Git All the Payloads! A collection of web attack payloads. 20160416

来源：互联网发布：淘宝信誉评级购物历史编辑：程序博客网时间：2024/05/22 05:14

https://github.com/foospidy/payloads

payloads

Git All the Payloads! A collection of web attack payloads. Pull requests are welcome!

Usage

run ./get.sh to download external payloads and unzip any payload files that are compressed.

Payload Credits

fuzzdb - https://github.com/fuzzdb-project/fuzzdb
SecLists - https://github.com/danielmiessler/SecLists
xsuperbug - https://github.com/xsuperbug/payloads
NickSanzotta - https://github.com/NickSanzotta/BurpIntruder
7ioSecurity - https://github.com/7ioSecurity/XSS-Payloads
shadsidd - https://github.com/shadsidd
shikari1337 - https://www.shikari1337.com/list-of-xss-payloads-for-cross-site-scripting/
xmendez - https://github.com/xmendez/wfuzz

OWASP

dirbuster - https://www.owasp.org/index.php/DirBuster
fuzzing_code_database - https://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database
JBroFuzz - https://www.owasp.org/index.php/JBroFuzz

Other

xss/jsf__k.txt - http://www.jsfuck.com/
xss/kirankarnad.txt - https://www.linkedin.com/pulse/20140812222156-79939846-xss-vectors-you-may-need-as-a-pen-tester
xss/packetstorm.txt - https://packetstormsecurity.com/files/112152/Cross-Site-Scripting-Payloads.html
xss/smeegessec.com.txt - http://www.smeegesec.com/2012/06/collection-of-cross-site-scripting-xss.html
xss/d3adend.org.txt - http://d3adend.org/xss/ghettoBypass
xss/soaj1664ashar.txt - http://pastebin.com/u6FY1xDA
xss/billsempf.txt - https://www.sempf.net/post/Six-hundred-and-sixty-six-XSS-vectors-suitable-for-attacking-an-API.aspx (http://pastebin.com/48WdZR6L)
xss/787373.txt - https://84692bb0df6f30fc0687-25dde2f20b8e8c1bda75aeb96f737eae.ssl.cf1.rackcdn.com/--xss.html
xss/bhandarkar.txt - http://hackingforsecurity.blogspot.com/2013/11/xss-cheat-sheet-huge-list.html
xss/xssdb.txt - http://xssdb.net/xssdb.txt
xss/0xsobky.txt - https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot
xss/secgeek.txt - https://www.secgeek.net/solutions-for-xss-waf-challenge/
xss/reddit_xss_get.txt - All XSS GET requests from https://www.reddit.com/r/xss (as of 3/30/2016)
sqli/camoufl4g3.txt - https://github.com/camoufl4g3/SQLi-payload-Fuzz3R/blob/master/payloads.txt
sqli/c0rni3sm.txt - http://c0rni3sm.blogspot.in/2016/02/a-quite-rare-mssql-injection.html

ctf

Requests extracted from either packet captures or log files of capture the flag (ctf) events. Mostly raw data so not all requests are actual payloads, however requests should be deduplicated.

maccdc2012.txt - Mid-Atlantic CCDC (http://maccdc.org/), source:http://www.netresec.com/?page=MACCDC

Miscellaneous

XSS references that may overlap with sources already included above:
- https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
- http://htmlpurifier.org/live/smoketests/xssAttacks.php

0 0