PayloadsAllTheThings' Team pull requests :) Feel free to improve with your payloads and techniques !
You can also contribute with a IRL, or using the sponsor button.
Pull Requests Guidelines
In order to provide the safest payloads for the community, the following rules must be followed for every Pull Request.
- Payloads must be sanitized
whoami, for RCE Proof of Concepts
[REDACTED]when the user has to replace a domain for a callback. E.g: XSSHunter, BurpCollaborator etc.
10.10.10.11when the payload require IP addresses
Administratorfor privileged users and
Userfor normal account
passwordas default passwords for your examples
- Prefer commonly used name for machines such as
- References must have an
dateis not mandatory but appreciated :)
Every section should contains the following files, you can use the
_template_vuln folder to create a new technique folder:
- README.md - vulnerability description and how to exploit it, including several payloads, more below
- Intruder - a set of files to give to Burp Intruder
- Images - pictures for the README.md
- Files - some files referenced in the README.md
Use the following example to create a new technique
# Vulnerability Title > Vulnerability description ## Summary * [Tools](#tools) * [Something](#something) * [Subentry 1](#sub1) * [Subentry 2](#sub2) * [References](#references) ## Tools - [Tool 1](https://example.com) - [Tool 2](https://example.com) ## Something Quick explanation ### Subentry 1 Something about the subentry 1 ## References - [Blog title - Author, Date](https://example.com)