CONTRIBUTING
PayloadsAllTheThings' Team pull requests :) Feel free to improve with your payloads and techniques !
You can also contribute with a IRL, or using the sponsor button.
Pull Requests Guidelines
In order to provide the safest payloads for the community, the following rules must be followed for every Pull Request.
- Payloads must be sanitized
- Use
id
, andwhoami
, for RCE Proof of Concepts - Use
[REDACTED]
when the user has to replace a domain for a callback. E.g: XSSHunter, BurpCollaborator etc. - Use
10.10.10.10
and10.10.10.11
when the payload require IP addresses - Use
Administrator
for privileged users andUser
for normal account - Use
P@ssw0rd
,Password123
,password
as default passwords for your examples - Prefer commonly used name for machines such as
DC01
,EXCHANGE01
,WORKSTATION01
, etc - References must have an
author
, atitle
and alink
. Thedate
is not mandatory but appreciated :)
Techniques Folder
Every section should contains the following files, you can use the _template_vuln
folder to create a new technique folder:
- README.md - vulnerability description and how to exploit it, including several payloads, more below
- Intruder - a set of files to give to Burp Intruder
- Images - pictures for the README.md
- Files - some files referenced in the README.md
README.md format
Use the following example to create a new technique README.md
file.
# Vulnerability Title
> Vulnerability description
## Summary
* [Tools](#tools)
* [Something](#something)
* [Subentry 1](#sub1)
* [Subentry 2](#sub2)
* [References](#references)
## Tools
- [Tool 1](https://example.com)
- [Tool 2](https://example.com)
## Something
Quick explanation
### Subentry 1
Something about the subentry 1
## References
- [Blog title - Author, Date](https://example.com)