ssti-payloads
xss-payload-list
ssti-payloads | xss-payload-list | |
---|---|---|
1 | 6 | |
560 | 5,638 | |
1.8% | 2.2% | |
0.0 | 0.0 | |
about 1 year ago | 5 months ago | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ssti-payloads
-
There are some script for automate SSTI attacks?
I'm doing a hackthebox challenge where you need to exploit Flask with SSTI. I searched for some SSTI payloads and found a lot of options.
xss-payload-list
-
XSS example
Like an example XSS payload? Go nuts: https://github.com/payloadbox/xss-payload-list
-
Go with PHP
Otherwise, only vague and unsubstantiated claims, which does not help PHP nor any other programming language or framework.
[] https://github.com/payloadbox/xss-payload-list
- SC
- A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters
- Cross Site Scripting ( XSS ) Vulnerability Payload List
-
Password protected website (no username) - best way in?
Tried it now, with the https://github.com/payloadbox/xss-payload-list/tree/master/Intruder list.
What are some alternatives?
sql-injection-payload-list - 🎯 SQL Injection Payload List
XSStrike - Most advanced XSS scanner.
awesome-oneliner-bugbounty - A collection of awesome one-liner scripts especially for bug bounty tips.
bugbounty-cheatsheet - A list of interesting payloads, tips and tricks for bug bounty hunters.
OWASP-Xenotix-XSS-Exploit-Framework - OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.
bounty-targets-data - This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
plugin-cloud-storage - The official cloud storage plugin for Payload
WebHackersWeapons - ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
ppmap - A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.
tplmap - NO LONGER MAINTAINED - a pentest tool to detect and exploit SSTI
fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.