Update _template_vuln page

swisskyrepo · swisskyrepo · commit dc349c10c393 · 2024-11-13T13:39:19.000+01:00
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -1,23 +1,30 @@
 # CONTRIBUTING
 
-PayloadsAllTheThings' Team :heart: pull requests :)
+PayloadsAllTheThings' Team :heart: pull requests.
+
 Feel free to improve with your payloads and techniques !
 
-You can also contribute with a :beers: IRL, or using the sponsor button.
+You can also contribute with a :beers: IRL, or using the [sponsor](https://github.com/sponsors/swisskyrepo) button.
 
 ## Pull Requests Guidelines
 
 In order to provide the safest payloads for the community, the following rules must be followed for **every** Pull Request.
 
 - Payloads must be sanitized
-  - Use `id`, and `whoami`, for RCE Proof of Concepts
-  - Use `[REDACTED]` when the user has to replace a domain for a callback. E.g: XSSHunter, BurpCollaborator etc.
-  - Use `10.10.10.10` and `10.10.10.11` when the payload require IP addresses
-  - Use `Administrator` for privileged users and `User` for normal account
-  - Use `P@ssw0rd`, `Password123`, `password` as default passwords for your examples
-  - Prefer commonly used name for machines such as `DC01`, `EXCHANGE01`, `WORKSTATION01`, etc
+    - Use `id`, and `whoami`, for RCE Proof of Concepts
+    - Use `[REDACTED]` when the user has to replace a domain for a callback. E.g: XSSHunter, BurpCollaborator etc.
+    - Use `10.10.10.10` and `10.10.10.11` when the payload require IP addresses
+    - Use `Administrator` for privileged users and `User` for normal account
+    - Use `P@ssw0rd`, `Password123`, `password` as default passwords for your examples
+    - Prefer commonly used name for machines such as `DC01`, `EXCHANGE01`, `WORKSTATION01`, etc
 - References must have an `author`, a `title` and a `link`. The `date` is not mandatory but appreciated :)
 
+Every pull request will be checked with `markdownlint` to ensure consistent writing and Markdown best practices. You can validate your files locally using the following Docker command:
+
+```ps1
+docker run -v $PWD:/workdir davidanson/markdownlint-cli2:v0.15.0 "**/*.md" --config .github/.markdownlint.json --fix
+```
+
 ## Techniques Folder
 
 Every section should contains the following files, you can use the `_template_vuln` folder to create a new technique folder:
@@ -29,35 +36,4 @@ Every section should contains the following files, you can use the `_template_vu
 
 ## README.md format
 
-Use the following example to create a new technique `README.md` file.
-
-```markdown
-# Vulnerability Title
-
-> Vulnerability description
-
-## Summary
-
-* [Tools](#tools)
-* [Something](#something)
-  * [Subentry 1](#sub1)
-  * [Subentry 2](#sub2)
-* [References](#references)
-
-## Tools
-
-- [Tool 1](https://example.com)
-- [Tool 2](https://example.com)
-
-## Something
-
-Quick explanation
-
-### Subentry 1
-
-Something about the subentry 1
-
-## References
-
-- [Blog title - Author, Date](https://example.com)
-```
+Use the example folder [_template_vuln/](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/_template_vuln/). The main page is [README.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/_template_vuln/README.md).
diff --git a/_LEARNING_AND_SOCIALS/BOOKS.md b/_LEARNING_AND_SOCIALS/BOOKS.md
@@ -50,4 +50,4 @@
 - [The Web Application Hackers Handbook by D. Stuttard, M. Pinto (2011)](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html)
 - [Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers by T.J. O'Connor (2012)](https://www.goodreads.com/book/show/16192263-violent-python)
 - [Web Hacking 101](https://leanpub.com/web-hacking-101)
-- [Windows Security Internals with PowerShell by James Forshaw (2024)](https://nostarch.com/windows-security-internals-powershell)
+- [Windows Security Internals with PowerShell by James Forshaw (2024)](https://nostarch.com/windows-security-internals-powershell)
diff --git a/_LEARNING_AND_SOCIALS/TWITTER.md b/_LEARNING_AND_SOCIALS/TWITTER.md
@@ -1,33 +1,32 @@
-# Twitter 
+# Twitter
 
-Twitter is very common in the InfoSec area. Many advices and tips on bug hunting or CTF games are posted every day. It is worth following the feeds of some successful security researchers and hackers. 
+Twitter is very common in the InfoSec area. Many advices and tips on bug hunting or CTF games are posted every day. It is worth following the feeds of some successful security researchers and hackers.
 
