A list of useful payloads and bypass for Web Application Security and Pentest/CTF
-
Updated
Dec 4, 2024 - Python
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
All about bug bounty (bypasses, payloads, and etc)
The all-in-one browser extension for offensive security professionals 🛠
🎯 SQL Injection Payload List
The Official USB Rubber Ducky Payload Repository
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Git All the Payloads! A collection of web attack payloads.
Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
A container repository for my public web hacks!
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
Undetectable Windows Payload Generation
BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). 支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件
Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
Image Payload Creating/Injecting tools
🎯 XML External Entity (XXE) Injection Payload List
Add a description, image, and links to the payloads topic page so that developers can more easily learn about it.
To associate your repository with the payloads topic, visit your repo's landing page and select "manage topics."