pwny.cc
Search…
Home
WEB ATTACKS
Misc
OAuth
Open Redirect
Command Injection
Local File Inclusion (LFI)
Insecure File Upload
Insecure Direct Object Reference (IDOR)
SQL Injection (SQLi)
Cross-Site Scripting (XSS)
Server Side Request Forgery (SSRF)
Server Side Template Injection (SSTI)
XML External Entity (XXE)
SHELLS
Misc
Web Shells
Reverse Shells
Obfuscated Shells
SO
Linux
Windows
OTHER
Sandbox Escape
Cracking
Powered By GitBook
Home
Repository of useful payloads and tips for pentesting/bug bounty.
WEB IN CONTINUOUS UPDATE
I want to warn that I am not the owner of the information on this website, most of the tricks and payloads collected are from other websites and the content belongs to them. At the end of this page you have a compilation of resources where I have got information / tips for this repository.
If you want to contact me you can do it both on Twitter and Telegram.
If you want to contribute to this repository, you can do it by contacting me or making a PR to GitHub. The people who have contributed to the creation / maintenance of this wiki are listed below.

Contributors

(BE THE FIRST ONE)
Thanks to all contributors and thanks to the owners of the websites where I have been able to gather all this information.

Resources used

GitHub - swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF
GitHub
PayloadAllTheThings
HackTricks
HackTricks
HackTricks
/home/six2dez/.pentest-book
Pentest Book
Six2dex Pentest Book
TL;DR
AWAE - OSWE Preparation / Resources
JorgeCTF Resources
pentestmonkey | Taking the monkey work out of pentesting
Pentest Monkey
Security Blog
Security Blog
Morph3 Blog
GitHub - s0md3v/AwesomeXSS: Awesome XSS stuff
GitHub
S0md3v - Awesome XSS
Next - WEB ATTACKS
Misc
Last modified 2mo ago
Copy link
Outline
Contributors
Resources used