+## Accounts
 
-### Accounts
-
-- [@Stök - Bug bounty hunter, cybersecurity educational content creator](https://twitter.com/stokfredrik)
-- [@NahamSec - Hacker & content creator & co-founder bugbountyforum and http://recon.dev](https://twitter.com/NahamSec)
+- [@0xReconless - Security research, blogs, and videos by filedescriptor, ngalongc & EdOverflow](https://twitter.com/0xReconless)
+- [@bugcrowd - Another american bug bounty platform](https://twitter.com/Bugcrowd)
+- [@codingo_ - Global Head of Security Ops and Researcher Enablement bugcrowd, Maintainer of some great pentesting tools like NoSQLMap or VHostScan](https://twitter.com/codingo_)
+- [@d0nutptr - part-time bug hunter, Lead Security Engineer at graplsec](https://twitter.com/d0nutptr)
 - [@dawgyg - Bug bounty hunter, reformed blackhat, Synack red team member](https://twitter.com/thedawgyg)
-- [@putsi - Bug bounty hunter and white hat hacker in Team ROT](https://twitter.com/putsi)
-- [@thecybermentor - Offers cybersecurity and hacking courses](https://twitter.com/thecybermentor)
-- [@InsiderPhD - PhD student, occasional bug bounty hunter & educational cyber security youtuber](https://twitter.com/InsiderPhD)
-- [@LiveOverflow - Content creator and hacker producing videos on various IT security topics and participating in hacking contests](https://twitter.com/LiveOverflow)
 - [@EdOverflow - Web developer, security researcher and triager for numerous vulnerability disclosure programs](https://twitter.com/edoverflow)
-- [@r0bre - Bug Hunter for web- and systemsecurity, iOS Security researcher](https://twitter.com/r0bre)
-- [@intigriti - European ethical hacking & bug bounty platform](https://twitter.com/intigriti)
+- [@filedescriptor - security researcher, bug hunter and content creator at 0xReconless](https://twitter.com/filedescriptor)
+- [@GentilKiwi - Author of Mimikatz & Kekeo](https://twitter.com/gentilkiwi)
 - [@Hacker0x01 - American bug bounty platform](https://twitter.com/Hacker0x01)
-- [@bugcrowd - Another american bug bounty platform](https://twitter.com/Bugcrowd)
 - [@hakluke - Bug bounty hunter, content creator, creator of some great pentesting tools like hakrawler](https://twitter.com/hakluke)
-- [@spaceraccoon - Security researcher and white hat hacker. Has worked on several bug bounty programs](https://twitter.com/spaceraccoonsec)
-- [@samwcyo - Full time bug bounty hunter](https://twitter.com/samwcyo)
-- [@Th3G3nt3lman - Security Research & Bug bounty hunter](https://twitter.com/Th3G3nt3lman)
-- [@securinti - Dutch bug bounty hunter & head of hackers and bord member @ intigriti](https://twitter.com/securinti)
+- [@InsiderPhD - PhD student, occasional bug bounty hunter & educational cyber security youtuber](https://twitter.com/InsiderPhD)
+- [@intigriti - European ethical hacking & bug bounty platform](https://twitter.com/intigriti)
 - [@jobertabma - Co-founder of HackerOne, security researcher](https://twitter.com/jobertabma)
-- [@codingo_ - Global Head of Security Ops and Researcher Enablement bugcrowd, Maintainer of some great pentesting tools like NoSQLMap or VHostScan](https://twitter.com/codingo_)
-- [@TomNomNom - security researcher, maintainer of many very useful pentesting tools](https://twitter.com/TomNomNom)
+- [@LiveOverflow - Content creator and hacker producing videos on various IT security topics and participating in hacking contests](https://twitter.com/LiveOverflow)
+- [@NahamSec - Hacker & content creator & co-founder bugbountyforum and http://recon.dev](https://twitter.com/NahamSec)
 - [@orange_8361 - bug bounty hunter and security researcher, specialized on RCE bugs](https://twitter.com/orange_8361)
-- [@d0nutptr - part-time bug hunter, Lead Security Engineer at graplsec](https://twitter.com/d0nutptr)
-- [@filedescriptor - security researcher, bug hunter and content creator at 0xReconless](https://twitter.com/filedescriptor)
-- [@0xReconless - Security research, blogs, and videos by filedescriptor, ngalongc & EdOverflow](https://twitter.com/0xReconless)
 - [@pentest_swissky - Author of PayloadsAllTheThings & SSRFmap](https://twitter.com/pentest_swissky)
-- [@GentilKiwi - Author of Mimikatz & Kekeo](https://twitter.com/gentilkiwi)
+- [@putsi - Bug bounty hunter and white hat hacker in Team ROT](https://twitter.com/putsi)
+- [@r0bre - Bug Hunter for web- and systemsecurity, iOS Security researcher](https://twitter.com/r0bre)
+- [@samwcyo - Full time bug bounty hunter](https://twitter.com/samwcyo)
+- [@securinti - Dutch bug bounty hunter & head of hackers and bord member @ intigriti](https://twitter.com/securinti)
+- [@spaceraccoon - Security researcher and white hat hacker. Has worked on several bug bounty programs](https://twitter.com/spaceraccoonsec)
+- [@Stök - Bug bounty hunter, cybersecurity educational content creator](https://twitter.com/stokfredrik)
+- [@Th3G3nt3lman - Security Research & Bug bounty hunter](https://twitter.com/Th3G3nt3lman)
+- [@thecybermentor - Offers cybersecurity and hacking courses](https://twitter.com/thecybermentor)
+- [@TomNomNom - security researcher, maintainer of many very useful pentesting tools](https://twitter.com/TomNomNom)
diff --git a/_LEARNING_AND_SOCIALS/YOUTUBE.md b/_LEARNING_AND_SOCIALS/YOUTUBE.md
@@ -27,7 +27,6 @@
     - [EP004: Bug Hunters | HACKING GOOGLE](https://youtu.be/IoXiXlCNoXg)
     - [EP005: Project Zero | HACKING GOOGLE](https://youtu.be/My_13FXODdU)
 
