{"id":13578260,"url":"https://github.com/lutfumertceylan/top25-parameter","last_synced_at":"2026-02-17T22:02:37.470Z","repository":{"id":37751995,"uuid":"259446769","full_name":"lutfumertceylan/top25-parameter","owner":"lutfumertceylan","description":"For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙","archived":false,"fork":false,"pushed_at":"2024-06-09T23:36:24.000Z","size":364,"stargazers_count":1799,"open_issues_count":3,"forks_count":282,"subscribers_count":42,"default_branch":"master","last_synced_at":"2025-10-29T20:45:41.924Z","etag":null,"topics":["bugbounty","bugbountytips","infosec","pentest-tool","pentesting","security","vulnerability-detection","vulnerability-research","xss-detection"],"latest_commit_sha":null,"homepage":"https://owasp.org/www-project-top-25-parameters/","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lutfumertceylan.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-04-27T20:40:09.000Z","updated_at":"2025-10-27T16:29:29.000Z","dependencies_parsed_at":"2024-01-16T20:28:07.922Z","dependency_job_id":"161e783d-90d3-4900-952c-15e2cf7d4200","html_url":"https://github.com/lutfumertceylan/top25-parameter","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/lutfumertceylan/top25-parameter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lutfumertceylan%2Ftop25-parameter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lutfumertceylan%2Ftop25-parameter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lutfumertceylan%2Ftop25-parameter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lutfumertceylan%2Ftop25-parameter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lutfumertceylan","download_url":"https://codeload.github.com/lutfumertceylan/top25-parameter/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lutfumertceylan%2Ftop25-parameter/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29559961,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-17T21:50:49.831Z","status":"ssl_error","status_checked_at":"2026-02-17T21:46:15.313Z","response_time":100,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","bugbountytips","infosec","pentest-tool","pentesting","security","vulnerability-detection","vulnerability-research","xss-detection"],"created_at":"2024-08-01T15:01:28.881Z","updated_at":"2026-02-17T22:02:37.455Z","avatar_url":"https://github.com/lutfumertceylan.png","language":null,"funding_links":[],"categories":["Others"],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003e\n  \u003cbr\u003e\n  \u003ca href=\"\"\u003e\u003cimg src=\"https://raw.githubusercontent.com/OWASP/www-project-top-25-parameters/main/assets/images/top25-parameter-logo.png\" alt=\"\"\u003e\u003c/a\u003e\n\u003c/h1\u003e\n\u003ch4 align=\"center\"\u003eFor basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon\u003c/h4\u003e\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"\"\u003e\u003cimg src=\"https://img.shields.io/github/v/release/lutfumertceylan/top25-parameter?style=flat\"\u003e\u003c/a\u003e\n  \u003ca href=\"\"\u003e\u003cimg src=\"https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://twitter.com/intent/follow?screen_name=lutfumertceylan\"\u003e\u003cimg src=\"https://img.shields.io/twitter/follow/lutfumertceylan?style=flat\u0026logo=twitter\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/lutfumertceylan\"\u003e\u003cimg src=\"https://img.shields.io/github/stars/lutfumertceylan?style=flat\u0026logo=github\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n## What is the OWASP Top 25 Parameters 🧙⚔️\n\u003cp\u003e\nFor basic researches, top 25 vulnerable parameters based on frequency of use with reference to various articles. These parameters can be used for automation tools or manual recon. Although the prevalence percentages of these parameters cannot be proven precisely.\n\n\u003ci\u003eData sources include numerous articles, blogs, and other resources obtained via OSINT and other open-source projects including work similar to that of Jason Haddix and HUNT.\u003c/i\u003e\n  \nThis repo contains common parameters of the following vulnerabilities:\n```\n- Cross-Site Scripting (XSS)\n- Server-Side Request Forgery (SSRF)\n- Local File Inclusion (LFI)\n- SQL Injection (SQLi)\n- Remote Code Execution (RCE) - [for GET and POST methods]\n- Open Redirect\n```\n\u003c/p\u003e\n\n## ToC\n- [Cross-Site Scripting](#top-25-cross-site-scripting-xss-parameters-for-trbughunters-openbugbounty)\n- [Server-Side Request Forgery](#top-25-server-side-request-forgery-ssrf-parameters-for-trbughunters)\n- [Local File Inclusion](#top-25-local-file-inclusion-lfi-parameters-for-trbughunters)\n- [SQL Injection](#top-25-sql-injection-parameters-for-trbughunters)\n- [Remote Code Execution](#top-25-remote-code-execution-rce-parameters-get-based-for-trbughunters)\n- [Open Redirect](#top-25-open-redirect-parameters-for-lutfumertceylan)\n\n---\n\n### Top 25 **Cross-Site Scripting (XSS)** Parameters\n\n\u003cimg src=\"https://raw.githubusercontent.com/OWASP/www-project-top-25-parameters/main/assets/images/xss-owasp_top25pic.png\"\u003e\n\n### Top 25 **Server-Side Request Forgery (SSRF)** Parameters\n\n\u003cimg src=\"https://raw.githubusercontent.com/OWASP/www-project-top-25-parameters/main/assets/images/ssrf-owasp_top25pic.png\"\u003e\n\n### Top 25 **Local File Inclusion (LFI)** Parameters\n\n\u003cimg src=\"https://raw.githubusercontent.com/OWASP/www-project-top-25-parameters/main/assets/images/lfi-owasp_top25pic.png\"\u003e\n\n### Top 25 **SQL Injection** Parameters\n\n\u003cimg src=\"https://raw.githubusercontent.com/OWASP/www-project-top-25-parameters/main/assets/images/sql-owasp_top25pic.png\"\u003e\n\n### Top 25 **Remote Code Execution (RCE)** Parameters [GET based]\n\n\u003cimg src=\"https://raw.githubusercontent.com/OWASP/www-project-top-25-parameters/main/assets/images/rce-owasp_top25pic.png\"\u003e\n\n### Top 25 **Open Redirect** Parameters [GET based]\n\n\u003cimg src=\"https://raw.githubusercontent.com/OWASP/www-project-top-25-parameters/main/assets/images/openredirect-owasp_top25pic.png\"\u003e\n\n## How can I contact you?\n\nTo report issues or make suggestions for the Top-25 Parameters, please use [GitHub Issues](https://github.com/OWASP/www-project-top-25-parameters/issues).\n\nFor everything else, we're easy to answer your e-mail :\n\n1. Send an e-mail to [lutfu.mertceylan[at]owasp.org](mailto:lutfu.mertceylan[at]owasp.org)\n2. Send an e-mail to [info[at]lutfumertceylan.com.tr](mailto:info@lutfumertceylan.com.tr)\n\nYou can @ us on Twitter [@lutfumertceylan](https://twitter.com/lutfumertceylan).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flutfumertceylan%2Ftop25-parameter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flutfumertceylan%2Ftop25-parameter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flutfumertceylan%2Ftop25-parameter/lists"}