#Payloads

Showing 43 of 43 repositories tagged #payloads, ranked by stars

swisskyrepo
swisskyrepo
PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Score
100
โ˜… 79.0k โ‘‚ 17.2k +72/day
Python
LasCC
LasCC
HackTools

The all-in-one browser extension for offensive security professionals ๐Ÿ› 

Score
87
โ˜… 6.8k โ‘‚ 769 +69/day
TypeScript
daffainfo
daffainfo
AllAboutBugBounty

All about bug bounty (bypasses, payloads, and etc)

Score
89
โ˜… 6.8k โ‘‚ 1.3k +14/day
EdOverflow
EdOverflow
bugbounty-cheatsheet

A list of interesting payloads, tips and tricks for bug bounty hunters.

Score
95
โ˜… 6.5k โ‘‚ 1.6k +4/day
foospidy
foospidy
payloads

Git All the Payloads! A collection of web attack payloads.

Score
79
โ˜… 4.0k โ‘‚ 991 +2/day
Shell
terjanq
terjanq
Tiny-XSS-Payloads

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

Score
71
โ˜… 2.4k โ‘‚ 219 +3/day
JavaScript
swisskyrepo
swisskyrepo
InternalAllTheThings

Active Directory and Internal Pentest Cheatsheets

Score
100
โ˜… 2.3k โ‘‚ 428 +10/day
HTML
nettitude
nettitude
PoshC2

A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.

Score
67
โ˜… 2.1k โ‘‚ 356 โ€”
PowerShell
whwlsfb
whwlsfb
BurpCrypto

BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). ๆ”ฏๆŒๅคš็งๅŠ ๅฏ†็ฎ—ๆณ•ๆˆ–็›ดๆŽฅๆ‰ง่กŒJSไปฃ็ ็š„็”จไบŽ็ˆ†็ ดๅ‰็ซฏๅŠ ๅฏ†็š„BurpSuiteๆ’ไปถ

Score
61
โ˜… 1.6k โ‘‚ 175 +2/day
Java
tokyoneon
tokyoneon
Chimera

Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

Score
66
โ˜… 1.6k โ‘‚ 255 โ€”
PowerShell
sh377c0d3
sh377c0d3
AppSec-Payloads

AppSec Payloads Arsenal for Pentration Tester and Bug Bounty Hunters

Score
92
โ˜… 938 โ‘‚ 194 โ€”
PHP
xajkep
xajkep
wordlists

Infosec Wordlists and more.

Score
33
โ˜… 935 โ‘‚ 245 โ€”
Python
swisskyrepo
swisskyrepo
HardwareAllTheThings

Hardware/IOT Pentesting Wiki

Score
74
โ˜… 901 โ‘‚ 178 +2/day
HTML
Mehdi0x90
Mehdi0x90
Web_Hacking

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

Score
97
โ˜… 790 โ‘‚ 149 +4/day
capture0x
capture0x
XSS-LOADER

Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder

Score
84
โ˜… 616 โ‘‚ 123 โ€”
Python
EntySec
EntySec
RomBuster

RomBuster is a router exploitation tool that allows to disclosure network router admin password.

Score
53
โ˜… 555 โ‘‚ 87 +1/day
Python
MyuriKanao
MyuriKanao
src-hunter-skill

ๅฎžๆˆ˜ SRC / ไผ—ๆต‹ / Bug bounty ๆผๆดžๆŒ–ๆŽ˜ Claude Code skill โ€” 19 ไธชๆ”ปๅ‡ป็ฑป playbookใ€305 ไธช็ป“ๆž„ๅŒ– payloadใ€263 ไธช WAF/EDR ็ป•่ฟ‡ใ€2887 ไปฝ HackerOne ็œŸๅฎžๆกˆไพ‹ใ€88,636 WooYun ๆกˆไพ‹็ปŸ่ฎก

Score
82
โ˜… 539 โ‘‚ 69 +23/day
InfoSecWarrior
InfoSecWarrior
Offensive-Payloads

List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.

Score
76
โ˜… 445 โ‘‚ 150 โ€”
PHP
grugnoymeme
grugnoymeme
flipperzero-badUSB

A collection of selected badUSB script for Flipper Zero, written by me. This repo is always Work In Progress.

Score
42
โ˜… 373 โ‘‚ 20 โ€”
Shell
king04aman
king04aman
KeyLogger

A keylogger, sometimes called a keystroke logger or keyboard capture, is a type of surveillance technology used to monitor and record each keystroke on a specific computer. Keylogger software is also available for use on smartphones, such as the Apple iPhone and Android devices.

Score
0
โ˜… 273 โ‘‚ 57 โ€”
Python
aadityapurani
aadityapurani
NodeJS-Red-Team-Cheat-Sheet

NodeJS Red-Team Cheat Sheet

Score
39
โ˜… 230 โ‘‚ 45 โ€”
Aif4thah
Aif4thah
Dojo-101

Offline Cybersecurity Knowledge Base

Score
68
โ˜… 206 โ‘‚ 57 โ€”
kaimi-io
kaimi-io
web-fuzz-wordlists

Common Web Managers Fuzz Wordlists

Score
55
โ˜… 177 โ‘‚ 42 โ€”
inflictx
inflictx
Arsenal

Offline-first, searchable arsenal for pentesting & bug bounty: payloads, a click-to-build command generator, GTFOBins, wordlists, embedded CyberChef, reverse shells, checklists & an engagement tracker.

Score
63
โ˜… 156 โ‘‚ 23 +9/day
CSS
hahwul
hahwul
XSS-Payload-without-Anything

XSS Payload without Anything.

