Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-04 02:20:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update _template_vuln page

Browse source
This commit is contained in:
Swissky 2024-11-13 13:39:19 +01:00
parent d6ce9cd317
commit dc349c10c3
5 changed files with 51 additions and 83 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
CONTRIBUTING.md
View file

@ -1,23 +1,30 @@
# CONTRIBUTING
PayloadsAllTheThings' Team :heart: pull requests :)
PayloadsAllTheThings' Team :heart: pull requests.
Feel free to improve with your payloads and techniques !
You can also contribute with a :beers: IRL, or using the sponsor button.
You can also contribute with a :beers: IRL, or using the [sponsor](https://github.com/sponsors/swisskyrepo) button.
## Pull Requests Guidelines
In order to provide the safest payloads for the community, the following rules must be followed for **every** Pull Request.
- Payloads must be sanitized
- Use `id`, and `whoami`, for RCE Proof of Concepts
- Use `[REDACTED]` when the user has to replace a domain for a callback. E.g: XSSHunter, BurpCollaborator etc.
- Use `10.10.10.10` and `10.10.10.11` when the payload require IP addresses
- Use `Administrator` for privileged users and `User` for normal account
- Use `P@ssw0rd`, `Password123`, `password` as default passwords for your examples
- Prefer commonly used name for machines such as `DC01`, `EXCHANGE01`, `WORKSTATION01`, etc
- Use `id`, and `whoami`, for RCE Proof of Concepts
- Use `[REDACTED]` when the user has to replace a domain for a callback. E.g: XSSHunter, BurpCollaborator etc.
- Use `10.10.10.10` and `10.10.10.11` when the payload require IP addresses
- Use `Administrator` for privileged users and `User` for normal account
- Use `P@ssw0rd`, `Password123`, `password` as default passwords for your examples
- Prefer commonly used name for machines such as `DC01`, `EXCHANGE01`, `WORKSTATION01`, etc
- References must have an `author`, a `title` and a `link`. The `date` is not mandatory but appreciated :)
Every pull request will be checked with `markdownlint` to ensure consistent writing and Markdown best practices. You can validate your files locally using the following Docker command:
```ps1
docker run -v $PWD:/workdir davidanson/markdownlint-cli2:v0.15.0 "**/*.md" --config .github/.markdownlint.json --fix
```
## Techniques Folder
Every section should contains the following files, you can use the `_template_vuln` folder to create a new technique folder:
@ -29,35 +36,4 @@ Every section should contains the following files, you can use the `_template_vu
## README.md format
Use the following example to create a new technique `README.md` file.
```markdown
# Vulnerability Title
> Vulnerability description
## Summary
* [Tools](#tools)
* [Something](#something)
* [Subentry 1](#sub1)
* [Subentry 2](#sub2)
* [References](#references)
## Tools
- [Tool 1](https://example.com)
- [Tool 2](https://example.com)
## Something
Quick explanation
### Subentry 1
Something about the subentry 1
## References
- [Blog title - Author, Date](https://example.com)
```
Use the example folder [_template_vuln/](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/_template_vuln/). The main page is [README.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/_template_vuln/README.md).

2
_LEARNING_AND_SOCIALS/BOOKS.md
View file

@ -50,4 +50,4 @@
- [The Web Application Hackers Handbook by D. Stuttard, M. Pinto (2011)](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html)
- [Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers by T.J. O'Connor (2012)](https://www.goodreads.com/book/show/16192263-violent-python)
- [Web Hacking 101](https://leanpub.com/web-hacking-101)
- [Windows Security Internals with PowerShell by James Forshaw (2024)](https://nostarch.com/windows-security-internals-powershell)
- [Windows Security Internals with PowerShell by James Forshaw (2024)](https://nostarch.com/windows-security-internals-powershell)

