# Web Pentesting

- [File Upload](/wiki.hackerlab.cz/web-pentesting/file-upload.md): Working on it ...
- [JavaScript .maps](/wiki.hackerlab.cz/web-pentesting/javascript-.maps.md)
- [SSRF](/wiki.hackerlab.cz/web-pentesting/ssrf.md): Server Side Request Forgery (SSRF)
- [LDAP Injection](/wiki.hackerlab.cz/web-pentesting/ldap-injection.md): LDAP injection payloads for testing
- [Django ORM Exploitation](/wiki.hackerlab.cz/web-pentesting/django-orm-exploitation.md)
- [HTTP Request Smuggling](/wiki.hackerlab.cz/web-pentesting/http-request-smuggling.md): Bypass, XSS and more
- [Server Side Template Injection (SSTI)](/wiki.hackerlab.cz/web-pentesting/server-side-template-injection-ssti.md)
- [Insecure Deserialization](/wiki.hackerlab.cz/web-pentesting/insecure-deserialization.md): Manual and gadget chain manipulation
- [Brute force](/wiki.hackerlab.cz/web-pentesting/brute-force.md)
- [Shell Fu - Oneliners](/wiki.hackerlab.cz/web-pentesting/shell-fu-oneliners.md): Simple linux commands to make the work done faster
- [CORS](/wiki.hackerlab.cz/web-pentesting/cors.md): Cross-Origin Resource Sharing (CORS) pentest notes
- [Special Chars & NULL Bytes](/wiki.hackerlab.cz/web-pentesting/special-chars-and-null-bytes.md): Control/special characterswith null bytes - payloads for your pentest
- [XSS](/wiki.hackerlab.cz/web-pentesting/xss.md): Cross-Site Scripting (XSS) payloads
- [XXE](/wiki.hackerlab.cz/web-pentesting/xxe.md): XML External Entity attacks
- [Nuclei](/wiki.hackerlab.cz/web-pentesting/nuclei.md): Nuclei automates the detection of vulnerabilities in IT systems (web apps, cloud infrastructure, networks, etc.).
- [SQL Injection](/wiki.hackerlab.cz/web-pentesting/sql-injection.md): SQL payloads for your pentest
- [Blind SQL Injection](/wiki.hackerlab.cz/web-pentesting/blind-sql-injection.md): Observe differences within HTTP response in terms of headers, content or bytes
- [SQLmap](/wiki.hackerlab.cz/web-pentesting/sqlmap.md): Automate SQL Injections
- [NoSQL Injection](/wiki.hackerlab.cz/web-pentesting/nosql-injection.md): NoSQL injection payloads for your pentest
- [CRLF Injection](/wiki.hackerlab.cz/web-pentesting/crlf-injection.md): A Carriage Return Line Feed (CRLF) payloads for your pentest
- [Input Validation - Fuzz1](/wiki.hackerlab.cz/web-pentesting/input-validation-fuzz1.md): Quick testing payloads for input validation and data processing
- [HTTP Headers - X-Forwarded](/wiki.hackerlab.cz/web-pentesting/http-headers-x-forwarded.md): HTTP headers to bypass load balancers/WAFs/Applogic
- [Log4j](/wiki.hackerlab.cz/web-pentesting/log4j.md): Java payloads for log4j vulnerability testing
- [Enumeration with Wordlists](/wiki.hackerlab.cz/web-pentesting/enumeration-with-wordlists.md): Wordlists for assets, usernames and passwords for your pentest
- [Bug Bounty - Web Recon](/wiki.hackerlab.cz/web-pentesting/recon-web.md): Web recon playbook for single asset
- [HTTP Proxy Override](/wiki.hackerlab.cz/web-pentesting/http-proxy-override.md): Set up a HTTP proxy forwarding for your app. Usually with combination of Burp Suite web proxy.
- [CSV Injection](/wiki.hackerlab.cz/web-pentesting/csv-injection.md)
- [Windows Forbidden File Names](/wiki.hackerlab.cz/web-pentesting/windows-forbidden-file-names.md)
- [Path Traversal](/wiki.hackerlab.cz/web-pentesting/directory-traversal.md): Path traversal attacks
- [OS Command Injection](/wiki.hackerlab.cz/web-pentesting/os-command-injection.md): cheat sheet
- [Open Redirect](/wiki.hackerlab.cz/web-pentesting/open-redirect.md): cheat sheet
- [JWT Tool](/wiki.hackerlab.cz/web-pentesting/jwt-tool.md): JWT tool kit, JWT token
- [Burp Extensions - TokenJAR & ATOR](/wiki.hackerlab.cz/web-pentesting/burp-extensions-tokenjar-and-ator.md): Burp extensions that help you deal with JWT access tokens.
- [Upload RCE](/wiki.hackerlab.cz/web-pentesting/upload-rce.md)
- [GUID and UUIDs](/wiki.hackerlab.cz/web-pentesting/guid-and-uuids.md)