CONTRIBUTING
PayloadsAllTheThings' Team pull requests.
Feel free to improve with your payloads and techniques !
You can also contribute with a IRL, or using the sponsor button.
Pull Requests Guidelines
In order to provide the safest payloads for the community, the following rules must be followed for every Pull Request.
- Payloads must be sanitized
- Use
id
, andwhoami
, for RCE Proof of Concepts - Use
[REDACTED]
when the user has to replace a domain for a callback. E.g: XSSHunter, BurpCollaborator etc. - Use
10.10.10.10
and10.10.10.11
when the payload require IP addresses - Use
Administrator
for privileged users andUser
for normal account - Use
P@ssw0rd
,Password123
,password
as default passwords for your examples - Prefer commonly used name for machines such as
DC01
,EXCHANGE01
,WORKSTATION01
, etc
- Use
- References must have an
author
, atitle
, alink
and adate
- Use Wayback Machine if the reference is not available anymore.
- The date must be following the format
Month Number, Year
, e.g:December 25, 2024
- References to Github repositories must follow this format:
[author/tool](https://github.com/URL) - Description
Every pull request will be checked with markdownlint
to ensure consistent writing and Markdown best practices. You can validate your files locally using the following Docker command:
docker run -v $PWD:/workdir davidanson/markdownlint-cli2:v0.15.0 "**/*.md" --config .github/.markdownlint.json --fix
Techniques Folder
Every section should contains the following files, you can use the _template_vuln
folder to create a new technique folder:
- README.md: vulnerability description and how to exploit it, including several payloads, more below
- Intruder: a set of files to give to Burp Intruder
- Images: pictures for the README.md
- Files: some files referenced in the README.md
README.md Format
Use the example folder _template_vuln/ to create a new vulnerability document. The main page is README.md. It is organized with sections for a title and description of the vulnerability, along with a summary table of contents linking to the main sections of the document.
- Tools: Lists relevant tools with links to their repositories and brief descriptions.
- Methodology: Provides a quick overview of the approach used, with code snippets to demonstrate exploitation steps.
- Labs: References online platforms where similar vulnerabilities can be practiced, each with a link to the corresponding lab.
- References: Lists external resources, such as blog posts or articles, providing additional context or case studies related to the vulnerability.