Nytro Posted August 29, 2017 Report Posted August 29, 2017 Payloads All The Things A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I <3 pull requests Tools Kali Linux Web Developper Hackbar Burp Proxy Fiddler DirBuster GoBuster Knockpy SQLmap Nikto Nessus Recon-ng Wappalyzer Metasploit Docker docker pull remnux/metasploit - docker-metasploit docker pull paoloo/sqlmap - docker-sqlmap docker pull kalilinux/kali-linux-docker official Kali Linux docker pull owasp/zap2docker-stable - official OWASP ZAP docker pull wpscanteam/wpscan - official WPScan docker pull infoslack/dvwa - Damn Vulnerable Web Application (DVWA) docker pull danmx/docker-owasp-webgoat - OWASP WebGoat Project docker image docker pull opendns/security-ninjas - Security Ninjas docker pull ismisepaul/securityshepherd - OWASP Security Shepherd docker-compose build && docker-compose up - OWASP NodeGoat docker pull citizenstig/nowasp - OWASP Mutillidae II Web Pen-Test Practice Application docker pull bkimminich/juice-shop - OWASP Juice Shop More resources Book's list: Web Hacking 101 OWASP Testing Guide v4 Penetration Testing: A Hands-On Introduction to Hacking The Hacker Playbook 2: Practical Guide to Penetration Testing The Mobile Application Hacker’s Handbook Black Hat Python: Python Programming for Hackers and Pentesters Metasploit: The Penetration Tester's Guide The Database Hacker's Handbook, David Litchfield et al., 2005 The Shellcoders Handbook by Chris Anley et al., 2007 The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009 The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011 iOS Hackers Handbook by Charlie Miller et al., 2012 Android Hackers Handbook by Joshua J. Drake et al., 2014 The Browser Hackers Handbook by Wade Alcorn et al., 2014 The Mobile Application Hackers Handbook by Dominic Chell et al., 2015 Car Hacker's Handbook by Craig Smith, 2016 Blogs/Websites http://blog.zsec.uk/101-web-testing-tooling/ https://blog.innerht.ml https://blog.zsec.uk https://www.exploit-db.com/google-hacking-database https://www.arneswinnen.net https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter/1102 Youtube Hunting for Top Bounties - Nicolas Grégoire BSidesSF 101 The Tales of a Bug Bounty Hunter - Arne Swinnen Security Fest 2016 The Secret life of a Bug Bounty Hunter - Frans Rosén Practice Root-Me Zenk-Security W3Challs NewbieContest Vulnhub The Cryptopals Crypto Challenges Penetration Testing Practice Labs alert(1) to win Hacksplaining HackThisSite PentesterLab : Learn Web Penetration Testing: The Right Way Bug Bounty HackerOne BugCrowd Bounty Factory List of Bounty Program Sursa: https://github.com/swisskyrepo/PayloadsAllTheThings 2 2 Quote
