killchain-compendium/misc/PayloadsAllTheThings
..
.github
API Key Leaks
AWS Amazon Bucket S3
Account Takeover
CORS Misconfiguration
CRLF Injection
CSRF Injection
CSV Injection
CVE Exploits
Command Injection
DNS Rebinding
Dependency Confusion
Directory Traversal
File Inclusion
GraphQL Injection
HTTP Parameter Pollution
Insecure Deserialization
Insecure Direct Object References
Insecure Management Interface
Insecure Source Code Management
JSON Web Token
Kubernetes
LDAP Injection
LaTeX Injection
Methodology and Resources
NoSQL Injection
OAuth
Open Redirect
Race Condition
Request Smuggling
SAML Injection
SQL Injection
Server Side Request Forgery
Server Side Template Injection
Tabnabbing
Type Juggling
Upload Insecure Files
Web Cache Deception
Web Sockets
XPATH Injection
XSLT Injection
XSS Injection
XXE Injection
_template_vuln
.gitignore
BOOKS.md
CONTRIBUTING.md
LICENSE
README.md
TWITTER.md
YOUTUBE.md

README.md

Payloads All The Things Tweet

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I ❤️ pull requests :)

You can also contribute with a 🍻 IRL, or using the sponsor button.

Every section contains the following files, you can use the _template_vuln folder to create a new chapter:

  • README.md - vulnerability description and how to exploit it, including several payloads
  • Intruder - a set of files to give to Burp Intruder
  • Images - pictures for the README.md
  • Files - some files referenced in the README.md

You might also like the Methodology and Resources folder :

You want more ? Check the Books and Youtube videos selections.