| cors-bot-code |
CORS test bot passes X-Requested-With and X-Request headers..from http://xssor.io/s/payload/iamanewbotnamedcorsbot.txt |
| dom-xss-points |
points in the DOM where XSS attacks are likely to take place |
| ecmascript-attack-vectors |
ECMAScript Attack Vectors from https://github.com/google/caja/wiki/AttackVectors |
| gnucitizen-attackapi-payloads |
gnucitizen.org AttackAPI payloads from http://xssor.io/s/payload/attackapi.txt |
| html-png-polyglot |
Another file with HTML/CSS/JS code that's also a PNG |
| html5sec-attack-vectors |
vectors.txt file from the HTML5 Security Cheatsheet GitHub repository |
| joomla-components-targeted |
list of Joomla components vulnerable to LFI targeted on a honeypot from http://tacticalwebappsec.blogspot.com/2011/11/mass-joomla-component-lfi-attacks.html |
| local-file-includes |
locations of files that are typically provided in LFI attack queries |
| mongodb-nosql-injection |
nosqlinjection_wordlists |
| mssql-injection-strings |
SQL injection attack strings specified to Microsoft SQL Server |
| png-html-polyglot |
a PNG image file also containing HTML, CSS and JavaScript |
| portswigger-attack-definitions |
PortSwigger attack definitions |
| script-tag-encodings |
a list of various web encodings for the string <script> |
| vulnerability-rating-taxonomy |
Bugcrowd Vulnerability Rating Taxonomy JSON via https://github.com/bugcrowd/vulnerability-rating-taxonomy |
| wapples-vseries-rules |
WAPPLES V-Series virtual WAF rules https://www.pentasecurity.co.kr/wp-content/uploads/2018/01/WAPPLES-V-Series-whitepaper.pdf |
| webapp-attack-strings |
Various HTTP GET query strings that represent attacks |
| webapp-charset-attacks |
Character set strings to test a web server's content negotiation behavior.. |
| webapp-code-execution |
HTTP GET queries that may result in remote code execution |
| webapp-pentest-checklist |
Checklist for Web Application Penetration Testing https://hackercombat.com/web-application-penetration-testing-checklist |
| webapp-sql-injection |
RDBMS query fragments for SQL injection testing |
| webapp-xss-scripts |
JavaScript code fragments for testing Cross-Site Scripting |
| whitehat-top40vulns-list |
WhiteHat Security Top 40 Vulnerabilities List via https://whitehatsec.com/faq/content/top-vulnerabilities-list |
| wordpress-plugin-vulns |
list of WordPress plugins with versions that have publicly known vulnerabilities |
| xml-vulns-attacks |
sample attack syntaxes that exploit common XML vulnerabilities |
| xss-bypass-filter |
rvrsh3ll |
| xss-payloads-misc |
miscellaneous XSS payloads from http://xssor.io/s/payload/xssmisc.txt |
| xss-vectors-zephrfish |
XSS Vectors.txt from ZephrFish user on GitHub |
| xxe-attack-payloads |
XML eXternal Entity attack payloads |
