View Code? Open in Web Editor
NEW
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Home Page: https://xerosecurity.com
PHP 15.49%
HTML 0.79%
Shell 2.87%
BlitzBasic 80.85%
intruderpayloads's Introduction
Open Source Security Tools
OSCE
OSCP
CISSP
Security+
CNA
MCP
Network+
A+
PCI-ASV
SecurityTube Android Security For Penetration Testers
Public Exploits/PoC's/CVE's/Bug Bounties/CTF's
Nutanix Stored DOM Cross-Site Scripting (XSS) & Reflected Cross-Site Scripting (XSS) 0day
Recieved Offensive Security Certified Expert (OSCE) cerfication 12/2017
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WEMO HomeKit Bridge ($3,000 bounty) 9/2017
Stored Cross-Site Scripting (XSS) vulnerability in WEMO HomeKit Bridge ($500 bounty) 9/2017
Systemic Stored XSS vulnerability in WEMO HomeKit Android Application ($1,500 bounty) 9/2017
Systemic Local File Inclusion in WEMO HomeKit Android Application ($3,000 bounty) 9/2017
Placed 7th in ToorConCTF CTF 8/2017
Stored XSS in ModSecurity App for Splunk (Full Disclosure) 8/2017
Directory Traversal in PSPDFKit/Atlassian Jira Cloud Android application Bug Bounty 7/2017
Recieved Android Security For Penetration Testers (ASFP) certification from SecurityTube 5/2017
Gave talk at ISSA/OWASP Phoenix to 90+ attendees titled "Man In The Browser Advanced Client Side Exploitation" (https://www.slideshare.net/1N3/man-in-the-browser-advanced-client-side-exploitation-using-beef ) 4/2017
PSV-2017-0227: Cross-Site Tracing Vulnerability in NETGEAR Arlo CVE 2/2017
Directory traversal + multiple CSRF + multiple stored and reflected XSS in NETGEAR M4300-8X8F switches ($3,000+ bounty) 3/2017
Recieved Department of Defense HackerOne Challenge coin for the Hack The Army Bug Bounty Program 2/2017
Listed on the BugCrowd 2016 MVP list 1/2017
intruderpayloads's People
intruderpayloads's Issues
Hey Brothers!
I dont know why my burp isnt get the file
Here is the output:
Alowa,
What is the correct way to add these extension to Burp?
I am struggling to import the BurpBountyPayloads. They appear to be ACTIVE/PASSIVE scan configs but I cannot figure out where to import them. They do not import into Intruder, I get errors Error loading saved configuration
and Error opening saved attack: File is not in correct format
.
Your help is appreciated :) Thank you.
Need help, could you please show me the right method for using the BurpAttacks?
Hello 1N3. I always use your guide from Readme.MD.
It's very good and easy find new attack vectors. I use search functioning burp and type some keywords like you.
For example <form, <input, href= and other.
Can you help us write more keyboard for get more info for find better?
Thank you for your methodology. It's excellent
cat update.sh
#! /bin/bash
cd Repositories
cd PayloadsAllTheThings/ && git pull && cd ..
cd wfuzz/ && git pull && cd ..
cd fuzzdb/ && git pull && cd ..
cd big-list-of-naughty-strings/ && git pull && cd ..
cd payloads/ && git pull && cd ..
cd RobotsDisallowed/ && git pull && cd ..
cd SecLists/ && git pull && cd ..
Hello,
Thank you for your public work.
I was going to use some files present in this repository, but I noticed there is not a LICENSE file.
Is this work intended to be open source?
If yes: could you please add a license file?
Thank you again.
Hello I sorry for creating an issue. I was just hoping you guys might be able to create some documentation or a tutorial on how to use this content? I am new with Burp Pro and it would be very helpful. If you know of some good documents or tutorials please let me know. Thank you.
Hi,
Thanks for the repo, it miss a file where you make a symlink but that dont push it ;)
The file in question is located
here