Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/1n3/intruderpayloads
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
https://github.com/1n3/intruderpayloads
attack bugbounty burpsuite burpsuite-engagement burpsuite-intruder fuzz fuzz-lists fuzzing injection intruder payloads sql-injection
Last synced: 12 days ago
JSON representation
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
- Host: GitHub
- URL: https://github.com/1n3/intruderpayloads
- Owner: 1N3
- Created: 2015-10-29T14:57:06.000Z (about 9 years ago)
- Default Branch: master
- Last Pushed: 2021-09-27T01:47:05.000Z (about 3 years ago)
- Last Synced: 2024-10-25T22:45:37.405Z (about 2 months ago)
- Topics: attack, bugbounty, burpsuite, burpsuite-engagement, burpsuite-intruder, fuzz, fuzz-lists, fuzzing, injection, intruder, payloads, sql-injection
- Language: BlitzBasic
- Homepage: https://xerosecurity.com
- Size: 84.3 MB
- Stars: 3,670
- Watchers: 168
- Forks: 1,185
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-security-collection - **1982**星
README
# IntruderPayloads
A collection of Burpsuite Intruder payloads, BurpBounty payloads (https://github.com/wagiro/BurpBounty), fuzz lists and pentesting methodologies. To pull down all 3rd party repos, run install.sh in the same directory of the IntruderPayloads folder.
Author: [email protected] - https://sn1persecurity.com
### OWASP TESTING CHECKLIST:
-----------------------------------------------------------------------
- Spiders, Robots and Crawlers IG-001
- Search Engine Discovery/Reconnaissance IG-002
- Identify application entry points IG-003
- Testing for Web Application Fingerprint IG-004
- Application Discovery IG-005
- Analysis of Error Codes IG-006
- SSL/TLS Testing (SSL Version, Algorithms, Key length, Digital Cert. Validity) - SSL Weakness CM‐001
- DB Listener Testing - DB Listener weak CM‐002
- Infrastructure Configuration Management Testing - Infrastructure Configuration management weakness CM‐003
- Application Configuration Management Testing - Application Configuration management weakness CM‐004
- Testing for File Extensions Handling - File extensions handling CM‐005
- Old, backup and unreferenced files - Old, backup and unreferenced files CM‐006
- Infrastructure and Application Admin Interfaces - Access to Admin interfaces CM‐007
- Testing for HTTP Methods and XST - HTTP Methods enabled, XST permitted, HTTP Verb CM‐008
- Credentials transport over an encrypted channel - Credentials transport over an encrypted channel AT-001
- Testing for user enumeration - User enumeration AT-002
- Testing for Guessable (Dictionary) User Account - Guessable user account AT-003
- Brute Force Testing - Credentials Brute forcing AT-004
- Testing for bypassing authentication schema - Bypassing authentication schema AT-005
- Testing for vulnerable remember password and pwd reset - Vulnerable remember password, weak pwd reset AT-006
- Testing for Logout and Browser Cache Management - - Logout function not properly implemented, browser cache weakness AT-007
- Testing for CAPTCHA - Weak Captcha implementation AT-008
- Testing Multiple Factors Authentication - Weak Multiple Factors Authentication AT-009
- Testing for Race Conditions - Race Conditions vulnerability AT-010
- Testing for Session Management Schema - Bypassing Session Management Schema, Weak Session Token SM-001
- Testing for Cookies attributes - Cookies are set not ‘HTTP Only’, ‘Secure’, and no time validity SM-002
- Testing for Session Fixation - Session Fixation SM-003
- Testing for Exposed Session Variables - Exposed sensitive session variables SM-004
- Testing for CSRF - CSRF SM-005
- Testing for Path Traversal - Path Traversal AZ-001
- Testing for bypassing authorization schema - Bypassing authorization schema AZ-002
- Testing for Privilege Escalation - Privilege Escalation AZ-003
- Testing for Business Logic - Bypassable business logic BL-001
- Testing for Reflected Cross Site Scripting - Reflected XSS DV-001
- Testing for Stored Cross Site Scripting - Stored XSS DV-002
- Testing for DOM based Cross Site Scripting - DOM XSS DV-003
- Testing for Cross Site Flashing - Cross Site Flashing DV-004
- SQL Injection - SQL Injection DV-005
- LDAP Injection - LDAP Injection DV-006
- ORM Injection - ORM Injection DV-007
- XML Injection - XML Injection DV-008
- SSI Injection - SSI Injection DV-009
- XPath Injection - XPath Injection DV-010
- IMAP/SMTP Injection - IMAP/SMTP Injection DV-011
- Code Injection - Code Injection DV-012
- OS Commanding - OS Commanding DV-013
- Buffer overflow - Buffer overflow DV-014
- Incubated vulnerability - Incubated vulnerability DV-015
- Testing for HTTP Splitting/Smuggling - HTTP Splitting, Smuggling DV-016
- Testing for SQL Wildcard Attacks - SQL Wildcard vulnerability DS-001
- Locking Customer Accounts - Locking Customer Accounts DS-002
- Testing for DoS Buffer Overflows - Buffer Overflows DS-003
- User Specified Object Allocation - User Specified Object Allocation DS-004
- User Input as a Loop Counter - User Input as a Loop Counter DS-005
- Writing User Provided Data to Disk - Writing User Provided Data to Disk DS-006
- Failure to Release Resources - Failure to Release Resources DS-007
- Storing too Much Data in Session - Storing too Much Data in Session DS-008
- WS Information Gathering - N.A. WS-001
- Testing WSDL - WSDL Weakness WS-002
- XML Structural Testing - Weak XML Structure WS-003
- XML content-level Testing - XML content-level WS-004
- HTTP GET parameters/REST Testing - WS HTTP GET parameters/REST WS-005
- Naughty SOAP attachments - WS Naughty SOAP attachments WS-006
- Replay Testing - WS Replay Testing WS-007
- AJAX Vulnerabilities - N.A. AJ-001
- AJAX Testing - AJAX weakness AJ-002