PayloadsAllTheThings/README.md

Payloads All The Things

A list of usefull payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I <3 pull requests :)

Last modifications :

• XSS paylods improved
• Methodology added
• AWS Bucket added

Extract nice bypass from https://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/

Tools

• Web Developper
• Hackbar
• Burp Proxy
• Fiddler
• DirBuster
• GoBuster
• Knockpy
• SQLmap
• Eyewitness
• Nikto
• Recon-ng
• Wappalyzer

More resources

Book's list:

• Web Hacking 101 - https://leanpub.com/web-hacking-101
• The Web Application Hacker's Handbook - https://www.amazon.fr/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470

Blogs/Websites

• http://blog.zsec.uk/101-web-testing-tooling/
• https://blog.innerht.ml
• https://blog.zsec.uk
• https://www.exploit-db.com/google-hacking-database
• https://www.arneswinnen.net