A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I <3 pull requests :)
- Web Developper
- Hackbar
- Burp Proxy
- Fiddler
- DirBuster
- GoBuster
- Knockpy
- SQLmap
- Eyewitness
- Nikto
- Recon-ng
- Wappalyzer
Book's list:
- Web Hacking 101
- The Web Application Hacker's Handbook
- OWASP Testing Guide v4
- Penetration Testing: A Hands-On Introduction to Hacking
- The Hacker Playbook 2: Practical Guide to Penetration Testing
- The Mobile Application Hacker’s Handbook
Blogs/Websites
- http://blog.zsec.uk/101-web-testing-tooling/
- https://blog.innerht.ml
- https://blog.zsec.uk
- https://www.exploit-db.com/google-hacking-database
- https://www.arneswinnen.net
- https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter/1102
Practice