Payload Environment Variables
For accessing these resources in a quick manner, several environment variables have been defined:
| Environment Variable | Value |
|---|---|
| $PAYLOADS | /usr/share/payloads |
| $AUTOWORDLISTS | /usr/share/payloads/Auto_Wordlists |
| $FUZZDB | /usr/share/payloads/FuzzDB |
| $PAYLOADSALLTHETHINGS | /usr/share/payloads/PayloadsAllTheThings |
| $SECLISTS | /usr/share/payloads/SecLists |
| $SECURITYWORDLIST | /usr/share/payloads/Security-Wordlist |
| $MIMIKATZ | /usr/share/windows/mimikatz |
| $POWERSPLOIT | /usr/share/windows/powersploit |
| $ROCKYOU | /usr/share/payloads/SecLists/Passwords/Leaked-Databases/rockyou.txt |
| $DIRBIG | /usr/share/payloads/SecLists/Discovery/Web-Content/directory-list-2.3-big.txt |
| $DIRMEDIUM | /usr/share/payloads/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt |
| $DIRSMALL | /usr/share/payloads/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt |
| $WEBAPI_COMMON | /usr/share/payloads/SecLists/Discovery/Web-Content/api/api-endpoints.txt |
| $WEBAPI_MAZEN | /usr/share/payloads/SecLists/Discovery/Web-Content/common-api-endpoints-mazen160.txt |
| $WEBCOMMON | /usr/share/payloads/SecLists/Discovery/Web-Content/common.txt |
| $WEBPARAM | /usr/share/payloads/SecLists/Discovery/Web-Content/burp-parameter-names.txt |
In this manner, you can retrieve the needed payloads with less effort, for example:
ffuf -u <target_url> -w $DIRSMALLor
john file.hash --wordlist=$ROCKYOU