Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → foospidy → Payloads

foospidy / Payloads

Licence: gpl-3.0

Git All the Payloads! A collection of web attack payloads.

Programming Languages

77523 projects

Labels

hacking pentest cybersecurity xss payload passwords appsec payloads sqli web-attack-payloads

Projects that are alternatives of or similar to Payloads

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Stars: ✭ 974 (-65.97%)

Mutual labels: hacking, pentest, xss, sqli

Xxe Injection Payload List

🎯 XML External Entity (XXE) Injection Payload List

Stars: ✭ 304 (-89.38%)

Mutual labels: hacking, cybersecurity, payload, payloads

Payloadsallthethings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Stars: ✭ 32,909 (+1049.86%)

Mutual labels: hacking, pentest, payload, payloads

Hacking tools

Stars: ✭ 95 (-96.68%)

Mutual labels: hacking, xss, sqli

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Stars: ✭ 847 (-70.41%)

Mutual labels: hacking, xss, sqli

pentest framework

Stars: ✭ 1,060 (-62.96%)

Mutual labels: hacking, pentest, xss

Powerfull XSS Scanning and Parameter analysis tool&gem

Stars: ✭ 583 (-79.63%)

Mutual labels: hacking, pentest, xss

Rfi Lfi Payload List

🎯 RFI/LFI Payload List

Stars: ✭ 202 (-92.94%)

Mutual labels: payload, appsec, payloads

Collection Document

Collection of quality safety articles. Awesome articles.

Stars: ✭ 1,387 (-51.54%)

Mutual labels: hacking, pentest, xss

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

Stars: ✭ 121 (-95.77%)

Mutual labels: hacking, cybersecurity, payload

Offensive Dockerfiles

Offensive tools as Dockerfiles. Lightweight & Ready to go

Stars: ✭ 150 (-94.76%)

Mutual labels: hacking, pentest, sqli

Resources For Beginner Bug Bounty Hunters

A list of resources for those interested in getting started in bug bounties

Stars: ✭ 7,185 (+151.05%)

Mutual labels: hacking, pentest, xss

Audit tool to find common vulnerabilities in PHP source code

Stars: ✭ 146 (-94.9%)

Mutual labels: hacking, xss, sqli

Xss Payload List

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Stars: ✭ 2,617 (-8.56%)

Mutual labels: xss, payload, payloads

The all-in-one Red Team extension for Web Pentester 🛠

Stars: ✭ 2,750 (-3.91%)

Mutual labels: hacking, cybersecurity, payloads

Sql Injection Payload List

🎯 SQL Injection Payload List

Stars: ✭ 716 (-74.98%)

Mutual labels: hacking, payload, payloads

Dorks for shodan.io. Some basic shodan dorks collected from publicly available data.

Stars: ✭ 118 (-95.88%)

Mutual labels: hacking, pentest, cybersecurity

Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder

Stars: ✭ 215 (-92.49%)

Mutual labels: hacking, xss, payloads

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

Stars: ✭ 125 (-95.63%)

Mutual labels: hacking, pentest, appsec

A list of payload and bypass lists for penetration testing and red team infrastructure build.

Stars: ✭ 166 (-94.2%)

Mutual labels: hacking, pentest, payload

View All Similar Projects ➔

payloads

Git All the Payloads! A collection of web attack payloads. Pull requests are welcome!

Usage

run ./get.sh to download external payloads and unzip any payload files that are compressed.

Payload Credits

fuzzdb - https://github.com/fuzzdb-project/fuzzdb
SecLists - https://github.com/danielmiessler/SecLists
xsuperbug - https://github.com/xsuperbug/payloads
NickSanzotta - https://github.com/NickSanzotta/BurpIntruder
7ioSecurity - https://github.com/7ioSecurity/XSS-Payloads
shadsidd - https://github.com/shadsidd
shikari1337 - https://www.shikari1337.com/list-of-xss-payloads-for-cross-site-scripting/
xmendez - https://github.com/xmendez/wfuzz
minimaxir - https://github.com/minimaxir/big-list-of-naughty-strings
xsscx - https://github.com/xsscx/Commodity-Injection-Signatures
TheRook - https://github.com/TheRook/subbrute
danielmiessler - https://github.com/danielmiessler/RobotsDisallowed
FireFart - https://github.com/FireFart/HashCollision-DOS-POC
HybrisDisaster - https://github.com/HybrisDisaster/aspHashDoS
swisskyrepo - https://github.com/swisskyrepo/PayloadsAllTheThings
1N3 - https://github.com/1N3/IntruderPayloads
cujanovic - https://github.com/cujanovic/Open-Redirect-Payloads
cujanovic - https://github.com/cujanovic/Content-Bruteforcing-Wordlist
cujanovic - https://github.com/cujanovic/subdomain-bruteforce-list
cujanovic - https://github.com/cujanovic/CRLF-Injection-Payloads
cujanovic - https://github.com/cujanovic/Virtual-host-wordlist
cujanovic - https://github.com/cujanovic/dirsearch-wordlist
lavalamp- - https://github.com/lavalamp-/password-lists
arnaudsoullie - https://github.com/arnaudsoullie/ics-default-passwords
scadastrangelove - https://github.com/scadastrangelove/SCADAPASS
jeanphorn - https://github.com/jeanphorn/wordlist
j3ers3 - https://github.com/j3ers3/PassList
nyxxxie - https://github.com/nyxxxie/awesome-default-passwords
foospidy - https://github.com/foospidy/web-cve-tests
terjanq - https://github.com/terjanq/Tiny-XSS-Payloads

