This article (in Russian) lists a number of useful payloads (and some tools that work with them) for security testing of web applications. Below is the list of handy GitHub repositories for web server path testing, cross-site scripting, SQL injection, and several other common types of vulnerabilities. These payloads are much richer than basic hand-made tests and can help improve the security of the web application a great deal:
- Unleashing an Ultimate XSS Polyglot
- fuzz.txt – potentially dangerous files
- Payloads All The Things – a list of useful payloads and bypasses for web application security
- SecLists – a collection of different lists useful during the security testing
- IntruderPayloads – a collection of payloads, fuzz lists, and file uploads
- FuzzDB – a collection of fuzz lists and web application firewall evasion patterns
- payloads – a collection of payloads with links to a lot more lists and tools