Payloads All The Things

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I ❤️ pull requests :)

You can also contribute with a 🍻 IRL

Every section contains the following files, you can use the _template_vuln folder to create a new chapter:

You might also like the Methodology and Resources folder :

You want more ? Check the Books and Youtube videos selections.

Name		Name	Last commit message	Last commit date
Latest commit History 547 Commits
.github		.github
API Key Leaks		API Key Leaks
AWS Amazon Bucket S3		AWS Amazon Bucket S3
CORS Misconfiguration		CORS Misconfiguration
CRLF Injection		CRLF Injection
CSRF Injection		CSRF Injection
CSV Injection		CSV Injection
CVE Exploits		CVE Exploits
Command Injection		Command Injection
Directory Traversal		Directory Traversal
File Inclusion		File Inclusion
GraphQL Injection		GraphQL Injection
Insecure Deserialization		Insecure Deserialization
Insecure Direct Object References		Insecure Direct Object References
Insecure Management Interface		Insecure Management Interface
Insecure Source Code Management		Insecure Source Code Management
JSON Web Token		JSON Web Token
Kubernetes		Kubernetes
LDAP Injection		LDAP Injection
LaTeX Injection		LaTeX Injection
Methodology and Resources		Methodology and Resources
NoSQL Injection		NoSQL Injection
OAuth		OAuth
Open Redirect		Open Redirect
SAML Injection		SAML Injection
SQL Injection		SQL Injection
Server Side Request Forgery		Server Side Request Forgery
Server Side Template Injection		Server Side Template Injection
Type Juggling		Type Juggling
Upload Insecure Files		Upload Insecure Files
Web Cache Deception		Web Cache Deception
Web Sockets		Web Sockets
XPATH Injection		XPATH Injection
XSS Injection		XSS Injection
XXE Injection		XXE Injection
_template_vuln		_template_vuln
.gitignore		.gitignore
BOOKS.md		BOOKS.md
LICENSE		LICENSE
README.md		README.md
YOUTUBE.md		YOUTUBE.md

LangziFun/PayloadsAllTheThings