Skip to content
No description, website, or topics provided.
HTML Python PHP Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
AWS Amazon Bucket S3 Update README.md Jul 31, 2017
CRLF injection CRLF injection updated May 29, 2017
CSV injection Fix in juggling type + CSV injection Oct 20, 2016
CVE Shellshock Heartbleed Struts2 LDAP & XPATH injection + Small fixes and payloads Jul 14, 2017
File Inclusion - Path Traversal LFI via /proc/*/fd + upload Aug 15, 2017
Insecured source code management LDAP & XPATH injection + Small fixes and payloads Jul 14, 2017
LDAP injection More intruders folder - for BurpSuite Jul 30, 2017
Methodology and Resources More Burp Intruder file - SQLi + Path traversal + XSS Aug 5, 2017
NoSQL injection More intruders folder - for BurpSuite Jul 30, 2017
OAuth XSS,SQL OAuth Updated Dec 3, 2016
Open redirect Open Redirect Payloads updated Jul 6, 2017
PHP juggling type Fix in juggling type + CSV injection Oct 20, 2016
PHP serialization PHP object injection Oct 20, 2016
Remote commands execution RCE no {}, no space Aug 13, 2017
SQL injection More Burp Intruder file - SQLi + Path traversal + XSS Aug 5, 2017
SSRF injection SSRF URL Scheme + XXE Soap Aug 7, 2017
Server Side Template injections More Burp Intruder file - SQLi + Path traversal + XSS Aug 5, 2017
Tar commands execution Clean project - Renamed and added PHP juggling type Oct 20, 2016
Traversal directory LDAP & XPATH injection + Small fixes and payloads Jul 14, 2017
Upload insecure files Reverse Shell Cheatsheet Aug 3, 2017
Web cache deception Typo fix in Web cache Feb 27, 2017
XPATH injection LDAP & XPATH injection + Small fixes and payloads Jul 14, 2017
XSS injection Update README.md Aug 7, 2017
XXE injections SSRF URL Scheme + XXE Soap Aug 7, 2017
.gitignore Methodology added, XSS payloads updated,little fix Nov 6, 2016
README.md Methodology updated - Dorks, Subdomains, Nmap May 1, 2017

README.md

Payloads All The Things

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I <3 pull requests :)

Tools

Docker

More resources

Book's list:

Blogs/Websites

Youtube

Practice

Bug Bounty

You can’t perform that action at this time.