Pentest pages
Binaries
(optional, may give 404 errors not be installed):
Microsoft SysInternals
Images (malicious and harmless)
QR code generators:
normal
(
download
)
minimal
(
download
)
Reverse shell generator
(by 0dayCTF)
Self-decompressing page creator
(useful for smuggling malicious files through web proxy filters)
Test URL for embedding as iframe (clickjacking)
CyberChef by
GCHQ
(optional, may give 404 errors not be installed)
Incrementing counter based on local storage (to see whether it is isolated in different tabs, windows, when embedding the site, etc)
Create a HTML page with callbacks to your server
(based on https://github.com/cure53/HTTPLeaks)
TOOD: JS file for include as XSS PoC
TODO: Page with iframe file:// common paths as download
TODO: Compile and include https://github.com/six-two/react-file2qr
TODO: phishing login formular?
Have you looked at this page with Burpsuite / ZAProxy?