PayloadsAllTheThings (PATT) integration and 50+ added payload files across 35+ attack categories#13
Open
Stickman230 wants to merge 22 commits intotransilienceai:mainfrom
Open
PayloadsAllTheThings (PATT) integration and 50+ added payload files across 35+ attack categories#13Stickman230 wants to merge 22 commits intotransilienceai:mainfrom
Stickman230 wants to merge 22 commits intotransilienceai:mainfrom
Conversation
…, path traversal, LFI, LDAP, NoSQL)
…cracking, pivoting, persistence, evasion, mass assignment, open redirect, OAuth)
Chunk 4 enrichments: - sql-injection.md: add second-order SQLi + MSSQL xp_cmdshell section - ssti-cheat-sheet.md: add sandbox escape via Python class hierarchy + filter bypass Chunk 5 P1 stubs (priority: high): - nosql-injection/payloads/redis.md - nosql-injection/payloads/cassandra.md - cors/payloads/misconfigs.md - race-conditions/payloads/techniques.md - prototype-pollution/payloads/basic.md - saml-injection/payloads/basic.md - deserialization/payloads/java.md - deserialization/payloads/php.md - type-juggling/payloads/basic.md Chunk 5 P2 stubs (priority: medium): - aws/payloads/techniques.md - azure/payloads/techniques.md - dns/payloads/techniques.md - hash-cracking/payloads/rules.md - graphql/payloads/injection.md SKILL.md: append Payload Reference section Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Redis: SSRF/Gopher RCE, CONFIG SET webshell/crontab/SSH, slave replication RCE (4.x/5.x), CRLF injection, Lua eval, auth brute force. Gopherus tool noted. Cassandra: CQL injection patterns, UDF Java RCE (pre-3.0), keyspace enum via system_schema, default creds (cassandra/cassandra), PHAR-style analysis. Note: PATT NoSQL README is MongoDB-only; content curated from security research. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signature stripping, XML comment injection (NameID fragmentation), XXE inside SAML response, XSLT RCE via Transform, XSW1/3/7 patterns, SSRF via XSLT unparsed-text(), bypass table for null bytes/case/whitespace/base64 NameID. Tools: SAMLRaider, XSW plugin, ZAP SAML Support. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Origin reflection exploit (XHR + fetch), null origin via data: iframe, regex bypass patterns (prefix/suffix/dot injection), detection header checklist, multi-origin test list, POST with CORS, internal pivot via wildcard. Tools: Corsy, CORScanner, CorsOne, of-cors. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
HTTP/2 single-packet attack (Burp parallel group), Turbo Intruder basic + multi-endpoint templates, HTTP/1.1 last-byte sync, limit-overrun target checklist (gift cards, votes, 2FA, TOCTOU), rate-limit bypass patterns. Tools: Turbo Intruder, Raceocat, h2spacex. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Java: detection magic bytes (AC ED/rO0), ysoserial gadget chains (CC1/CC6/ Groovy1/URLDNS), Jackson CVEs (2017-7525, 2017-17485, 2019-12384, 2020-36180), SnakeYAML RCE, JSF ViewState secrets + tools. PHP: unserialize() magic methods (__wakeup/__destruct/__toString), type juggling auth bypass, phpggc gadget chains (Laravel/Symfony/Monolog), PHAR deserialization via file functions, JPEG magic bytes bypass. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
PHP loose == bypass table, boolean serialized auth bypass, magic hash collisions (MD5/SHA1 with 0e prefix), HMAC bypass via brute-force, switch/case juggling, array comparison bypass ([] == false), strcmp([], x) null return. Mitigation: === strict comparison, PHP 8 saner string comparisons. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…heets nosql-injection-cheat-sheet.md: - Redis injection via SSRF/Gopher (RCE goals table, Gopherus reference) - CRLF injection into Redis stream - Cassandra CQL injection, UDF Java RCE, default creds, keyspace enum insecure-deserialization-cheat-sheet.md: - Jackson CVE payloads (2017-7525, 2017-17485, 2019-12384, 2020-36180) - SnakeYAML RCE payload - JSF ViewState hardcoded secrets table + decode commands - PHAR deserialization via file functions + JPEG magic byte bypass - Reference-based R: collision technique race-conditions-cheat-sheet.md: - h2spacex (Scapy HTTP/2 single-packet library) - Raceocat tool with CLI examples - State machine disruption: partial object construction + null token race cors-cheat-sheet.md: - CorsOne fast discovery tool - of-cors for internal network wildcard exploitation - Preflight cache poisoning technique (missing Vary: Origin) All additions tagged <!-- PATT enrichment 2026-03-14 --> Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…hment payloads/basic.md: CSPP URL payloads, SSPP JSON vectors, Express.js gadgets, EJS escapeFunction RCE, NODE_OPTIONS RCE, auth bypass via config pollution, bypass table, tools list (pp-finder, PPScan, silent-spring). prototype-pollution-cheat-sheet.md (PATT enrichment 2026-03-14): - Added pp-finder, silent-spring, BlackFan collection, yuske SSPP gadget DB - EJS escapeFunction RCE gadget - Node.js NODE_OPTIONS env injection RCE - Kibana CVE-2019-7609 canonical reference Completes all P1 stubs: NoSQL Redis/Cassandra, SAML, CORS, Race Conditions, Deserialization Java/PHP, Type Juggling, Prototype Pollution (9 total). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…njection payloads Curated PATT content for all 5 P2 payload stubs: - AWS techniques: IMDS v1/v2 SSRF, S3 enumeration, IAM privesc paths, Pacu, credential abuse - Azure techniques: IMDS token theft, ARM API abuse, Key Vault extraction, MicroBurst, elevateAccess - DNS techniques: zone transfer (AXFR), rebinding setup via Singularity, subdomain takeover, DNS tunneling, SSRF bypass - Hash cracking rules: rule file reference (best64/OneRule/d3ad0ne/dive), wordlist sources (CrackStation/SecLists), mask/hybrid attacks, CUPP/CeWL, hashcat optimisation - GraphQL injection: introspection, batching brute-force, alias bypass, IDOR, SSRF, NoSQL/SQLi, DoS nesting, Clairvoyance for disabled introspection Also restored 9 accidentally-deleted working-tree files (file-inclusion, nosql-redis, file-upload, reverse-shells, race-conditions-labs) from HEAD — content unchanged. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Removed low-value content across all 5 files (~60 lines cut): - AWS: deduplicated get-caller-identity, removed redundant IMDS endpoint list - Azure: collapsed ARM API curl block to 3 lines, ROADtools to 2 lines - DNS: removed Cache Poisoning (resolver-level, not app pentest) and DNS Tunnel (post-exploitation) sections - Hash Cracking: replaced RainbowCrack build commands with online lookup URLs, removed PACK/statsgen niche workflow - GraphQL: trimmed IDOR to 2 examples, DoS to single payload All sections retain maximum signal for developer self-testing use case. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…der content - tunneling.md: remove Meterpreter pivoting section (MSF post-exploitation, not relevant for developer self-test) - evasion/windows.md: remove incomplete ETW bypass section (placeholder '...' literal, non-functional code) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add curated PATT payload files to What's Inside and feature list - Update repo structure to show attacks/<category>/payloads/ layout - Add patt-fetcher agent to orchestration agents - Add payload files row to project stats table (50+ files, P0/P1/P2) - Mark AWS/Azure cloud payload coverage as complete in roadmap Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add .claude-plugin/plugin.json and marketplace.json at repo root - Create plugins/ directory with 5 independent plugins: - pentest: core pentest framework (3 agents, 6 skills) - hackerone: bug bounty integration (1 agent, 1 skill) - ai-threat-testing: OWASP LLM Top 10 (10 agents, 1 skill) - techstack-identification: recon suite (5 agents, 26 skills, hooks) - skiller: skill creation meta-tool (1 agent, 1 skill) - Each plugin has its own .claude-plugin/plugin.json - Flatten all content from .claude/ and projects/ into plugin roots - Remove legacy .claude/agents/, .claude/skills/, projects/pentest/.claude/ Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Move hook scripts from hooks/skills/ to hooks/scripts/ - Add hooks.json mapping lifecycle events to scripts: - PreToolUse (Bash|WebSearch|WebFetch): network check + rate limit check - PostToolUse (*): execution logging and evidence capture Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Replace .claude/ path references with plugins/ structure - Document all 5 plugins: pentest, hackerone, ai-threat-testing, techstack-identification, skiller - Add plugin install commands as primary installation method - Update architecture diagram and repository structure section - Add techstack hooks documentation - Update stats table with accurate counts - Add OWASP LLM Top 10 coverage to feature list Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ace-structure Feature/claude plugin marketplace structure
- Add negation rules to allow .claude-plugin/plugin.json and marketplace.json through the blanket *.json gitignore - Force-add all 7 plugin manifest files now visible to git Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Integrated & addapted payloads from https://github.com/swisskyrepo/PayloadsAllTheThings
Interates directly into the attacks/ tree, filling coverage gaps for categories that previously had no copy-paste payloads.
What's added:
Ranking
Design decisions:
This pull requests contributes directly to theses points in the community guidelines