Resources for attacking web applications.
- For vulnerability discovery, see web enumeration.
- For web app testing, see OWASP ASVS & WSTG.
Common server-side attacks:
- directory traversal
- local file inclusion (LFI)
- remote file inclusion (RFI)
- brute-force
- SQL injection
- Public exploits
searchsploit/ ExploitDB (e.g. search with server, CMS, OS, plugin version, etc)
Client-side attacks: