Git All the Payloads! A collection of web attack payloads. 20160416
来源:互联网 发布:淘宝信誉评级购物历史 编辑:程序博客网 时间:2024/05/22 05:14
https://github.com/foospidy/payloads
payloads
Git All the Payloads! A collection of web attack payloads. Pull requests are welcome!
Usage
run ./get.sh
to download external payloads and unzip any payload files that are compressed.
Payload Credits
- fuzzdb - https://github.com/fuzzdb-project/fuzzdb
- SecLists - https://github.com/danielmiessler/SecLists
- xsuperbug - https://github.com/xsuperbug/payloads
- NickSanzotta - https://github.com/NickSanzotta/BurpIntruder
- 7ioSecurity - https://github.com/7ioSecurity/XSS-Payloads
- shadsidd - https://github.com/shadsidd
- shikari1337 - https://www.shikari1337.com/list-of-xss-payloads-for-cross-site-scripting/
- xmendez - https://github.com/xmendez/wfuzz
OWASP
- dirbuster - https://www.owasp.org/index.php/DirBuster
- fuzzing_code_database - https://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database
- JBroFuzz - https://www.owasp.org/index.php/JBroFuzz
Other
- xss/jsf__k.txt - http://www.jsfuck.com/
- xss/kirankarnad.txt - https://www.linkedin.com/pulse/20140812222156-79939846-xss-vectors-you-may-need-as-a-pen-tester
- xss/packetstorm.txt - https://packetstormsecurity.com/files/112152/Cross-Site-Scripting-Payloads.html
- xss/smeegessec.com.txt - http://www.smeegesec.com/2012/06/collection-of-cross-site-scripting-xss.html
- xss/d3adend.org.txt - http://d3adend.org/xss/ghettoBypass
- xss/soaj1664ashar.txt - http://pastebin.com/u6FY1xDA
- xss/billsempf.txt - https://www.sempf.net/post/Six-hundred-and-sixty-six-XSS-vectors-suitable-for-attacking-an-API.aspx (http://pastebin.com/48WdZR6L)
- xss/787373.txt - https://84692bb0df6f30fc0687-25dde2f20b8e8c1bda75aeb96f737eae.ssl.cf1.rackcdn.com/--xss.html
- xss/bhandarkar.txt - http://hackingforsecurity.blogspot.com/2013/11/xss-cheat-sheet-huge-list.html
- xss/xssdb.txt - http://xssdb.net/xssdb.txt
- xss/0xsobky.txt - https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot
- xss/secgeek.txt - https://www.secgeek.net/solutions-for-xss-waf-challenge/
- xss/reddit_xss_get.txt - All XSS GET requests from https://www.reddit.com/r/xss (as of 3/30/2016)
- sqli/camoufl4g3.txt - https://github.com/camoufl4g3/SQLi-payload-Fuzz3R/blob/master/payloads.txt
- sqli/c0rni3sm.txt - http://c0rni3sm.blogspot.in/2016/02/a-quite-rare-mssql-injection.html
ctf
Requests extracted from either packet captures or log files of capture the flag (ctf) events. Mostly raw data so not all requests are actual payloads, however requests should be deduplicated.
- maccdc2012.txt - Mid-Atlantic CCDC (http://maccdc.org/), source:http://www.netresec.com/?page=MACCDC
Miscellaneous
- XSS references that may overlap with sources already included above:
- https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
- http://htmlpurifier.org/live/smoketests/xssAttacks.php
0 0
- Git All the Payloads! A collection of web attack payloads. 20160416
- Metasploit - Custom Payloads
- sql注入payloads
- 创建Metasploit Payloads
- Solr 迟到的Payloads
- Guide to understanding XSS – XSS payloads, attack vectors, BeEF hooking, MiTM with Shank and some hi
- Metasploit功能程序------payloads、encoder、Nasm shell
- 802.11 Bindings and Payloads (Cisco Wireless LAN Controllers
- find all the permutation of a string
- A mask of the web~
- Ch8.3: find all the subsets of a set
- A collection of iOS7 animation controllers and interaction controllers, providing flip, fold and all
- Given a collection of distinct numbers, return all possible permutations.排列组合
- All of the previous
- The Beginning Of All
- 如何手动将Metasploit的Payloads注入到Android应用中
- All of a Sudden
- HibernateException - A collection with cascade="all-delete-orphan" was no longer referenced by the o
- 2106/04/16练习赛(四)
- 用java代码将阿拉伯数字金额转换成中文大写
- Java基础复习(三)
- 齐全的颜色中文叫法 RGB值
- Visible.GONE
- Git All the Payloads! A collection of web attack payloads. 20160416
- Android Studio 修改项目包名(最后一级)
- SVD分解的几何意义
- Mysql忘记密码,成功找回的经过!
- Java Nio 十五、Java NIO Path
- 指针和引用的区别
- [Nova] nova-scheduler 组件源码解析--源码结构图和各个模块的介绍。
- iosiOS中的自动布局——autoLayout
- ES6-Proxy与Reflect 实现重载(overload)