A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Payload is the open-source, fullstack Next.js framework, giving you instant backend superpowers. Get a full TypeScript backend and admin panel instantly. Use Payload as a headless CMS or for building powerful applications.

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Tools and Techniques for Red Team / Penetration Testing

All about bug bounty (bypasses, payloads, and etc)

🎯 SQL Injection Payload List

Awesome XSS stuff

The LAZY script will make your life easier, and of course faster.

Git All the Payloads! A collection of web attack payloads.

Python Remote Administration Tool (RAT)

🎯 Command Injection Payload List

Penetration tests guide based on OWASP including test cases, resources and examples.

🔥 CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems.

🐈Medusa是一个红队武器库平台，目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能，持续开发中

C++ GUI for TegraRcmSmash (Fusée Gelée exploit for Nintendo Switch)

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.

Powerful batch script to dismantle complete windows defender protection and even bypass tamper protection ..Disable Windows-Defender Permanently....Hack windows. POC

RubberDucky like payloads for DigiSpark Attiny85