Backup_Repos/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings synced 2025-12-06 00:44:04 +01:00
Code Issues Projects Releases Wiki Activity
No description
2123 commits 2 branches 7 tags 89 MiB
Python 83.8%
Ruby 6.3%
ASP.NET 3.8%
XSLT 2.6%
Classic ASP 1.4%
Other 1.9%
Find a file
Swissky 832b54fd95 Syntax Highlighting SSTI
2025-11-15 17:11:42 +01:00
.github Update GitHub Actions 2025-10-01 14:52:10 +02:00
_LEARNING_AND_SOCIALS
_template_vuln
Account Takeover
API Key Leaks
Brute Force Rate Limit Markdown Fix Lint 2025-10-05 18:54:42 +02:00
Business Logic Errors
Clickjacking
Client Side Path Traversal
Command Injection Lint fix 2025-08-14 11:09:47 +02:00
CORS Misconfiguration
CRLF Injection
Cross-Site Request Forgery
CSV Injection
CVE Exploits
Denial of Service
Dependency Confusion
Directory Traversal
DNS Rebinding
DOM Clobbering
Encoding Transformations
External Variable Modification
File Inclusion
Google Web Toolkit
GraphQL Injection Syntax Highlighting SSTI 2025-11-15 17:11:42 +01:00
Headless Browser
Hidden Parameters
HTTP Parameter Pollution
Insecure Deserialization
Insecure Direct Object References
Insecure Management Interface
Insecure Randomness
Insecure Source Code Management
Java RMI
JSON Web Token
LaTeX Injection
LDAP Injection
Mass Assignment
Methodology and Resources Update Web Attack Surface.md 2025-10-02 10:50:07 +02:00
NoSQL Injection
OAuth Misconfiguration
Open Redirect
ORM Leak
Prompt Injection
Prototype Pollution
Race Condition
Regular Expression
Request Smuggling
Reverse Proxy Misconfigurations
SAML Injection
Server Side Include Injection
Server Side Request Forgery Lint fix 2025-08-14 11:09:47 +02:00
Server Side Template Injection Syntax Highlighting SSTI 2025-11-15 17:11:42 +01:00
SQL Injection SQL injection hashed password + MSSQL links 2025-11-02 18:21:19 +01:00
Tabnabbing
Type Juggling
Upload Insecure Files Syntax Highlighting SSTI 2025-11-15 17:11:42 +01:00
Virtual Hosts
Web Cache Deception
Web Sockets
XPATH Injection
XSLT Injection
XSS Injection
XXE Injection
Zip Slip
.gitignore
CONTRIBUTING.md
custom.css
DISCLAIMER.md
LICENSE
mkdocs.yml chore(docs): fix MkDocs edit link and polish README grammar 2025-09-19 15:13:54 +05:30
README.md chore(docs): fix MkDocs edit link and polish README grammar 2025-09-19 15:13:54 +05:30

README.md

Payloads All The Things

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques!

You can also contribute with a 🍻 IRL, or using the sponsor button.

Sponsor Tweet

An alternative display version is available at PayloadsAllTheThingsWeb.

banner

📖 Documentation

Every section contains the following files, you can use the _template_vuln folder to create a new chapter:

  • README.md - vulnerability description and how to exploit it, including several payloads
  • Intruder - a set of files to give to Burp Intruder
  • Images - pictures for the README.md
  • Files - some files referenced in the README.md

You might also like the other projects from the AllTheThings family :

You want more? Check the Books and YouTube channel selections.

🧑‍💻 Contributions

Be sure to read CONTRIBUTING.md

sponsors-list

Thanks again for your contribution! ❤️

🍻 Sponsors

This project is proudly sponsored by these companies.

Logo Description
sponsor-serpapi SerpApi is a real time API to access Google search results. It solves the issues of having to rent proxies, solving captchas, and JSON parsing.
sponsor-projectdiscovery ProjectDiscovery - Detect real, exploitable vulnerabilities. Harness the power of Nuclei for fast and accurate findings without false positives.
sponsor-vaadata VAADATA - Ethical Hacking Services