55
_LEARNING_AND_SOCIALS/TWITTER.md
View file

@ -1,33 +1,32 @@
# Twitter
# Twitter
Twitter is very common in the InfoSec area. Many advices and tips on bug hunting or CTF games are posted every day. It is worth following the feeds of some successful security researchers and hackers.
Twitter is very common in the InfoSec area. Many advices and tips on bug hunting or CTF games are posted every day. It is worth following the feeds of some successful security researchers and hackers.
## Accounts
### Accounts
- [@Stök - Bug bounty hunter, cybersecurity educational content creator](https://twitter.com/stokfredrik)
- [@NahamSec - Hacker & content creator & co-founder bugbountyforum and http://recon.dev](https://twitter.com/NahamSec)
- [@dawgyg - Bug bounty hunter, reformed blackhat, Synack red team member](https://twitter.com/thedawgyg)
- [@putsi - Bug bounty hunter and white hat hacker in Team ROT](https://twitter.com/putsi)
- [@thecybermentor - Offers cybersecurity and hacking courses](https://twitter.com/thecybermentor)
- [@InsiderPhD - PhD student, occasional bug bounty hunter & educational cyber security youtuber](https://twitter.com/InsiderPhD)
- [@LiveOverflow - Content creator and hacker producing videos on various IT security topics and participating in hacking contests](https://twitter.com/LiveOverflow)
- [@EdOverflow - Web developer, security researcher and triager for numerous vulnerability disclosure programs](https://twitter.com/edoverflow)
- [@r0bre - Bug Hunter for web- and systemsecurity, iOS Security researcher](https://twitter.com/r0bre)
- [@intigriti - European ethical hacking & bug bounty platform](https://twitter.com/intigriti)
- [@Hacker0x01 - American bug bounty platform](https://twitter.com/Hacker0x01)
- [@bugcrowd - Another american bug bounty platform](https://twitter.com/Bugcrowd)
- [@hakluke - Bug bounty hunter, content creator, creator of some great pentesting tools like hakrawler](https://twitter.com/hakluke)
- [@spaceraccoon - Security researcher and white hat hacker. Has worked on several bug bounty programs](https://twitter.com/spaceraccoonsec)
- [@samwcyo - Full time bug bounty hunter](https://twitter.com/samwcyo)
- [@Th3G3nt3lman - Security Research & Bug bounty hunter](https://twitter.com/Th3G3nt3lman)
- [@securinti - Dutch bug bounty hunter & head of hackers and bord member @ intigriti](https://twitter.com/securinti)
- [@jobertabma - Co-founder of HackerOne, security researcher](https://twitter.com/jobertabma)
- [@codingo_ - Global Head of Security Ops and Researcher Enablement bugcrowd, Maintainer of some great pentesting tools like NoSQLMap or VHostScan](https://twitter.com/codingo_)
- [@TomNomNom - security researcher, maintainer of many very useful pentesting tools](https://twitter.com/TomNomNom)
- [@orange_8361 - bug bounty hunter and security researcher, specialized on RCE bugs](https://twitter.com/orange_8361)
- [@d0nutptr - part-time bug hunter, Lead Security Engineer at graplsec](https://twitter.com/d0nutptr)
- [@filedescriptor - security researcher, bug hunter and content creator at 0xReconless](https://twitter.com/filedescriptor)
- [@0xReconless - Security research, blogs, and videos by filedescriptor, ngalongc & EdOverflow](https://twitter.com/0xReconless)
- [@pentest_swissky - Author of PayloadsAllTheThings & SSRFmap](https://twitter.com/pentest_swissky)
- [@bugcrowd - Another american bug bounty platform](https://twitter.com/Bugcrowd)
- [@codingo_ - Global Head of Security Ops and Researcher Enablement bugcrowd, Maintainer of some great pentesting tools like NoSQLMap or VHostScan](https://twitter.com/codingo_)
- [@d0nutptr - part-time bug hunter, Lead Security Engineer at graplsec](https://twitter.com/d0nutptr)
- [@dawgyg - Bug bounty hunter, reformed blackhat, Synack red team member](https://twitter.com/thedawgyg)
- [@EdOverflow - Web developer, security researcher and triager for numerous vulnerability disclosure programs](https://twitter.com/edoverflow)
- [@filedescriptor - security researcher, bug hunter and content creator at 0xReconless](https://twitter.com/filedescriptor)
- [@GentilKiwi - Author of Mimikatz & Kekeo](https://twitter.com/gentilkiwi)
- [@Hacker0x01 - American bug bounty platform](https://twitter.com/Hacker0x01)
- [@hakluke - Bug bounty hunter, content creator, creator of some great pentesting tools like hakrawler](https://twitter.com/hakluke)
- [@InsiderPhD - PhD student, occasional bug bounty hunter & educational cyber security youtuber](https://twitter.com/InsiderPhD)
- [@intigriti - European ethical hacking & bug bounty platform](https://twitter.com/intigriti)
- [@jobertabma - Co-founder of HackerOne, security researcher](https://twitter.com/jobertabma)
- [@LiveOverflow - Content creator and hacker producing videos on various IT security topics and participating in hacking contests](https://twitter.com/LiveOverflow)
- [@NahamSec - Hacker & content creator & co-founder bugbountyforum and http://recon.dev](https://twitter.com/NahamSec)
- [@orange_8361 - bug bounty hunter and security researcher, specialized on RCE bugs](https://twitter.com/orange_8361)
- [@pentest_swissky - Author of PayloadsAllTheThings & SSRFmap](https://twitter.com/pentest_swissky)
- [@putsi - Bug bounty hunter and white hat hacker in Team ROT](https://twitter.com/putsi)
- [@r0bre - Bug Hunter for web- and systemsecurity, iOS Security researcher](https://twitter.com/r0bre)
- [@samwcyo - Full time bug bounty hunter](https://twitter.com/samwcyo)
- [@securinti - Dutch bug bounty hunter & head of hackers and bord member @ intigriti](https://twitter.com/securinti)
- [@spaceraccoon - Security researcher and white hat hacker. Has worked on several bug bounty programs](https://twitter.com/spaceraccoonsec)
- [@Stök - Bug bounty hunter, cybersecurity educational content creator](https://twitter.com/stokfredrik)
- [@Th3G3nt3lman - Security Research & Bug bounty hunter](https://twitter.com/Th3G3nt3lman)
- [@thecybermentor - Offers cybersecurity and hacking courses](https://twitter.com/thecybermentor)
- [@TomNomNom - security researcher, maintainer of many very useful pentesting tools](https://twitter.com/TomNomNom)

