Payloads All The Things

A list of usefull payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I <3 pull requests :)

Last modifications :

• XSS paylods improved
• CRLF payloads improved
• SQLi payloads improved
• Enumeration added (WIP)

Tools

• Web Developper
• Hackbar
• Burp Proxy
• Fiddler
• DirBuster
• GoBuster
• Knockpy
• SQLmap
• Eyewitness
• Nikto
• Recon-ng
• Wappalyzer

More resources

Book's list:

• Web Hacking 101 - https://leanpub.com/web-hacking-101
• The Web Application Hacker's Handbook - https://www.amazon.fr/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470

Blogs/Websites

• http://blog.zsec.uk/101-web-testing-tooling/
• https://blog.innerht.ml
• https://blog.zsec.uk
• https://www.exploit-db.com/google-hacking-database
• https://www.arneswinnen.net