternative display version is available at PayloadsAllTheThingsWeb.

📖 Documentation

Every section contains the following files, you can use the _template_vuln folder to create a new chapter:

  • README.md - vulnerability description and how to exploit it, including several payloads
  • Intruder - a set of files to give to Burp Intruder
  • Images - pictures for the README.md
  • Files - some files referenced in the README.md

You might also like the Methodology and Resources folder :

You want more ? Check the Books and Youtube videos selections.

👨‍💻 Contributions

Be sure to read CONTRIBUTING.md

Thanks again for your contribution! ❤️

🧙‍♂️ Sponsors

This project is proudly sponsored by these companies.