Home

Awesome

<h1 align="center"> <br> <a href=""><img src="https://raw.githubusercontent.com/OWASP/www-project-top-25-parameters/main/assets/images/top25-parameter-logo.png" alt=""></a> </h1> <h4 align="center">For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon</h4> <p align="center"> <a href=""><img src="https://img.shields.io/github/v/release/lutfumertceylan/top25-parameter?style=flat"></a> <a href=""><img src="https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat"></a> <a href="https://twitter.com/intent/follow?screen_name=lutfumertceylan"><img src="https://img.shields.io/twitter/follow/lutfumertceylan?style=flat&logo=twitter"></a> <a href="https://github.com/lutfumertceylan"><img src="https://img.shields.io/github/stars/lutfumertceylan?style=flat&logo=github"></a> </p>

What is the OWASP Top 25 Parameters 🧙⚔️

<p> For basic researches, top 25 vulnerable parameters based on frequency of use with reference to various articles. These parameters can be used for automation tools or manual recon. Although the prevalence percentages of these parameters cannot be proven precisely.

<i>Data sources include numerous articles, blogs, and other resources obtained via OSINT and other open-source projects including work similar to that of Jason Haddix and HUNT.</i>

This repo contains common parameters of the following vulnerabilities:

- Cross-Site Scripting (XSS)
- Server-Side Request Forgery (SSRF)
- Local File Inclusion (LFI)
- SQL Injection (SQLi)
- Remote Code Execution (RCE) - [for GET and POST methods]
- Open Redirect
</p>

ToC


Top 25 Cross-Site Scripting (XSS) Parameters

<img src="https://raw.githubusercontent.com/OWASP/www-project-top-25-parameters/main/assets/images/xss-owasp_top25pic.png">

Top 25 Server-Side Request Forgery (SSRF) Parameters

<img src="https://raw.githubusercontent.com/OWASP/www-project-top-25-parameters/main/assets/images/ssrf-owasp_top25pic.png">

Top 25 Local File Inclusion (LFI) Parameters

<img src="https://raw.githubusercontent.com/OWASP/www-project-top-25-parameters/main/assets/images/lfi-owasp_top25pic.png">

Top 25 SQL Injection Parameters

<img src="https://raw.githubusercontent.com/OWASP/www-project-top-25-parameters/main/assets/images/sql-owasp_top25pic.png">

Top 25 Remote Code Execution (RCE) Parameters [GET based]

<img src="https://raw.githubusercontent.com/OWASP/www-project-top-25-parameters/main/assets/images/rce-owasp_top25pic.png">

Top 25 Open Redirect Parameters [GET based]

<img src="https://raw.githubusercontent.com/OWASP/www-project-top-25-parameters/main/assets/images/openredirect-owasp_top25pic.png">

How can I contact you?

To report issues or make suggestions for the Top-25 Parameters, please use GitHub Issues.

For everything else, we're easy to answer your e-mail :

  1. Send an e-mail to lutfu.mertceylan[at]owasp.org
  2. Send an e-mail to info[at]lutfumertceylan.com.tr

You can @ us on Twitter @lutfumertceylan.