-
 ## Conferences
 
 - [Hunting for Top Bounties - Nicolas Grégoire](https://www.youtube.com/watch?v=mQjTgDuLsp4)
@@ -37,4 +36,4 @@
 - [Defcon Conference](https://www.youtube.com/user/DEFCONConference/videos)
 - [x33fcon Conference](https://www.youtube.com/c/x33fcon)
 - [Hack In Paris](https://www.youtube.com/user/hackinparis)
-- [LeHack / HZV](https://www.youtube.com/user/hzvprod)
+- [LeHack / HZV](https://www.youtube.com/user/hzvprod)
diff --git a/_template_vuln/README.md b/_template_vuln/README.md
@@ -11,12 +11,10 @@
 * [Labs](#labs)
 * [References](#references)
 
-
 ## Tools
 
-- [username/tool1](https://github.com/username/tool1) - Description of the tool
-- [username/tool2](https://github.com/username/tool2) - Description of the tool
-
+* [username/tool1](https://github.com/username/tool1) - Description of the tool
+* [username/tool2](https://github.com/username/tool2) - Description of the tool
 
 ## Methodology
 
@@ -28,18 +26,14 @@ Exploit
 
 ### Subentry 1
 
-
 ### Subentry 2
 
-
 ## Labs
 
-- [Company - Lab 1](#link-to-the-lab)
-- [Company - Lab 2](#link-to-the-lab)
-- [Company - Challenge 1](#link-to-the-challenge)
-- [Company - Challenge 2](#link-to-the-challenge)
-
+* [Root Me - Lab 1](https://root-me.org)
+* [PortSwigger - Lab 2](https://portswigger.net)
+* [HackTheBox - Lab 3](https://www.hackthebox.com)
 
 ## References
 
-- [Blog title - Author (@handle) - Month XX, 202X](https://example.com)
+* [Blog title - Author (@handle) - Month XX, 202X](https://example.com)
