Skip to content

Payload Environment Variables

For accessing these resources in a quick manner, several environment variables have been defined:

Shell Icon | Environment Variable | Value | | -------------------- | ----- | | $FUZZDB | /usr/share/fuzzdb | | $PAYLOADSALLTHETHINGS | /usr/share/payloadsallthethings | | $SECLISTS | /usr/share/seclists | | $MIMIKATZ | /usr/share/windows/mimikatz | | $POWERSPLOIT | /usr/share/windows/powersploit | | $ROCKYOU | /usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt | | $DIRBIG | /usr/share/seclists/Discovery/Web-Content/DirBuster-2007_directory-list-2.3-big.txt | | $DIRMEDIUM | /usr/share/seclists/Discovery/Web-Content/DirBuster-2007_directory-list-2.3-medium.txt | | $DIRSMALL | /usr/share/seclists/Discovery/Web-Content/DirBuster-2007_directory-list-2.3-small.txt | | $WEBAPI_COMMON | /usr/share/seclists/Discovery/Web-Content/api/api-endpoints.txt | | $WEBAPI_MAZEN | /usr/share/seclists/Discovery/Web-Content/common-api-endpoints-mazen160.txt | | $WEBCOMMON | /usr/share/seclists/Discovery/Web-Content/common.txt | | $WEBPARAM | /usr/share/seclists/Discovery/Web-Content/burp-parameter-names.txt |

In this manner, you can retrieve the needed payloads with less effort, for example:

Terminal window
ffuf -u <target_url> -w $DIRSMALL

or

Terminal window
john file.hash --wordlist=$ROCKYOU