3
_LEARNING_AND_SOCIALS/YOUTUBE.md
View file

@ -27,7 +27,6 @@
- [EP004: Bug Hunters | HACKING GOOGLE](https://youtu.be/IoXiXlCNoXg)
- [EP005: Project Zero | HACKING GOOGLE](https://youtu.be/My_13FXODdU)
## Conferences
- [Hunting for Top Bounties - Nicolas Grégoire](https://www.youtube.com/watch?v=mQjTgDuLsp4)
@ -37,4 +36,4 @@
- [Defcon Conference](https://www.youtube.com/user/DEFCONConference/videos)
- [x33fcon Conference](https://www.youtube.com/c/x33fcon)
- [Hack In Paris](https://www.youtube.com/user/hackinparis)
- [LeHack / HZV](https://www.youtube.com/user/hzvprod)
- [LeHack / HZV](https://www.youtube.com/user/hzvprod)

18
_template_vuln/README.md
View file

@ -11,12 +11,10 @@
* [Labs](#labs)
* [References](#references)
## Tools
- [username/tool1](https://github.com/username/tool1) - Description of the tool
- [username/tool2](https://github.com/username/tool2) - Description of the tool
* [username/tool1](https://github.com/username/tool1) - Description of the tool
* [username/tool2](https://github.com/username/tool2) - Description of the tool
## Methodology
@ -28,18 +26,14 @@ Exploit
### Subentry 1
### Subentry 2
## Labs
- [Company - Lab 1](#link-to-the-lab)
- [Company - Lab 2](#link-to-the-lab)
- [Company - Challenge 1](#link-to-the-challenge)
- [Company - Challenge 2](#link-to-the-challenge)
* [Root Me - Lab 1](https://root-me.org)
* [PortSwigger - Lab 2](https://portswigger.net)
* [HackTheBox - Lab 3](https://www.hackthebox.com)
## References
- [Blog title - Author (@handle) - Month XX, 202X](https://example.com)
* [Blog title - Author (@handle) - Month XX, 202X](https://example.com)