A list of useful payloads and bypass for Web Application Security and Pentest/CTF https://github.com/swisskyrepo/PayloadsAllTheThings
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
Go to file
Swissky 8c88590d7c
Merge pull request #621 from SSKale1/master
5 days ago
.github Shadow Credentials 6 months ago
API Key Leaks Api Key Leaks: Add Trivy to tools section 4 months ago
AWS Amazon Bucket S3 update URL 0dayallday is not working, same article found in blackmarble.sh 4 months ago
Account Takeover Formatting changes 1 month ago
Argument Injection Update README.md 4 months ago
CORS Misconfiguration SOCKS Compatibility Table + CORS 1 month ago
CRLF Injection Normalize Titles 4 months ago
CSRF Injection update 4 months ago
CSV Injection Normalize Titles 4 months ago
CVE Exploits Normalize Titles 4 months ago
Command Injection Update README.md 3 months ago
DNS Rebinding Add DNS rebinding 1 year ago
Dependency Confusion Windows Management Instrumentation Event Subscription 10 months ago
Directory Traversal Normalize Titles 4 months ago
File Inclusion XXS Public Example + PHP Filter RCE 3 months ago
GraphQL Injection Add GraphQL Threat Matrix 2 months ago
HTTP Parameter Pollution Add RubyOnRails HTTP Parameter Pollution 3 months ago
Insecure Deserialization fix rawsec url 4 weeks ago
Insecure Direct Object References ADFS Golden SAML 3 months ago
Insecure Management Interface Normalize Titles 4 months ago
Insecure Randomness Insecure Randomness 4 months ago
Insecure Source Code Management Normalize Titles 4 months ago
JSON Web Token add new resource to documentation - JSON web Token 3 months ago
Java RMI Update README.md 4 months ago
Kubernetes update link URL 3 months ago
LDAP Injection Normalize Titles 4 months ago
LaTeX Injection LaTeX Injection catcode 12 months ago
Methodology and Resources Add Training, AzureGoat 5 days ago
NoSQL Injection Normalize Titles 4 months ago
OAuth Misconfiguration Normalize Titles 4 months ago
Open Redirect typo 3 months ago
Race Condition fix: Fix spelling 6 months ago
Request Smuggling update old url's 3 months ago
SAML Injection Add ZAP Addon in Tools 9 months ago
SQL Injection Normalize Titles 4 months ago
Server Side Request Forgery SSRF + XSS details + XXE BOM 2 months ago
Server Side Template Injection SSTI: add some jinja2 examples 1 week ago
Tabnabbing Fix typos 2 years ago
Type Juggling Fixing TGS/ST 5 months ago
Upload Insecure Files ADFS Golden SAML 3 months ago
Web Cache Deception Normalize Titles 4 months ago
Web Sockets Normalize Titles 4 months ago
XPATH Injection Normalize Titles 4 months ago
XSLT Injection fix: Fix spelling 6 months ago
XSS Injection SSRF + XSS details + XXE BOM 2 months ago
XXE Injection add XXE in Java 3 weeks ago
_LEARNING_AND_SOCIALS .NET Deserialization 4 months ago
_template_vuln SAML exploitation + ASREP roasting + Kerbrute 4 years ago
.gitignore YAML Deserialization 5 months ago
CONTRIBUTING.md PR Guidelines + User Hunting + HopLa Configuration 7 months ago
LICENSE Create License 4 years ago
README.md Add Linux evasion to its own article 4 months ago

README.md

Payloads All The Things

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques !
I ❤️ pull requests :)

You can also contribute with a 🍻 IRL, or using the sponsor button

Sponsor Tweet

An alternative display version is available at PayloadsAllTheThingsWeb.

📖 Documentation

Every section contains the following files, you can use the _template_vuln folder to create a new chapter:

  • README.md - vulnerability description and how to exploit it, including several payloads
  • Intruder - a set of files to give to Burp Intruder
  • Images - pictures for the README.md
  • Files - some files referenced in the README.md

You might also like the Methodology and Resources folder :

You want more ? Check the Books and Youtube videos selections.

👨‍💻 Contributions

Be sure to read CONTRIBUTING.md

Thanks again for your contribution! ❤️

🧙‍♂️ Sponsors

This project is proudly sponsored by these companies.