pwny.cc
  • Home
  • SO
    • AI
      • Evasion
        • Exercise 1
        • Exercise 2
        • Exercise 3
        • Exercise 4
    • Android
      • adb
      • apktool
      • burp suite
      • dns spoofing
      • frida
      • intent
      • jadx
      • JNI
      • objection
      • tcpdump
      • webview
    • iOS
      • objection
    • Linux
      • Internal Recon
      • Bypasses
      • Network
      • Exfiltration
      • Containers
      • Iptables
    • Windows
      • Internal Recon
      • External Recon
      • Bypasses
      • Network
      • Exfiltration
  • SHELLS
    • Misc
    • Web Shells
    • Reverse Shells
    • Obfuscated Shells
  • WEB ATTACKS
    • Misc
    • Command Injection
    • Cross-Site Scripting (XSS)
      • XSS Tips
      • WAF Bypasses
    • Insecure Direct Object Reference (IDOR)
    • Insecure File Upload
    • Local File Inclusion (LFI)
      • Bypass Techniques
      • LFI to RCE
    • OAuth
    • Open Redirect
      • Open Redirect to XSS
    • Server Side Request Forgery (SSRF)
    • Server Side Template Injection (SSTI)
    • SQL Injection (SQLi)
      • SQLMap
      • MySQL
      • MSSQL
      • Oracle
      • PostgreSQL
    • XML External Entity (XXE)
  • OTHER
    • Cracking
      • Hashcat
      • John the Ripper
    • Sandbox Escape
Powered by GitBook
On this page
  • Contributors
  • Resources used

Was this helpful?

Home

NextAI

Last updated 2 years ago

Was this helpful?

Repository of useful payloads and tips for pentesting/bug bounty.

WEB IN CONTINUOUS UPDATE

I want to warn that I am not the owner of the information on this website, most of the tricks and payloads collected are from other websites and the content belongs to them. At the end of this page you have a compilation of resources where I have got information / tips for this repository.

If you want to contact me you can do it both on Twitter and Telegram.

If you want to contribute to this repository, you can do it by contacting me or making a PR to GitHub. The people who have contributed to the creation / maintenance of this wiki are listed below.

Contributors

(BE THE FIRST ONE)

Thanks to all contributors and thanks to the owners of the websites where I have been able to gather all this information.

Resources used

LogoGitHub - swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTFGitHub
PayloadAllTheThings
LogoHackTricksHackTricks
HackTricks
Logo/home/six2dez/.pentest-bookPentest Book
Six2dex Pentest Book
LogoTL;DRAWAE - OSWE Preparation / Resources
JorgeCTF Resources
pentestmonkey | Taking the monkey work out of pentesting
Pentest Monkey
LogoSecurity BlogSecurity Blog
Morph3 Blog
LogoGitHub - s0md3v/AwesomeXSS: Awesome XSS stuffGitHub
S0md3v - Awesome XSS