# CONTRIBUTING PayloadsAllTheThings' Team :heart: pull requests :) Feel free to improve with your payloads and techniques ! You can also contribute with a :beers: IRL, or using the sponsor button. ## Pull Requests Guidelines In order to provide the safest payloads for the community, the following rules must be followed for **every** Pull Request. - Payloads must be sanitized - Use `id`, and `whoami`, for RCE Proof of Concepts - Use `[REDACTED]` when the user has to replace a domain for a callback. E.g: XSSHunter, BurpCollaborator etc. - Use `10.10.10.10` and `10.10.10.11` when the payload require IP addresses - Use `Administrator` for privileged users and `User` for normal account - Use `P@ssw0rd`, `Password123`, `password` as default passwords for your examples - Prefer commonly used name for machines such as `DC01`, `EXCHANGE01`, `WORKSTATION01`, etc - References must have an `author`, a `title` and a `link`. The `date` is not mandatory but appreciated :) ## Techniques Folder Every section should contains the following files, you can use the `_template_vuln` folder to create a new technique folder: - README.md - vulnerability description and how to exploit it, including several payloads, more below - Intruder - a set of files to give to Burp Intruder - Images - pictures for the README.md - Files - some files referenced in the README.md ## README.md format Use the following example to create a new technique `README.md` file. ```markdown # Vulnerability Title > Vulnerability description ## Summary * [Tools](#tools) * [Something](#something) * [Subentry 1](#sub1) * [Subentry 2](#sub2) * [References](#references) ## Tools - [Tool 1](https://example.com) - [Tool 2](https://example.com) ## Something Quick explanation ### Subentry 1 Something about the subentry 1 ## References - [Blog title - Author, Date](https://example.com) ```