Score
32
โ˜… 108 โ‘‚ 31 โ€”
machine1337
machine1337
window-rat

The purpose of this tool is to test the window10 defender protection and also other antivirus protection.

Score
34
โ˜… 95 โ‘‚ 44 โ€”
Python
bL34cHig0
bL34cHig0
Pentest-Resources-Cheat-Sheets

This repository contains a curated list of websites and repositories featuring pentest & red-team resources such as cheatsheets, write-ups, tools, techniques, programming/scripting notes, and more. I documented them in this repo to provide like-minded offensive security enthusiasts and professionals easy access to these valuable resources.

Score
58
โ˜… 90 โ‘‚ 20 โ€”
TheGeekHT
TheGeekHT
Loki.Rat

Loki.Rat is a fork of the Ares RAT, it integrates new modules, like recording , lockscreen , and locate options. Loki.Rat is a Python Remote Access Tool.

Score
24
โ˜… 76 โ‘‚ 32 โ€”
Python
payload-box
payload-box
sql-injection-payload-list

The primary goal of this project is to explain SQL Injection (one of the OWASP Top 10 vulnerabilities) and to provide a beneficial resource for the security community.

Score
45
โ˜… 72 โ‘‚ 25 +3/day
PHP
bad-antics
bad-antics
nullsec-pineapple-suite

96+ WiFi Pineapple Pager payloads across 13 categories | Attack, Recon, Capture, Stealth, Interception, Exfiltration & more

Score
47
โ˜… 71 โ‘‚ 6 +2/day
Shell
machine1337
machine1337
mafiahacks

The purpose of this tool is to automate the payload Creation Process. U can Create Payloads For All Types of OS in Seconds.

Score
21
โ˜… 68 โ‘‚ 22 โ€”
Shell
cybersecplayground
cybersecplayground
bugbounty-Tips-and-Tricks

A curated collection of bug bounty tips, tricks, payloads, and bypass techniques

Score
50
โ˜… 50 โ‘‚ 9 +1/day
Python
Hunterdii
Hunterdii
Awesome-Hacking

๐Ÿ” Welcome to Hack-Academia, your ultimate resource hub for all things ๐Ÿ–ฅ๏ธ hacking, ๐Ÿ”ง pentesting, and ๐Ÿ›ก๏ธ security research. Whether you are a ๐ŸŒฑ beginner looking to explore the world of cybersecurity or a ๐Ÿง‘โ€๐Ÿ’ป seasoned professional seeking cutting-edge techniques and insights, Hack-Academia is here to empower you. โšก

Score
18
โ˜… 50 โ‘‚ 8 โ€”
Ninja-Yubaraj
Ninja-Yubaraj
SQL-Injection-Payloads-List

SQL Injection Payloads List.

Score
13
โ˜… 43 โ‘‚ 9 โ€”
machine1337
machine1337
pyobfuscate

A simple and efficent script to obfuscate python payloads to make it completely FUD

Score
16
โ˜… 38 โ‘‚ 12 โ€”
Python
0xelixer
0xelixer
Fuzzout

Every Hacker's Go to Fuzzing List. Introducing the Ultimate Fuzzing Directory: Your Go-To Resource for Penetration Testers and Bug Bounty Hunters! Unlock the power of comprehensive fuzzing with our meticulously curated Fuzzing Directory, a one-stop solution designed to streamline your penetration testing and bug bounty hunting endeavors.

Score
8
โ˜… 27 โ‘‚ 4 โ€”
Python
Mdot0
Mdot0
Pentesting-Methodology

When it comes to exploiting web application security, this is a methodology. Enumeration and Networking guidelines are also listed to help while on a Pentest/CTF.

Score
26
โ˜… 26 โ‘‚ 6 โ€”
xNaughty
xNaughty
BugBountyTips

BugBountyTips en Espaรฑol

Score
5
โ˜… 23 โ‘‚ 2 โ€”
payload-box
payload-box
ssti-advanced-payload-list

SSTI โ€“ Advanced / Polyglot Payloads

Score
37
โ˜… 23 โ‘‚ 6 +2/day
devspidr
devspidr
XSS_payloads_list

A curated list of common and advanced Cross-Site Scripting (XSS) payloads for penetration testing, bug bounty hunting, and web application security research. Useful for learning, practicing, and automating XSS vulnerability detection.

Score
0
โ˜… 14 โ‘‚ 0 โ€”
kabiri-labs
kabiri-labs
rcpayloadgen

RCEPayloadGen is a context-aware RCE payload generator for authorized security testing, producing 20k+ targeted, executable payloads across 12 environments โ€” with safety tiers, observable indicators, a benign detection mode, and metadata-rich output for validation, fuzzing, and pentest automation.

Score
29
โ˜… 11 โ‘‚ 2 โ€”
Python
DevanshRaghav75
DevanshRaghav75
NoSQL_injection_stuff

Learn what is NoSQL injection and how to find them ?

Score
3
โ˜… 10 โ‘‚ 4 โ€”
ogh-bnz
ogh-bnz
SecPayloads

Sec-Payloads, It's a collection of multiple types of lists used during security assessments & used for bug bounty hunting or penetration testing, collected in one place. List types include xss, sqli, sensitive data patterns, fuzzing payloads, web shells, and many more.

Score
11
โ˜… 10 โ‘‚ 1 โ€”
PHP
Related Topics
#hacking#penetration-testing#security#bugbounty#payload#infosec#pentesting#pentest#redteam#cybersecurity#cheatsheet#bypass

ยฉ 2026 GitRepoTrend ยท GitHub repositories by topic ยท Updated weekly