Exploitation: Difference between revisions
Jump to navigation
Jump to search
m (→Destruction) |
m (→Payloads) |
||
(4 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
* https://github.com/swisskyrepo/PayloadsAllTheThings | * https://github.com/swisskyrepo/PayloadsAllTheThings | ||
* https://github.com/payloadbox | * https://github.com/payloadbox | ||
* WAF bypass payloads: https://github.com/waf-bypass-maker/waf-community-bypasses | |||
=== Metasploit === | === Metasploit === | ||
* | * Install on server: https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html | ||
=== Public exploits === | === Public exploits === | ||
Line 14: | Line 15: | ||
* Tamper agent scripts for sqlmap (WAF bypass): https://forum.bugcrowd.com/t/sqlmap-tamper-scripts-sql-injection-and-waf-bypass/423 | * Tamper agent scripts for sqlmap (WAF bypass): https://forum.bugcrowd.com/t/sqlmap-tamper-scripts-sql-injection-and-waf-bypass/423 | ||
* https://github.com/r0oth3x49/ghauri | * https://github.com/r0oth3x49/ghauri | ||
* SQL Injection & XSS Playground: https://www.ired.team/offensive-security-experiments/offensive-security-cheetsheets/sql-injection-xss-playground#classic-sql-injection | |||
=== Cross-site scripting (XSS) === | === Cross-site scripting (XSS) === | ||
* https://github.com/s0md3v/XSStrike | * https://github.com/s0md3v/XSStrike | ||
*https://github.com/mandatoryprogrammer/xsshunter | * https://github.com/mandatoryprogrammer/xsshunter | ||
* https://www.ired.team/offensive-security-experiments/offensive-security-cheetsheets/sql-injection-xss-playground#xss | |||
=== Command Injection === | === Command Injection === | ||
Line 24: | Line 27: | ||
=== SSRF === | === SSRF === | ||
* https://github.com/swisskyrepo/SSRFmap | * https://github.com/swisskyrepo/SSRFmap | ||
Latest revision as of 14:33, 1 August 2023
Payloads
- https://github.com/swisskyrepo/PayloadsAllTheThings
- https://github.com/payloadbox
- WAF bypass payloads: https://github.com/waf-bypass-maker/waf-community-bypasses
Metasploit
- Install on server: https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html
Public exploits
SQL injection (SQLi)
- https://github.com/sqlmapproject/sqlmap
- Tamper agent scripts for sqlmap (WAF bypass): https://forum.bugcrowd.com/t/sqlmap-tamper-scripts-sql-injection-and-waf-bypass/423
- https://github.com/r0oth3x49/ghauri
- SQL Injection & XSS Playground: https://www.ired.team/offensive-security-experiments/offensive-security-cheetsheets/sql-injection-xss-playground#classic-sql-injection
Cross-site scripting (XSS)
- https://github.com/s0md3v/XSStrike
- https://github.com/mandatoryprogrammer/xsshunter
- https://www.ired.team/offensive-security-experiments/offensive-security-cheetsheets/sql-injection-xss-playground#xss