Skip to content

antwainburgman/PayloadsAllTheThings

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,348 Commits

.github

.github

 
 

API Key Leaks

API Key Leaks

 
 

AWS Amazon Bucket S3

AWS Amazon Bucket S3

 
 

Account Takeover

Account Takeover

 
 

CORS Misconfiguration

CORS Misconfiguration

 
 

CRLF Injection

CRLF Injection

 
 

CSRF Injection

CSRF Injection

 
 

CSV Injection

CSV Injection

 
 

CVE Exploits

CVE Exploits

 
 

Command Injection

Command Injection

 
 

DNS Rebinding

DNS Rebinding

 
 

Dependency Confusion

Dependency Confusion

 
 

Directory Traversal

Directory Traversal

 
 

File Inclusion

File Inclusion

 
 

GraphQL Injection

GraphQL Injection

 
 

HTTP Parameter Pollution

HTTP Parameter Pollution

 
 

Insecure Deserialization

Insecure Deserialization

 
 

Insecure Direct Object References

Insecure Direct Object References

 
 

Insecure Management Interface

Insecure Management Interface

 
 

Insecure Source Code Management

Insecure Source Code Management

 
 

JSON Web Token

JSON Web Token

 
 

Java RMI

Java RMI

 
 

Kubernetes

Kubernetes

 
 

LDAP Injection

LDAP Injection

 
 

LaTeX Injection

LaTeX Injection

 
 

Methodology and Resources

Methodology and Resources

 
 

NoSQL Injection

NoSQL Injection

 
 

OAuth

OAuth

 
 

Open Redirect

Open Redirect

 
 

Race Condition

Race Condition

 
 

Request Smuggling

Request Smuggling

 
 

SAML Injection

SAML Injection

 
 

SQL Injection

SQL Injection

 
 

Server Side Request Forgery

Server Side Request Forgery

 
 

Server Side Template Injection

Server Side Template Injection

 
 

Tabnabbing

Tabnabbing

 
 

Type Juggling

Type Juggling

 
 

Upload Insecure Files

Upload Insecure Files

 
 

Web Cache Deception

Web Cache Deception

 
 

Web Sockets

Web Sockets

 
 

XPATH Injection

XPATH Injection

 
 

XSLT Injection

XSLT Injection

 
 

XSS Injection

XSS Injection

 
 

XXE Injection

XXE Injection

 
 

_template_vuln

_template_vuln

 
 

.gitignore

.gitignore

 
 

BOOKS.md

BOOKS.md

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

TWITTER.md

TWITTER.md

 
 

YOUTUBE.md

YOUTUBE.md

 
 

Repository files navigation

Payloads All The Things Tweet

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I ❤️ pull requests :)

You can also contribute with a 🍻 IRL, or using the sponsor button.

Every section contains the following files, you can use the _template_vuln folder to create a new chapter:

  • README.md - vulnerability description and how to exploit it, including several payloads
  • Intruder - a set of files to give to Burp Intruder
  • Images - pictures for the README.md
  • Files - some files referenced in the README.md

You might also like the Methodology and Resources folder :

You want more ? Check the Books and Youtube videos selections.

About

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages

  • Python 86.2%
  • Ruby 6.5%
  • ASP.NET 3.9%
  • Classic ASP 1.4%
  • PHP 1.4%
  • Jupyter Notebook 0.3%
  • Other 0.3%