Exploitation: Difference between revisions

Payloads

• https://github.com/swisskyrepo/PayloadsAllTheThings
• https://github.com/payloadbox
• WAF bypass payloads: https://github.com/waf-bypass-maker/waf-community-bypasses

Metasploit

• Install on server: https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html

Public exploits

• https://www.kali.org/tools/exploitdb/#searchsploit

SQL injection (SQLi)

• https://github.com/sqlmapproject/sqlmap
• Tamper agent scripts for sqlmap (WAF bypass): https://forum.bugcrowd.com/t/sqlmap-tamper-scripts-sql-injection-and-waf-bypass/423
• https://github.com/r0oth3x49/ghauri
• SQL Injection & XSS Playground: https://www.ired.team/offensive-security-experiments/offensive-security-cheetsheets/sql-injection-xss-playground#classic-sql-injection

Cross-site scripting (XSS)

• https://github.com/hahwul/dalfox
• https://github.com/s0md3v/XSStrike
• https://github.com/mandatoryprogrammer/xsshunter
• https://www.ired.team/offensive-security-experiments/offensive-security-cheetsheets/sql-injection-xss-playground#xss

Command Injection

• https://github.com/commixproject/commix

SSRF

• https://github.com/swisskyrepo/SSRFmap