A list of useful payloads and bypass for Web Application Security and Pentest/CTF https://github.com/swisskyrepo/PayloadsAllTheThings
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
Go to file
Swissky b8c803717a WDAC Policy Removal + SSRF domains 2 days ago
.github Web Theme + Credential Guard + PPL 3 months ago
API Key Leaks DPAPI LocalMachine + BitLocker 4 weeks ago
AWS Amazon Bucket S3 update URL 0dayallday is not working, same article found in blackmarble.sh 8 months ago
Account Takeover Formatting changes 5 months ago
Argument Injection Update README.md 8 months ago
CORS Misconfiguration SOCKS Compatibility Table + CORS 5 months ago
CRLF Injection Normalize Titles 8 months ago
CSRF Injection update 8 months ago
CSV Injection Normalize Titles 8 months ago
CVE Exploits Normalize Titles 8 months ago
Command Injection Update README.md 7 months ago
DNS Rebinding Add DNS rebinding 2 years ago
Dependency Confusion Windows Management Instrumentation Event Subscription 1 year ago
Directory Traversal Normalize Titles 8 months ago
File Inclusion Fix path with sessionS with an S for php 2 months ago
GraphQL Injection GraphQL Batching Attacks 2 weeks ago
HTTP Parameter Pollution Fixed Golang net/http param pollution outcome 2 months ago
Insecure Deserialization fix rawsec url 5 months ago
Insecure Direct Object References ADFS Golden SAML 7 months ago
Insecure Management Interface Normalize Titles 8 months ago
Insecure Randomness Insecure Randomness 8 months ago
Insecure Source Code Management Normalize Titles 8 months ago
JSON Web Token JWT jku and jwks - manual exploitation 3 months ago
Java RMI Update README.md 8 months ago
Kubernetes update link URL 7 months ago
LDAP Injection Normalize Titles 8 months ago
LaTeX Injection LaTeX Injection catcode 1 year ago
Methodology and Resources WDAC Policy Removal + SSRF domains 2 days ago
NoSQL Injection Normalize Titles 8 months ago
OAuth Misconfiguration Normalize Titles 8 months ago
Open Redirect typo 7 months ago
Race Condition fix: Fix spelling 10 months ago
Request Smuggling update old url's 7 months ago
SAML Injection Add ZAP Addon in Tools 1 year ago
SQL Injection MySQL MSSQL Oracle SQL Update 2 months ago
Server Side Request Forgery WDAC Policy Removal + SSRF domains 2 days ago
Server Side Template Injection SSTI / jinja2 : Removed dot in lipsum.__globals__.["os"] 3 weeks ago
Tabnabbing Fix typos 3 years ago
Type Juggling Fixing TGS/ST 9 months ago
Upload Insecure Files Update README.md 2 months ago
Web Cache Deception Web Cache Deception Methodology 2 months ago
Web Sockets Web Sockets: Update README.md 3 months ago
XPATH Injection Normalize Titles 8 months ago
XSLT Injection fix: Fix spelling 10 months ago
XSS Injection WDAC Policy Removal + SSRF domains 2 days ago
XXE Injection add XXE in Java 4 months ago
_LEARNING_AND_SOCIALS .NET Deserialization 8 months ago
_template_vuln SAML exploitation + ASREP roasting + Kerbrute 4 years ago
.gitignore YAML Deserialization 9 months ago
CONTRIBUTING.md PR Guidelines + User Hunting + HopLa Configuration 11 months ago
LICENSE Create License 4 years ago
README.md Fix responsive display on PATT Web 3 months ago
custom.css Fix responsive - rollback - FF was glitching 3 months ago
mkdocs.yml Web Theme + Credential Guard + PPL 3 months ago

README.md

Payloads All The Things

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques !
I ❤️ pull requests :)

You can also contribute with a 🍻 IRL, or using the sponsor button

Sponsor Tweet

An alternative display version is available at PayloadsAllTheThingsWeb.

📖 Documentation

Every section contains the following files, you can use the _template_vuln folder to create a new chapter:

  • README.md - vulnerability description and how to exploit it, including several payloads
  • Intruder - a set of files to give to Burp Intruder
  • Images - pictures for the README.md
  • Files - some files referenced in the README.md

You might also like the Methodology and Resources folder :

You want more ? Check the Books and Youtube videos selections.

👨‍💻 Contributions

Be sure to read CONTRIBUTING.md

Thanks again for your contribution! ❤️

🧙‍♂️ Sponsors

This project is proudly sponsored by these companies.