A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I <3 pull requests :)
docker pull remnux/metasploit
- docker-metasploit
docker pull paoloo/sqlmap
- docker-sqlmap
docker pull kalilinux/kali-linux-docker
official Kali Linux
docker pull owasp/zap2docker-stable
- official OWASP ZAP
docker pull wpscanteam/wpscan
- official WPScan
docker pull infoslack/dvwa
- Damn Vulnerable Web Application (DVWA)
docker pull danmx/docker-owasp-webgoat
- OWASP WebGoat Project docker image
docker pull opendns/security-ninjas
- Security Ninjas
docker pull ismisepaul/securityshepherd
- OWASP Security Shepherd
docker-compose build && docker-compose up
- OWASP NodeGoat
docker pull citizenstig/nowasp
- OWASP Mutillidae II Web Pen-Test Practice Application
docker pull bkimminich/juice-shop
- OWASP Juice Shop
Book's list:
The Hacker Playbook 2: Practical Guide to Penetration Testing
Black Hat Python: Python Programming for Hackers and Pentesters
The Database Hacker's Handbook, David Litchfield et al., 2005
The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009
The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011
The Mobile Application Hackers Handbook by Dominic Chell et al., 2015
Blogs/Websites
Youtube
Practice
Bug Bounty
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。