Folder Name Description of Contents cors-bot-code CORS test bot passes X-Requested-With and X-Request headers..from http://xssor.io/s/payload/iamanewbotnamedcorsbot.txt dom-xss-points points in the DOM where XSS attacks are likely to take place ecmascript-attack-vectors ECMAScript Attack Vectors from https://github.com/google/caja/wiki/AttackVectors gnucitizen-attackapi-payloads gnucitizen.org AttackAPI payloads from http://xssor.io/s/payload/attackapi.txt html-png-polyglot Another file with HTML/CSS/JS code that's also a PNG html5sec-attack-vectors vectors.txt file from the HTML5 Security Cheatsheet GitHub repository joomla-components-targeted list of Joomla components vulnerable to LFI targeted on a honeypot from http://tacticalwebappsec.blogspot.com/2011/11/mass-joomla-component-lfi-attacks.html local-file-includes locations of files that are typically provided in LFI attack queries mongodb-nosql-injection nosqlinjection_wordlists mssql-injection-strings SQL injection attack strings specified to Microsoft SQL Server png-html-polyglot a PNG image file also containing HTML, CSS and JavaScript portswigger-attack-definitions PortSwigger attack definitions https://portswigger.net/kb/issues script-tag-encodings a list of various web encodings for the string <script> vulnerability-rating-taxonomy Bugcrowd Vulnerability Rating Taxonomy JSON via https://github.com/bugcrowd/vulnerability-rating-taxonomy wapples-vseries-rules WAPPLES V-Series virtual WAF rules https://www.pentasecurity.co.kr/wp-content/uploads/2018/01/WAPPLES-V-Series-whitepaper.pdf webapp-attack-strings Various HTTP GET query strings that represent attacks webapp-charset-attacks Character set strings to test a web server's content negotiation behavior.. webapp-code-execution HTTP GET queries that may result in remote code execution webapp-pentest-checklist Checklist for Web Application Penetration Testing https://hackercombat.com/web-application-penetration-testing-checklist webapp-sql-injection RDBMS query fragments for SQL injection testing webapp-xss-scripts JavaScript code fragments for testing Cross-Site Scripting whitehat-top40vulns-list WhiteHat Security Top 40 Vulnerabilities List via https://whitehatsec.com/faq/content/top-vulnerabilities-list wordpress-plugin-vulns list of WordPress plugins with versions that have publicly known vulnerabilities xml-vulns-attacks sample attack syntaxes that exploit common XML vulnerabilities xss-bypass-filter rvrsh3ll xss-payloads-misc miscellaneous XSS payloads from http://xssor.io/s/payload/xssmisc.txt xss-vectors-zephrfish XSS Vectors.txt from ZephrFish user on GitHub xxe-attack-payloads XML eXternal Entity attack payloads
