Brinkles Pentesting Notebook

Introduction
Certification Reviews
C2 and Payloads
- Sliver C2
- Cobalt Strike
  BOFs and Aggressor Scripts
  Situational Awareness BOF
  HOLLOW BOF
  DLL_Version_Enumeration_BOF
  InlineExecute-Assembly BOF
  BOF.NET
  C2-Tool-Collection BOFs
  Inline-Execute-PE
  Payloads
Tools
- Internal Tools
  BloodHound
  Certi
  Coercer
  CrackMapExec
  DCSync
  DFSCoerce
  DonPAPI
  WMIEXEC
  Kerberoasting
  Lsassy
  mitm6
  Pcredz
  PowerSploit
  PrivExchange
  Responder / RunFinger
  Rubeus
  Seatbelt
  Seth
- Web App Pentesting
  Payload All The Things
  Directory traversal
  Deep Traversal
  More Directory Traversal Payloads
  SAML Injection
  XXE - XML External Entity
  XSS - Cross Site Scripting
  XSLT Injection
  XPATH injection
  Upload Insecure Files
  SQL injection
  MSSQL Injection
  MYSQL Injection
  Oracle SQL Injection
  PostgreSQL injection
  SQLite Injection
  Server Side Templates Injections
  Server-Side Request Forgery
  Payloads Included in Server-Side Request Forgery
  Request Smuggling
  OAuth
  NoSQL injection
  LDAP injection
  Kubernetes
  JSON Web Token
  HTTP Parameter Pollution
  GraphQL injection
  CORS Misconfiguration
  CRLF
  Cross-Site Request Forgery
  CSV Injection (Formula Injection)
  File Inclusion
  PHPINFOlfi.py
  uploadlfi.py
Network Security

Powered by GitBook

Page cover image

On this page

Web App Tools/Payloads
Resources:

Tools

Web App Pentesting

PreviousSeth NextPayload All The Things

Last updated 2 years ago

Web App Tools/Payloads

All notes are either grabbed from blogs, githubs, certs, etc or my own.

Resources:

GitHub - swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTFGitHub

Web Application Security, Testing, & Scanning - PortSwigger

Welcome!Web Hacking Tips