ssti-payloads
bugbounty-cheatsheet
ssti-payloads | bugbounty-cheatsheet | |
---|---|---|
1 | 3 | |
560 | 5,561 | |
1.8% | - | |
0.0 | 0.0 | |
about 1 year ago | 8 months ago | |
MIT License | Creative Commons Attribution Share Alike 4.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ssti-payloads
-
There are some script for automate SSTI attacks?
I'm doing a hackthebox challenge where you need to exploit Flask with SSTI. I searched for some SSTI payloads and found a lot of options.
bugbounty-cheatsheet
What are some alternatives?
sql-injection-payload-list - 🎯 SQL Injection Payload List
API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
xss-payload-list - 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
awesome-oneliner-bugbounty - A collection of awesome one-liner scripts especially for bug bounty tips.
bounty-targets-data - This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
command-injection-payload-list - 🎯 Command Injection Payload List
WebHackersWeapons - ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
can-i-take-over-xyz - "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
tplmap - NO LONGER MAINTAINED - a pentest tool to detect and exploit SSTI
Infosec_Reference - An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.