{"id":28501,"date":"2018-04-19T23:57:17","date_gmt":"2018-04-19T21:57:17","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=28501"},"modified":"2018-04-19T23:57:17","modified_gmt":"2018-04-19T21:57:17","slug":"useful-payloads-for-security-testing-of-web-applications","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2018\/04\/19\/useful-payloads-for-security-testing-of-web-applications\/","title":{"rendered":"Useful payloads for security testing of web applications"},"content":{"rendered":"<!-- google_ad_section_start -->\n<p><a href=\"https:\/\/habrahabr.ru\/company\/pentestit\/blog\/352422\/\">This article<\/a> (in Russian) lists a number of useful payloads (and some tools that work with them) for security testing of web applications.\u00a0 Below is the list of handy GitHub repositories for web server path testing, cross-site scripting, SQL injection, and several other common types of vulnerabilities.\u00a0 These payloads are much richer than basic hand-made tests and can help improve the security of the web application a great deal:<\/p>\n<ul>\n<li><a href=\"https:\/\/github.com\/0xsobky\/HackVault\/wiki\/Unleashing-an-Ultimate-XSS-Polyglot\">Unleashing an Ultimate XSS Polyglot<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/Bo0oM\/fuzz.txt\">fuzz.txt<\/a> &#8211; potentially dangerous files<\/li>\n<li><a href=\"https:\/\/github.com\/swisskyrepo\/PayloadsAllTheThings\">Payloads All The Things<\/a> &#8211; a list of useful payloads and bypasses for web application security<\/li>\n<li><a href=\"https:\/\/github.com\/danielmiessler\/SecLists\">SecLists<\/a> &#8211; a collection of different lists useful during the security testing<\/li>\n<li><a href=\"https:\/\/github.com\/1N3\/IntruderPayloads\">IntruderPayloads<\/a> &#8211; a collection of payloads, fuzz lists, and file uploads<\/li>\n<li><a href=\"https:\/\/github.com\/fuzzdb-project\/fuzzdb\">FuzzDB<\/a> &#8211; a collection of fuzz lists and web application firewall evasion patterns<\/li>\n<li><a href=\"https:\/\/github.com\/foospidy\/payloads\/\">payloads<\/a> &#8211; a collection of payloads with links to a lot more lists and tools<\/li>\n<\/ul>\n<!-- google_ad_section_end -->\n","protected":false},"excerpt":{"rendered":"<!-- google_ad_section_start -->\n<p>This article (in Russian) lists a number of useful payloads (and some tools that work with them) for security testing of web applications.\u00a0 Below is the list of handy GitHub repositories for web server path testing, cross-site scripting, SQL injection, and several other common types of vulnerabilities.\u00a0 These payloads are much richer than basic hand-made &hellip; <a href=\"https:\/\/mamchenkov.net\/wordpress\/2018\/04\/19\/useful-payloads-for-security-testing-of-web-applications\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Useful payloads for security testing of web applications<\/span><\/a><\/p>\n<!-- google_ad_section_end -->\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"Useful payloads for security testing of web applications #WebDev #SysAdmin #security #hosting #testing","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_links_to":"","_links_to_target":""},"categories":[1,6,18,133,62,1334],"tags":[200,1108,1330,2289],"keyring_services":[],"class_list":["post-28501","post","type-post","status-publish","format-standard","hentry","category-general","category-linux","category-programming","category-sysadmin","category-technology","category-web-work","tag-security","tag-testing","tag-web-development","tag-web-hosting"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":28513,"url":"https:\/\/mamchenkov.net\/wordpress\/2018\/04\/23\/php-preparing-for-the-penetration-testing\/","url_meta":{"origin":28501,"position":0},"title":"PHP : Preparing for the Penetration Testing","author":"Leonid Mamchenkov","date":"April 23, 2018","format":false,"excerpt":"Chris Cornutt wrote \"PREPARING FOR PENTESTING (@ LONGHORN PHP 2018)\" blog post for his upcoming talk at the conference.\u00a0 I'd gladly attend the talk, but the time and place didn't work out for me this time.\u00a0 Here are a few useful links from his blog post that might come in\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":11416,"url":"https:\/\/mamchenkov.net\/wordpress\/2008\/11\/03\/on-software-testing\/","url_meta":{"origin":28501,"position":1},"title":"On software testing","author":"Leonid Mamchenkov","date":"November 3, 2008","format":false,"excerpt":"The software is checked very carefully in a bottom-up fashion. First, each new line of code is checked, then sections of code or modules with special functions are verified. The scope is increased step by step until the new changes are incorporated into a complete system and checked. This complete\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":26303,"url":"https:\/\/mamchenkov.net\/wordpress\/2016\/08\/03\/kali-tools-linux-distribution-for-penetration-testing\/","url_meta":{"origin":28501,"position":2},"title":"Kali Tools &#8211; Linux distribution for penetration testing","author":"Leonid Mamchenkov","date":"August 3, 2016","format":false,"excerpt":"Kali Tools - a special purpose Linux distribution for performing penetration testing. \u00a0A long list of tools is split into the following categories: Information gathering Vulnerability analysis Wireless attacks Web applications Exploitation tools Forensic tools Stress testing Sniffing & spoofing Password attacks Maintaining access Reverse engineering Hardware hacking Reporting tools","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"kali tools logo","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2016\/08\/kali-tools-logo.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":16740,"url":"https:\/\/mamchenkov.net\/wordpress\/2012\/09\/21\/spoon-net-run-any-desktop-application-on-deman\/","url_meta":{"origin":28501,"position":3},"title":"spoon.net &#8211; run any desktop application on deman","author":"Leonid Mamchenkov","date":"September 21, 2012","format":"link","excerpt":"spoon.net - run any desktop application on deman I haven't tried it myself yet, but a few people mentioned to me that this is mighty useful for cross-browser testing during web development and design.","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":36989,"url":"https:\/\/mamchenkov.net\/wordpress\/2019\/03\/04\/using-the-networkmanagers-dnsmasq-plugin\/","url_meta":{"origin":28501,"position":4},"title":"Using the NetworkManager\u2019s DNSMasq plugin","author":"Leonid Mamchenkov","date":"March 4, 2019","format":false,"excerpt":"Fedora Magazine runs a handy article for anyone using work\/corporate VPNs from a home computer - \"Using the NetworkManager\u2019s DNSMasq plugin\". This is also not the only use for the DNSMasq plugin. It comes in useful when you work local cluster setups for development or testing. Furthermore, pretty much any\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/03\/dnsmasq.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/03\/dnsmasq.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/03\/dnsmasq.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/03\/dnsmasq.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":28559,"url":"https:\/\/mamchenkov.net\/wordpress\/2018\/05\/08\/composer-plugin-qa-composer-plugin-for-php-quality-assurance-tools\/","url_meta":{"origin":28501,"position":5},"title":"composer-plugin-qa &#8211; Composer Plugin for PHP Quality Assurance Tools","author":"Leonid Mamchenkov","date":"May 8, 2018","format":false,"excerpt":"composer-plugin-qa is a Composer plugin which adds all the most popular PHP quality assurance tools as composer scripts, so that you don't have to install and set them up one by one.\u00a0 The list of tools includes the following: PHPUnit: Testing Framework PHPCOV: CLI frontend for the\u00a0PHP_CodeCoverage Paratest: Parallel testing\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/05\/composer-plugin-qa-500x296.jpeg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/28501","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/comments?post=28501"}],"version-history":[{"count":0,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/28501\/revisions"}],"wp:attachment":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/media?parent=28501"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/categories?post=28501"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/tags?post=28501"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/keyring_services?post=28501"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}