PayloadsAllTheThings/README.md

Payloads All The Things

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I <3 pull requests :)

Tools

• Web Developper
• Hackbar
• Burp Proxy
• Fiddler
• DirBuster
• GoBuster
• Knockpy
• SQLmap
• Eyewitness
• Nikto
• Recon-ng
• Wappalyzer

More resources

Book's list:

• Web Hacking 101
• The Web Application Hacker's Handbook
• OWASP Testing Guide v4
• Penetration Testing: A Hands-On Introduction to Hacking
• The Hacker Playbook 2: Practical Guide to Penetration Testing
• The Mobile Application Hacker’s Handbook

Blogs/Websites

• http://blog.zsec.uk/101-web-testing-tooling/
• https://blog.innerht.ml
• https://blog.zsec.uk
• https://www.exploit-db.com/google-hacking-database
• https://www.arneswinnen.net
• https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter/1102

Practice

• Root-Me
• Zenk-Security
• W3Challs
• NewbieContest
• Vulnhub
• The Cryptopals Crypto Challenges
• Penetration Testing Practice Labs
• alert(1) to win
• Hacksplaining