payloads.md

opensource payloads

Collections

Uncategorized

• madhuakula/wincmdfu - Windows one line commands that make life easier, shortcuts and command line fu
• D4Vinci/One-Lin3r - Gives you one-liners that aids in penetration testing operations
• swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
• EdOverflow/bugbounty-cheatsheet - A list of interesting payloads, tips and tricks for bug bounty hunters
• 1N3/IntruderPayloads - A collection of Burpsuite Intruder payloads, fuzz lists and file uploads
• tennc/fuzzdb - 一个fuzzdb扩展库
• foospidy/payloads - Git All the Payloads! A collection of web attack payloads
• mdsecactivebreach/SharpShooter - Payload Generation Framework (phishing + metasploit)

XXE

• XXE Payloads

Host tools

• arntsonl/calc_security_poc - A sample of proof of concept scripts that run Calc.exe with full source code
• api0cradle/LOLBAS - Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
  • LOLBAS-Project/LOLBAS
• rootm0s/WinPwnage - Elevate, UAC bypass, persistence, privilege escalation, dll hijack techniques
• hfiref0x/UACME - Defeating Windows User Account Control
• Whitelist bypass
  • SafeBreach-Labs/BACE - Mapping of Binaries that allows Arbitrary Code Execution
  • api0cradle/UltimateAppLockerByPassList - The goal of this repository is to document the most common techniques to bypass AppLocker
  • GreatSCT/GreatSCT - an open source project to generate application white list bypasses

XSS

• Top 500 Most Important XSS Script Cheat Sheet for Web Application Penetration Testing
• twitter: itscachemoney - ways to alert
• Metnew/uxss-db - Universal Cross-site Scripting DB [+ other browser vulnerabilities]
• ismailtasdelen/xss-payload-list - Cross Site Scripting ( XSS ) Vulnerability Payload List
• aurainfosec/xss_payloads - XSS payloads for edge cases

Nodejs

• JSgen.py – bind and reverse shell JS code generator for SSJI in Node.js with filter bypass encodings

Exploits

• Mr5m1th/POC-Collect - 各种开源CMS 各种版本的漏洞以及EXP 该项目将不断更新
• 1N3/Findsploit - Find exploits in local and online databases instantly
• Lucifer1993/AngelSword - CMS exploit framework, 300+ exploits
• 0xsauby/yasuo - A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
• rezasp/vbscan - a Black Box vBulletin Vulnerability Scanner
• hatriot/clusterd - application server attack toolkit
• joaomatosf/jexboss - JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
• kkirsche/CVE-2017-10271 - Oracle WebLogic WLS-WSAT Remote Code Execution Exploit
• rezasp/joomscan - OWASP Joomla Vulnerability Scanner Project
• TheM4hd1/JCS - Joomla Vulnerability Component Scanner