{"id":13379998,"url":"https://github.com/1N3/IntruderPayloads","last_synced_at":"2025-03-13T06:32:17.194Z","repository":{"id":37502432,"uuid":"45190182","full_name":"1N3/IntruderPayloads","owner":"1N3","description":"A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.","archived":false,"fork":false,"pushed_at":"2021-09-27T01:47:05.000Z","size":88425,"stargazers_count":3715,"open_issues_count":4,"forks_count":1192,"subscribers_count":169,"default_branch":"master","last_synced_at":"2025-01-29T09:29:56.905Z","etag":null,"topics":["attack","bugbounty","burpsuite","burpsuite-engagement","burpsuite-intruder","fuzz","fuzz-lists","fuzzing","injection","intruder","payloads","sql-injection"],"latest_commit_sha":null,"homepage":"https://xerosecurity.com","language":"BlitzBasic","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/1N3.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-10-29T14:57:06.000Z","updated_at":"2025-01-29T09:18:52.000Z","dependencies_parsed_at":"2022-07-14T04:50:26.965Z","dependency_job_id":null,"html_url":"https://github.com/1N3/IntruderPayloads","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1N3%2FIntruderPayloads","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1N3%2FIntruderPayloads/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1N3%2FIntruderPayloads/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1N3%2FIntruderPayloads/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/1N3","download_url":"https://codeload.github.com/1N3/IntruderPayloads/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243357996,"owners_count":20277988,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["attack","bugbounty","burpsuite","burpsuite-engagement","burpsuite-intruder","fuzz","fuzz-lists","fuzzing","injection","intruder","payloads","sql-injection"],"created_at":"2024-07-30T08:00:56.174Z","updated_at":"2025-03-13T06:32:17.188Z","avatar_url":"https://github.com/1N3.png","language":"BlitzBasic","readme":"![alt tag](https://github.com/1N3/IntruderPayloads/blob/master/BurpsuiteIntruderPayloads.png)\n\n# IntruderPayloads\nA collection of Burpsuite Intruder payloads, BurpBounty payloads (https://github.com/wagiro/BurpBounty), fuzz lists and pentesting methodologies. To pull down all 3rd party repos, run install.sh in the same directory of the IntruderPayloads folder.\n\nAuthor: xer0dayz@sn1persecurity.com - https://sn1persecurity.com\n\n### OWASP TESTING CHECKLIST:\n-----------------------------------------------------------------------\n- Spiders, Robots and Crawlers\tIG-001\n- Search Engine Discovery/Reconnaissance\tIG-002\n- Identify application entry points\tIG-003\n- Testing for Web Application Fingerprint\tIG-004\n- Application Discovery\tIG-005\n- Analysis of Error Codes\tIG-006\n- SSL/TLS Testing (SSL Version, Algorithms, Key length, Digital Cert. Validity) - SSL Weakness\tCM‐001\n- DB Listener Testing - DB Listener weak\tCM‐002\n- Infrastructure Configuration Management Testing - Infrastructure Configuration management weakness\tCM‐003\n- Application Configuration Management Testing - Application Configuration management weakness\tCM‐004\n- Testing for File Extensions Handling - File extensions handling\tCM‐005\n- Old, backup and unreferenced files - Old, backup and unreferenced files\tCM‐006\n- Infrastructure and Application Admin Interfaces - Access to Admin interfaces\tCM‐007\n- Testing for HTTP Methods and XST - HTTP Methods enabled, XST permitted, HTTP Verb\tCM‐008\n- Credentials transport over an encrypted channel - Credentials transport over an encrypted channel\tAT-001\n- Testing for user enumeration - User