OWASP

dirbuster - https://www.owasp.org/index.php/DirBuster
fuzzing_code_database - https://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database
JBroFuzz - https://www.owasp.org/index.php/JBroFuzz

Other

xss/ismailtasdelen.txt - https://github.com/ismailtasdelen/xss-payload-list
xss/jsf__k.txt - http://www.jsfuck.com/
xss/kirankarnad.txt - https://www.linkedin.com/pulse/20140812222156-79939846-xss-vectors-you-may-need-as-a-pen-tester
xss/packetstorm.txt - https://packetstormsecurity.com/files/112152/Cross-Site-Scripting-Payloads.html
xss/smeegessec.com.txt - http://www.smeegesec.com/2012/06/collection-of-cross-site-scripting-xss.html
xss/d3adend.org.txt - http://d3adend.org/xss/ghettoBypass
xss/soaj1664ashar.txt - http://pastebin.com/u6FY1xDA
xss/billsempf.txt - https://www.sempf.net/post/Six-hundred-and-sixty-six-XSS-vectors-suitable-for-attacking-an-API.aspx (http://pastebin.com/48WdZR6L)
xss/787373.txt - https://84692bb0df6f30fc0687-25dde2f20b8e8c1bda75aeb96f737eae.ssl.cf1.rackcdn.com/--xss.html
xss/bhandarkar.txt - http://hackingforsecurity.blogspot.com/2013/11/xss-cheat-sheet-huge-list.html
xss/xssdb.txt - http://xssdb.net/xssdb.txt
xss/0xsobky.txt - https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot
xss/secgeek.txt - https://www.secgeek.net/solutions-for-xss-waf-challenge/
xss/reddit_xss_get.txt - All XSS GET requests from https://www.reddit.com/r/xss (as of 3/30/2016)
xss/rafaybaloch.txt - http://www.rafayhackingarticles.net/2016/09/breaking-great-wall-of-web-xss-waf.html
xss/alternume0.txt - https://www.openbugbounty.org/reports/722726/
xss/XssPayloads - https://twitter.com/XssPayloads
sqli/camoufl4g3.txt - https://github.com/camoufl4g3/SQLi-payload-Fuzz3R/blob/master/payloads.txt
sqli/c0rni3sm.txt - http://c0rni3sm.blogspot.in/2016/02/a-quite-rare-mssql-injection.html
sqli/sqlifuzzer.txt - https://github.com/ContactLeft/sqlifuzzer/tree/master/payloads
sqli/harisec.txt - https://hackerone.com/reports/297478
sqli/jstnkndy.txt - https://foxglovesecurity.com/2017/02/07/type-juggling-and-php-object-injection-and-sqli-oh-my/
sqli/d0znpp.txt - https://medium.com/@d0znpp/how-to-bypass-libinjection-in-many-waf-ngwaf-1e2513453c0f
sqli/libinjection-bypasses.txt - https://gist.github.com/migolovanov/432fe28c8c7e9fa675ab3903c5eda77f
traversal/dotdotpwn.txt - https://github.com/wireghoul/dotdotpwn
codeinjection/fede.txt - https://techblog.mediaservice.net/2016/10/exploiting-ognl-injection/
commandinjection/ismailtasdelen-unix.txt - https://github.com/ismailtasdelen/command-injection-payload-list
commandinjection/ismailtasdelen-windows.txt - https://github.com/ismailtasdelen/command-injection-payload-list

ctf

Requests extracted from either packet captures or log files of capture the flag (ctf) events. Mostly raw data so not all requests are actual payloads, however requests should be deduplicated.

maccdc2010.txt - Mid-Atlantic CCDC (http://maccdc.org/), source: http://www.netresec.com/?page=MACCDC
maccdc2011.txt - Mid-Atlantic CCDC (http://maccdc.org/), source: http://www.netresec.com/?page=MACCDC
maccdc2012.txt - Mid-Atlantic CCDC (http://maccdc.org/), source: http://www.netresec.com/?page=MACCDC
ists12_2015.txt - Information Security Talent Search (http://ists.sparsa.org/), source: http://www.netresec.com/?page=ISTS
defcon20.txt - DEFCON Capture the Flag (https://www.defcon.org/html/links/dc-ctf.html), source: http://www.netresec.com/?page=PcapFiles

Miscellaneous

XSS references that may overlap with sources already included above:
- https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
- http://htmlpurifier.org/live/smoketests/xssAttacks.php

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 2,862

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (2) 🔗