https://github.com/swisskyrepo/PayloadsAllTheThingsPython
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Payloads All The Things
A list of useful payloads and bypasses for Web Application Security.
Feel free to improve with your payloads and techniques !
I <3 pull requests :)
You can also contribute with a beer IRL or with buymeacoffee.com

Every section contains the following files, you can use the _template_vuln
folder to create a new chapter:
- README.md - vulnerability description and how to exploit it
- Intruder - a set of files to give to Burp Intruder
- Images - pictures for the README.md
- Files - some files referenced in the README.md
You might also like :
Try Harder
Ever wonder where you can use your knowledge ? The following list will help you find "targets" to improve your skills.
- Bug Bounty Platforms
- Online Platforms
Book's list
Grab a book and relax, these ones are the best security books (in my opinion).
- Web Hacking 101
- Breaking into Information Security: Learning the Ropes 101 - Andrew Gill
- OWASP Testing Guide v4
- Penetration Testing: A Hands-On Introduction to Hacking
- The Hacker Playbook 2: Practical Guide to Penetration Testing
- The Hacker Playbook 3: Practical Guide to Penetration Testing - Red Team Edition
- The Mobile Application Hacker’s Handbook
- Black Hat Python: Python Programming for Hackers and Pentesters
- Metasploit: The Penetration Tester's Guide
- The Database Hacker's Handbook, David Litchfield et al., 2005
- The Shellcoders Handbook by Chris Anley et al., 2007
- The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009
- The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011
- iOS Hackers Handbook by Charlie Miller et al., 2012
- Android Hackers Handbook by Joshua J. Drake et al., 2014
- The Browser Hackers Handbook by Wade Alcorn et al., 2014
- The Mobile Application Hackers Handbook by Dominic Chell et al., 2015
- Car Hacker's Handbook by Craig Smith, 2016
More resources
Blogs/Websites
Youtube