IntruderPayloads

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists. (by 1N3)
Add to my DEV experience burpsuite intruder payloads fuzz-lists Fuzzing Fuzz Injection burpsuite-engagement burpsuite-intruder Attack sql-injection Bugbounty
Source Code
xerosecurity.com
IntruderPayloads Reviews
Suggest alternative
Edit details
The modern identity platform for B2B SaaS
The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
workos.com
Sponsored

IntruderPayloads Alternatives

Similar projects and alternatives to IntruderPayloads based on common topics and language

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better IntruderPayloads alternative or higher similarity.
Suggest an alternative to IntruderPayloads

IntruderPayloads reviews and mentions

Posts with mentions or reviews of IntruderPayloads. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-02-13.
  • AI-powered Bing Chat spills its secrets via prompt injection attack
    3 projects | news.ycombinator.com | 13 Feb 2023
    It's very interesting that AppSec may now begin to include "prompt injection" attacks as something of relevance.

    Specifically with libraries like LangChain[0] that allow for you to perform complex actions ("What's the weather?" -> makes HTTP request to fetch weather) then we end up in a world where injection attacks can have side effects with security implications.

    I've been thinking about what security might look like for a post-ChatGPT world and how I'd attempt to defend against it. I'd probably start by building a database of attack prompts, kind of like this[1] fuzz list but for AI, then I'd train a second neural net that acts like an adversarial neural network[2] to try to exploit the system based on those payloads. The end result would sort of like SQLMap[3] but for AI systems where it can automatically "leak" hidden prompts and potentially find "bypasses" to escape the sandbox.

    Has anybody else spent any time thinking about how to defend systems against prompt injection attacks that have possible side effects (like making an HTTP request)?

    0: https://langchain.readthedocs.io/en/latest/modules/agents/ex...

    1: https://github.com/1N3/IntruderPayloads

    2: https://en.wikipedia.org/wiki/Generative_adversarial_network

    3: https://sqlmap.org/

  • Passed OSCP (70+10)! Experience sharing!
    2 projects | /r/oscp | 2 Aug 2022
    nmap, hacktricks and burpsuite are my best friend on enumeration. Search every port on hacktricks, fuzz every field in your web request on burpsuite using https://github.com/1N3/IntruderPayloads. Don't forget to try bruteforce if everything failed.

Stats

Basic IntruderPayloads repo stats
2
3,526
1.8
over 2 years ago

The primary programming language of IntruderPayloads is BlitzBasic.

Popular Comparisons

  1. IntruderPayloads VS ssti-payloads
  2. IntruderPayloads VS sql-injection-payload-list
  3. IntruderPayloads VS vaf
  4. IntruderPayloads VS dicectf-2023-challenges
  5. IntruderPayloads VS SQLMap
  6. IntruderPayloads VS PEASS-ng

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com