Skip to content

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

License

Notifications You must be signed in to change notification settings

morpheusc/PayloadsAllTheThings

This branch is 354 commits behind swisskyrepo/PayloadsAllTheThings:master.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

c9d0878 Β· Feb 21, 2023
Feb 11, 2023
Oct 1, 2022
Oct 9, 2022
Jan 4, 2023
Oct 11, 2022
Jan 5, 2023
Oct 12, 2022
Oct 1, 2022
Oct 12, 2022
Oct 12, 2022
Nov 6, 2022
Oct 27, 2021
Apr 24, 2022
Oct 12, 2022
Oct 24, 2022
Dec 6, 2022
Nov 8, 2022
Jan 11, 2023
Nov 7, 2022
Oct 12, 2022
Oct 17, 2022
Oct 12, 2022
Oct 24, 2022
Oct 12, 2022
Oct 24, 2022
Oct 12, 2022
Feb 22, 2022
Feb 21, 2023
Oct 12, 2022
Oct 12, 2022
Oct 24, 2022
Aug 9, 2022
Oct 27, 2022
Apr 30, 2022
Jan 4, 2023
Dec 13, 2022
Feb 20, 2023
Dec 12, 2020
Sep 6, 2022
Nov 7, 2022
Oct 12, 2022
Oct 12, 2022
Oct 12, 2022
Aug 9, 2022
Feb 11, 2023
Jan 19, 2023
Oct 11, 2022
Mar 24, 2019
Sep 16, 2022
Jun 30, 2022
May 25, 2019
Feb 14, 2023
Feb 11, 2023

Repository files navigation

Payloads All The Things

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques !
I ❀️ pull requests :)

You can also contribute with a 🍻 IRL, or using the sponsor button

Sponsor Tweet

An alternative display version is available at PayloadsAllTheThingsWeb.

πŸ“– Documentation

Every section contains the following files, you can use the _template_vuln folder to create a new chapter:

  • README.md - vulnerability description and how to exploit it, including several payloads
  • Intruder - a set of files to give to Burp Intruder
  • Images - pictures for the README.md
  • Files - some files referenced in the README.md

You might also like the Methodology and Resources folder :

You want more ? Check the Books and Youtube videos selections.

πŸ‘¨β€πŸ’» Contributions

Be sure to read CONTRIBUTING.md

Thanks again for your contribution! ❀️

πŸ§™β€β™‚οΈ Sponsors

This project is proudly sponsored by these companies.

About

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Python 86.3%
  • Ruby 6.4%
  • ASP.NET 3.9%
  • Classic ASP 1.4%
  • PHP 1.3%
  • Jupyter Notebook 0.3%
  • Other 0.4%