Git 所有有效载荷！Web 攻击负载的集合

有效载荷

Git 所有有效载荷！Web 攻击负载的集合。欢迎请求请求！

用法

运行./get.sh以下载外部有效负载并解压缩任何压缩的有效负载文件。

有效载荷学分

fuzzdb -

https://github.com/fuzzdb-project/fuzzdb

SecLists -

https://github.com/danielmiessler/SecLists

xsuperbug -

https://github.com/xsuperbug/payloads

NickSanzotta -

https://github.com/NickSanzotta/BurpIntruder

7ioSecurity -

https://github.com/7ioSecurity/XSS-Payloads

shadsidd -

https://github.com/shadsidd

shikari1337 -

https://www.shikari1337.com/list-of-xss-payloads-for-cross-site-scripting/

xmendez -

https://github.com/xmendez/wfuzz

minimaxir -

https://github.com/minimaxir/big-list-of-naughty-strings

xsscx -

https://github.com/xsscx/Commodity-Injection-Signatures

TheRook -

https://github.com/TheRook/subbrute

danielmiessler -

https://github.com/danielmiessler/RobotsDisallowed

FireFart -

https://github.com/FireFart/HashCollision-DOS-POC

HybrisDisaster -

https://github.com/HybrisDisaster/aspHashDoS

swisskyrepo -

https://github.com/swisskyrepo/PayloadsAllTheThings

1N3 -

https://github.com/1N3/IntruderPayloads

cujanovic -

https://github.com/cujanovic/Open-Redirect-Payloads

cujanovic -

https://github.com/cujanovic/Content-Bruteforcing-Wordlist

cujanovic -

https://github.com/cujanovic/subdomain-bruteforce-list

cujanovic -

https://github.com/cujanovic/CRLF-Injection-Payloads

cujanovic -

https://github.com/cujanovic/Virtual-host-wordlist

cujanovic -

https://github.com/cujanovic/dirsearch-wordlist

lavalamp- -

https://github.com/lavalamp-/password-lists

arnaudsoullie -

https://github.com/arnaudsoullie/ics-default-passwords

scadastrangelove -

https://github.com/scadastrangelove/SCADAPASS

让琴 -

https://github.com/jeanphorn/wordlist

j3ers3 -

https://github.com/j3ers3/PassList

nyxxxie -

https://github.com/nyxxxie/awesome-default-passwords

foospidy -

https://github.com/foospidy/web-cve-tests

terjanq -

https://github.com/terjanq/Tiny-XSS-Payloads

OWASP

dirbuster -

https://www.owasp.org/index.php/DirBuster

fuzzing_code_database -

https://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database

JBroFuzz -

https://www.owasp.org/index.php/JBroFuzz

其他

xss/ismailtasdelen.txt -

https://github.com/ismailtasdelen/xss-payload-list

xss/jsf__k.txt -

http://www.jsfuck.com/

xss/kirankarnad.txt -

https://www.linkedin.com/pulse/20140812222156-79939846-xss-vectors-you-may-need-as-a-pen-tester

xss/packetstorm.txt -

https://packetstormsecurity.com/files/112152/Cross-Site-Scripting-Payloads.html

xss/smeegesec.com.txt -

http://www.smeegesec.com/2012/06/collection-of-cross-site-scripting-xss.html

xss/d3adend.org.txt -

http://d3adend.org/xss/ghettoBypass

xss/soaj1664ashar.txt -

http://pastebin.com/u6FY1xDA

xss/billsempf.txt -

https://www.sempf.net/post/Six-hundred-and-sixty-six-XSS-vectors-suitable-for-attacking-an-API.aspx

(

http://pastebin. com/48WdZR6L

)

xss/787373.txt -

https://84692bb0df6f30fc0687-25dde2f20b8e8c1bda75aeb96f737eae.ssl.cf1.rackcdn.com/--xss.html

xss/bhandarkar.txt -

http://hackingforsecurity.blogspot.com/2013/11/xss-cheat-sheet-huge-list.html

xss/xssdb.txt -

http://xssdb.net/xssdb.txt

xss/0xsobky.txt -

https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot

xss/secgeek.txt -

https://www.secgeek.net/solutions-for-xss-waf-challenge/

xss/reddit_xss_get.txt - 来自

https://www.reddit.com/r/xss

的所有 XSS GET 请求（截至 2016 年 3 月 30 日）

xss/rafaybaloch.txt -

http://www.rafayhackingarticles.net/2016/09/breaking-great-wall-of-web-xss-waf.html

xss/alternume0.txt -

https://www.openbugbounty.org/reports/722726/

xss/XssPayloads -

https://twitter.com/XssPayloads

sqli/camoufl4g3.txt -

https://github.com/camoufl4g3/SQLi-payload-Fuzz3R/blob/master/payloads.txt

sqli/c0rni3sm.txt -

http://c0rni3sm.blogspot.in/2016/02/a-quite-rare-mssql-injection.html

sqli/sqlifuzzer.txt -

https://github.com/ContactLeft/sqlifuzzer/tree/master/payloads

sqli/harisec.txt -

https://hackerone.com/reports/297478

sqli/jstnkndy.txt -

https://foxglovesecurity.com/2017/02/07/type-juggling-and-php-object-injection-and-sqli-oh-my/

sqli/d0znpp.txt -

https://medium.com/@d0znpp/how-to-bypass-libinjection-in-many-waf-ngwaf-1e2513453c0f

sqli/libinjection-bypasses.txt -

https://gist.github.com/migolovanov/432fe28c8c7e9fa675ab3903c5eda77f

遍历/dotdotpwn.txt -

https://github.com/wireghoul/dotdotpwn

代码注入/fede.txt -

https://techblog.mediaservice.net/2016/10/exploiting-ognl-injection/

命令注入/ismailtasdelen-unix.txt -

https://github.com/ismailtasdelen/command-injection-payload-list

命令注入/ismailtasdelen-windows.txt -

https://github.com/ismailtasdelen/command-injection-payload-list

CTF

从数据包捕获或捕获标志 (ctf) 事件的日志文件中提取的请求。主要是原始数据，因此并非所有请求都是实际有效负载，但是应该对请求进行重复数据删除。

maccdc2010.txt - 中大西洋 CCDC (

http://maccdc.org/

)，来源：

http ://www.netresec.com/?page=MACCDC

maccdc2011.txt - 中大西洋 CCDC (

http://maccdc.org/

)，来源：

http ://www.netresec.com/?page=MACCDC

maccdc2012.txt - 中大西洋 CCDC (

http://maccdc.org/

)，来源：

http ://www.netresec.com/?page=MACCDC

ists12_2015.txt - 信息安全人才搜索（

http://ists.sparsa.org/

），来源：

http ://www.netresec.com/?page=ISTS

defcon20.txt - DEFCON 夺旗 (

https://www.defcon.org/html/links/dc-ctf.html

)，来源：

http ://www.netresec.com/?page=PcapFiles

各种各样的

可能与上面已包含的来源重叠的 XSS 引用：

https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet

http://htmlpurifier.org/live/smoketests/xssAttacks.php

原文地址;https://github.com/foospidy/payloads