#Payloads
Showing 43 of 43 repositories tagged #payloads, ranked by stars
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
The all-in-one browser extension for offensive security professionals ๐
All about bug bounty (bypasses, payloads, and etc)
A list of interesting payloads, tips and tricks for bug bounty hunters.
Git All the Payloads! A collection of web attack payloads.
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Active Directory and Internal Pentest Cheatsheets
A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). ๆฏๆๅค็งๅ ๅฏ็ฎๆณๆ็ดๆฅๆง่กJSไปฃ็ ็็จไบ็็ ดๅ็ซฏๅ ๅฏ็BurpSuiteๆไปถ
Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
AppSec Payloads Arsenal for Pentration Tester and Bug Bounty Hunters
Infosec Wordlists and more.
Hardware/IOT Pentesting Wiki
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder
RomBuster is a router exploitation tool that allows to disclosure network router admin password.
ๅฎๆ SRC / ไผๆต / Bug bounty ๆผๆดๆๆ Claude Code skill โ 19 ไธชๆปๅป็ฑป playbookใ305 ไธช็ปๆๅ payloadใ263 ไธช WAF/EDR ็ป่ฟใ2887 ไปฝ HackerOne ็ๅฎๆกไพใ88,636 WooYun ๆกไพ็ป่ฎก
List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.
A collection of selected badUSB script for Flipper Zero, written by me. This repo is always Work In Progress.
A keylogger, sometimes called a keystroke logger or keyboard capture, is a type of surveillance technology used to monitor and record each keystroke on a specific computer. Keylogger software is also available for use on smartphones, such as the Apple iPhone and Android devices.
NodeJS Red-Team Cheat Sheet
Offline Cybersecurity Knowledge Base
Common Web Managers Fuzz Wordlists
Offline-first, searchable arsenal for pentesting & bug bounty: payloads, a click-to-build command generator, GTFOBins, wordlists, embedded CyberChef, reverse shells, checklists & an engagement tracker.
XSS Payload without Anything.
The purpose of this tool is to test the window10 defender protection and also other antivirus protection.
This repository contains a curated list of websites and repositories featuring pentest & red-team resources such as cheatsheets, write-ups, tools, techniques, programming/scripting notes, and more. I documented them in this repo to provide like-minded offensive security enthusiasts and professionals easy access to these valuable resources.
Loki.Rat is a fork of the Ares RAT, it integrates new modules, like recording , lockscreen , and locate options. Loki.Rat is a Python Remote Access Tool.
The primary goal of this project is to explain SQL Injection (one of the OWASP Top 10 vulnerabilities) and to provide a beneficial resource for the security community.
96+ WiFi Pineapple Pager payloads across 13 categories | Attack, Recon, Capture, Stealth, Interception, Exfiltration & more
The purpose of this tool is to automate the payload Creation Process. U can Create Payloads For All Types of OS in Seconds.
A curated collection of bug bounty tips, tricks, payloads, and bypass techniques
๐ Welcome to Hack-Academia, your ultimate resource hub for all things ๐ฅ๏ธ hacking, ๐ง pentesting, and ๐ก๏ธ security research. Whether you are a ๐ฑ beginner looking to explore the world of cybersecurity or a ๐งโ๐ป seasoned professional seeking cutting-edge techniques and insights, Hack-Academia is here to empower you. โก
SQL Injection Payloads List.
A simple and efficent script to obfuscate python payloads to make it completely FUD
Every Hacker's Go to Fuzzing List. Introducing the Ultimate Fuzzing Directory: Your Go-To Resource for Penetration Testers and Bug Bounty Hunters! Unlock the power of comprehensive fuzzing with our meticulously curated Fuzzing Directory, a one-stop solution designed to streamline your penetration testing and bug bounty hunting endeavors.
When it comes to exploiting web application security, this is a methodology. Enumeration and Networking guidelines are also listed to help while on a Pentest/CTF.
BugBountyTips en Espaรฑol
SSTI โ Advanced / Polyglot Payloads
A curated list of common and advanced Cross-Site Scripting (XSS) payloads for penetration testing, bug bounty hunting, and web application security research. Useful for learning, practicing, and automating XSS vulnerability detection.
RCEPayloadGen is a context-aware RCE payload generator for authorized security testing, producing 20k+ targeted, executable payloads across 12 environments โ with safety tiers, observable indicators, a benign detection mode, and metadata-rich output for validation, fuzzing, and pentest automation.
Learn what is NoSQL injection and how to find them ?
Sec-Payloads, It's a collection of multiple types of lists used during security assessments & used for bug bounty hunting or penetration testing, collected in one place. List types include xss, sqli, sensitive data patterns, fuzzing payloads, web shells, and many more.