enumeration\tAT-002\n- Testing for Guessable (Dictionary) User Account - Guessable user account\tAT-003\n- Brute Force Testing - Credentials Brute forcing\tAT-004\n- Testing for bypassing authentication schema - Bypassing authentication schema\tAT-005\n- Testing for vulnerable remember password and pwd reset - Vulnerable remember password, weak pwd reset\tAT-006\n- Testing for Logout and Browser Cache Management - - Logout function not properly implemented, browser cache weakness\tAT-007\n- Testing for CAPTCHA - Weak Captcha implementation\tAT-008\n- Testing Multiple Factors Authentication - Weak Multiple Factors Authentication\tAT-009\n- Testing for Race Conditions - Race Conditions vulnerability\tAT-010\n- Testing for Session Management Schema - Bypassing Session Management Schema, Weak Session Token\tSM-001\n- Testing for Cookies attributes - Cookies are set not ‘HTTP Only’, ‘Secure’, and no time validity\tSM-002\n- Testing for Session Fixation - Session Fixation\tSM-003\n- Testing for Exposed Session Variables - Exposed sensitive session variables\tSM-004\n- Testing for CSRF - CSRF\tSM-005\n- Testing for Path Traversal - Path Traversal\tAZ-001\n- Testing for bypassing authorization schema - Bypassing authorization schema\tAZ-002\n- Testing for Privilege Escalation - Privilege Escalation\tAZ-003\n- Testing for Business Logic - Bypassable business logic\tBL-001\n- Testing for Reflected Cross Site Scripting - Reflected XSS\tDV-001\n- Testing for Stored Cross Site Scripting - Stored XSS\tDV-002\n- Testing for DOM based Cross Site Scripting - DOM XSS\tDV-003\n- Testing for Cross Site Flashing - Cross Site Flashing\tDV-004\n- SQL Injection - SQL Injection\tDV-005\n- LDAP Injection - LDAP Injection\tDV-006\n- ORM Injection - ORM Injection\tDV-007\n- XML Injection - XML Injection\tDV-008\n- SSI Injection - SSI Injection\tDV-009\n- XPath Injection - XPath Injection\tDV-010\n- IMAP/SMTP Injection - IMAP/SMTP Injection\tDV-011\n- Code Injection - Code Injection\tDV-012\n- OS Commanding - OS Commanding\tDV-013\n- Buffer overflow - Buffer overflow\tDV-014\n- Incubated vulnerability - Incubated vulnerability\tDV-015\n- Testing for HTTP Splitting/Smuggling - HTTP Splitting, Smuggling\tDV-016\n- Testing for SQL Wildcard Attacks - SQL Wildcard vulnerability\tDS-001\n- Locking Customer Accounts - Locking Customer Accounts\tDS-002\n- Testing for DoS Buffer Overflows - Buffer Overflows\tDS-003\n- User Specified Object Allocation - User Specified Object Allocation\tDS-004\n- User Input as a Loop Counter - User Input as a Loop Counter\tDS-005\n- Writing User Provided Data to Disk - Writing User Provided Data to Disk\tDS-006\n- Failure to Release Resources - Failure to Release Resources\tDS-007\n- Storing too Much Data in Session - Storing too Much Data in Session\tDS-008\n- WS Information Gathering - N.A.\tWS-001\n- Testing WSDL - WSDL Weakness\tWS-002\n- XML Structural Testing - Weak XML Structure\tWS-003\n- XML content-level Testing - XML content-level\tWS-004\n- HTTP GET parameters/REST Testing - WS HTTP GET parameters/REST\tWS-005\n- Naughty SOAP attachments - WS Naughty SOAP attachments\tWS-006\n- Replay Testing - WS Replay Testing\tWS-007\n- AJAX Vulnerabilities - N.A.\tAJ-001\n- AJAX Testing - AJAX weakness\tAJ-002\n\n","funding_links":[],"categories":["BlitzBasic","Recon","Weapons","其他_安全与渗透","BitBake (5)"],"sub_categories":["Fuzzing","Tools","网络服务_其他"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F1N3%2FIntruderPayloads","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F1N3%2FIntruderPayloads","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F1N3%2FIntruderPayloads/lists"}