This branch is 709 commits behind swisskyrepo/PayloadsAllTheThings:master.

Name	Name	Last commit message	Last commit date
Latest commit swisskyrepo Golden GMSA + Scheduled Task Mar 15, 2022 d40e055 · Mar 15, 2022 History 1,354 Commits
.github	.github	DSRM Admin	Jan 8, 2021
API Key Leaks	API Key Leaks	UnPAC The Hash + MachineKeys.txt	Oct 26, 2021
AWS Amazon Bucket S3	AWS Amazon Bucket S3	Fix AWS duplicated tool enumerate-iam	Dec 18, 2020
Account Takeover	Account Takeover	Golden GMSA + Scheduled Task	Mar 15, 2022
CORS Misconfiguration	CORS Misconfiguration	Fix typos	Dec 12, 2020
CRLF Injection	CRLF Injection	CORS and CRLF README.md updated	Oct 25, 2020
CSRF Injection	CSRF Injection	Added referer header validation check in CSRF	Jun 23, 2021
CSV Injection	CSV Injection	Update README.md	Mar 17, 2021
CVE Exploits	CVE Exploits	AD + Log4shell + Windows Startup	Dec 16, 2021
Command Injection	Command Injection	Command Injection space alternatives	Jan 15, 2022
DNS Rebinding	DNS Rebinding	Add DNS rebinding	Oct 27, 2021
Dependency Confusion	Dependency Confusion	Update README.md	Aug 8, 2021
Directory Traversal	Directory Traversal	MSSQL Agent Command Execution	Mar 10, 2022
File Inclusion	File Inclusion	Graftcp Cheatsheet	Dec 29, 2021
GraphQL Injection	GraphQL Injection	Dependency Confusion + LDAP	Jul 4, 2021
HTTP Parameter Pollution	HTTP Parameter Pollution	Fixed typo	Oct 30, 2021
Insecure Deserialization	Insecure Deserialization	Dependency Confusion + LDAP	Jul 4, 2021
Insecure Direct Object References	Insecure Direct Object References	Command injection rewritten	Apr 21, 2019
Insecure Management Interface	Insecure Management Interface	Add Springboot Actuator RCE	Oct 28, 2020
Insecure Source Code Management	Insecure Source Code Management	Fix ToC	Feb 3, 2021
JSON Web Token	JSON Web Token	DB2 Injection + ADCS	Aug 10, 2021
Java RMI	Java RMI	samAccountName spoofing + Java RMI	Dec 13, 2021
Kubernetes	Kubernetes	Add kubescape to kubernetes tools	Nov 1, 2021
LDAP Injection	LDAP Injection	Dependency Confusion + LDAP	Jul 4, 2021
LaTeX Injection	LaTeX Injection	LaTeX Injection catcode	Feb 22, 2022
Methodology and Resources	Methodology and Resources	Golden GMSA + Scheduled Task	Mar 15, 2022
NoSQL Injection	NoSQL Injection	NoSQLi: add POST with urlencoded body	Nov 7, 2021
OAuth	OAuth	Masscan + AD password in description + ZSH revshell bugfix + Mimikatz…	May 12, 2019
Open Redirect	Open Redirect	Update README.md	Oct 1, 2021
Race Condition	Race Condition	Race Condition - First Draft	Jan 26, 2020
Request Smuggling	Request Smuggling	Add PortSwigger http-desync reborn article	Jan 16, 2021
SAML Injection	SAML Injection	XSW 4 Fix #205	May 12, 2020
SQL Injection	SQL Injection	MSSQL Agent Command Execution	Mar 10, 2022
Server Side Request Forgery	Server Side Request Forgery	Update README.md	Nov 9, 2021
Server Side Template Injection	Server Side Template Injection	Update README.md	Oct 26, 2021
Tabnabbing	Tabnabbing	Fix typos	Dec 12, 2020
Type Juggling	Type Juggling	AMSI + Trust	Dec 8, 2020
Upload Insecure Files	Upload Insecure Files	add file php8	Jan 1, 2022
Web Cache Deception	Web Cache Deception	Fix(Docs): Correcting typos on the repo	Oct 17, 2020
Web Sockets	Web Sockets	Added: Cross-Site WebSocket Hijacking (CSWSH)	Apr 11, 2020
XPATH Injection	XPATH Injection	Bind shell cheatsheet (Fix #194)	May 24, 2020
XSLT Injection	XSLT Injection	AD mitigations	Dec 26, 2019
XSS Injection	XSS Injection	Remove filename with special characters.	Oct 29, 2021
XXE Injection	XXE Injection	Update XXE Injection	Oct 18, 2021
_template_vuln	_template_vuln	SAML exploitation + ASREP roasting + Kerbrute	Mar 24, 2019
.gitignore	.gitignore	Shell IPv6 + Sandbox credential	Jan 7, 2019
BOOKS.md	BOOKS.md	Update BOOKS.md	Jan 13, 2022
CONTRIBUTING.md	CONTRIBUTING.md	Upload Methodology	Sep 27, 2020
LICENSE	LICENSE	Create License	May 25, 2019
README.md	README.md	Update README.md	Aug 22, 2020
TWITTER.md	TWITTER.md	Added gentilkiwi twitter	Jul 27, 2021
YOUTUBE.md	YOUTUBE.md	Update YOUTUBE.md	Oct 8, 2020

Repository files navigation

Payloads All The Things

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I ❤️ pull requests :)

You can also contribute with a 🍻 IRL, or using the sponsor button.

Every section contains the following files, you can use the _template_vuln folder to create a new chapter:

README.md - vulnerability description and how to exploit it, including several payloads
Intruder - a set of files to give to Burp Intruder
Images - pictures for the README.md
Files - some files referenced in the README.md

You might also like the Methodology and Resources folder :

You want more ? Check the Books and Youtube videos selections.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Payloads All The Things

About

Releases

Packages

Languages

License

Cloudologia/PayloadsAllTheThings

Folders and files

Latest commit

History

Repository files navigation

Payloads All The Things

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages