Payloadsallthethings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Payloadsallthethings | 48,281 | 6 hours ago | 16 | mit | Python | |||||
| A list of useful payloads and bypass for Web Application Security and Pentest/CTF | ||||||||||
| Allaboutbugbounty | 4,085 | 11 days ago | ||||||||
| All about bug bounty (bypasses, payloads, and etc) | ||||||||||
| Exploits | 1,177 | 3 years ago | 7 | Python | ||||||
| Miscellaneous exploit code | ||||||||||
| Requests Ip Rotator | 867 |  | 1 | 7 months ago | 12 | March 08, 2022 | 4 | gpl-3.0 | Python | |
| A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing. | ||||||||||
| Aboutsecurity | 762 | 5 months ago | HTML | |||||||
| Everything for pentest. | 用于渗透测试的 payload 和 bypass 字典. | ||||||||||
| Uxss Db | 580 | 2 years ago | 4 | mit | HTML | |||||
| 🔪Browser logic vulnerabilities :skull_and_crossbones: | ||||||||||
| Csp Evaluator | 248 |  | 2 | 5 months ago | 10 | August 10, 2022 | 7 | apache-2.0 | TypeScript | |
| Myriam | 211 | 3 months ago | 4 | mit | ||||||
| A vulnerable iOS App with Security Challenges for the Security Researcher inside you. | ||||||||||
| Nathan | 205 | 7 years ago | 11 | mit | Python | |||||
| Android Emulator for mobile security testing | ||||||||||
| Forbidden | 191 | a month ago | 14 | November 24, 2022 | mit | Python | ||||
| Bypass 4xx HTTP response status codes and more. Based on PycURL. | ||||||||||
Alternatives To PayloadsallthethingsSelect To Compare
Alternative Project Comparisons
Readme
Payloads All The Things
A list of useful payloads and bypasses for Web Application Security.
Feel free to improve with your payloads and techniques !
I ❤️ pull requests :)
You can also contribute with a 🍻 IRL, or using the sponsor button
An alternative display version is available at PayloadsAllTheThingsWeb.
📖 Documentation
Every section contains the following files, you can use the _template_vuln folder to create a new chapter:
- README.md - vulnerability description and how to exploit it, including several payloads
- Intruder - a set of files to give to Burp Intruder
- Images - pictures for the README.md
- Files - some files referenced in the README.md
You might also like the Methodology and Resources folder :
-
Methodology and Resources
- Active Directory Attack.md
- Cloud - AWS Pentest.md
- Cloud - Azure Pentest.md
- Cobalt Strike - Cheatsheet.md
- Linux - Evasion.md
- Linux - Persistence.md
- Linux - Privilege Escalation.md
- Metasploit - Cheatsheet.md
- Methodology and enumeration.md
- Network Pivoting Techniques.md
- Network Discovery.md
- Reverse Shell Cheatsheet.md
- Subdomains Enumeration.md
- Windows - AMSI Bypass.md
- Windows - DPAPI.md
- Windows - Download and Execute.md
- Windows - Mimikatz.md
- Windows - Persistence.md
- Windows - Privilege Escalation.md
- Windows - Using credentials.md
You want more ? Check the Books and Youtube videos selections.
👨💻 Contributions
Be sure to read CONTRIBUTING.md
Thanks again for your contribution! ❤️
🧙♂️ Sponsors
This project is proudly sponsored by these companies.
Popular Security Projects
Popular Bypass Projects
Popular Security Categories
Related Searches
Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Python
Security
Vulnerabilities
Web Application
Penetration Testing
Capture The Flag
Bypass
Red Team
Application Security
Privilege Escalation