mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-11-10 15:14:34 +00:00
bountybugbountybypasscheatsheetenumerationhackinghacktoberfestmethodologypayloadpayloadspenetration-testingpentestprivilege-escalationredteamsecurityvulnerabilityweb-application
ff3b45e0b7
I very strongly recommend adding LinPEAS to the enumeration tools. LinPEAS is arguably the best linux privesc enumeration tool out there. If you haven't used it, I'd try it out. It highlights all relevant information with color coded text, and you can pass it parameters to control the thoroughness of the scan. You should add WinPEAS for windows privesc as well. |
||
|---|---|---|
| .github | ||
| _template_vuln | ||
| Account Takeover | ||
| API Key Leaks | ||
| AWS Amazon Bucket S3 | ||
| Command Injection | ||
| CORS Misconfiguration | ||
| CRLF Injection | ||
| CSRF Injection | ||
| CSV Injection | ||
| CVE Exploits | ||
| Directory Traversal | ||
| File Inclusion | ||
| GraphQL Injection | ||
| Insecure Deserialization | ||
| Insecure Direct Object References | ||
| Insecure Management Interface | ||
| Insecure Source Code Management | ||
| JSON Web Token | ||
| Kubernetes | ||
| LaTeX Injection | ||
| LDAP Injection | ||
| Methodology and Resources | ||
| NoSQL Injection | ||
| OAuth | ||
| Open Redirect | ||
| Race Condition | ||
| Request Smuggling | ||
| SAML Injection | ||
| Server Side Request Forgery | ||
| Server Side Template Injection | ||
| SQL Injection | ||
| Tabnabbing | ||
| Type Juggling | ||
| Upload Insecure Files | ||
| Web Cache Deception | ||
| Web Sockets | ||
| XPATH Injection | ||
| XSLT Injection | ||
| XSS Injection | ||
| XXE Injection | ||
| .gitignore | ||
| BOOKS.md | ||
| CONTRIBUTING.md | ||
| LICENSE | ||
| README.md | ||
| YOUTUBE.md | ||
Payloads All The Things 
A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I ❤️ pull requests :)
You can also contribute with a 🍻 IRL, or using the sponsor button.
Every section contains the following files, you can use the _template_vuln folder to create a new chapter:
- README.md - vulnerability description and how to exploit it, including several payloads
- Intruder - a set of files to give to Burp Intruder
- Images - pictures for the README.md
- Files - some files referenced in the README.md
You might also like the Methodology and Resources folder :
- Methodology and Resources
- Active Directory Attack.md
- Cloud - AWS Pentest.md
- Cloud - Azure Pentest.md
- Cobalt Strike - Cheatsheet.md
- Linux - Persistence.md
- Linux - Privilege Escalation.md
- Metasploit - Cheatsheet.md
- Methodology and enumeration.md
- Network Pivoting Techniques.md
- Network Discovery.md
- Reverse Shell Cheatsheet.md
- Subdomains Enumeration.md
- Windows - Download and Execute.md
- Windows - Mimikatz.md
- Windows - Persistence.md
- Windows - Post Exploitation Koadic.md
- Windows - Privilege Escalation.md
- Windows - Using credentials.md
- CVE Exploits
You want more ? Check the Books and Youtube videos selections.