PayloadsAllTheThings
MIT๐ฅ Offensive Ops ยท Python
PayloadsAllTheThings is a comprehensive, community-maintained reference repository containing curated payloads, bypass techniques, and methodology documentation for web application penetration testing and security research. It covers attack categories including SQL injection, XSS, SSRF, XXE, command injection, file inclusion, authentication bypasses, and dozens of other vulnerability classes with ready-to-use payload strings and detailed explanations. Penetration testers, bug bounty hunters, and CTF players reference PayloadsAllTheThings as a go-to cheat sheet during engagements, pulling tested payloads and bypass techniques for specific WAFs, frameworks, and filtering mechanisms. The repository also includes methodology guides, enumeration checklists, and privilege escalation references for Linux and Windows, making it one of the most valuable single resources in the offensive security community.
Tags
Details
- Category
- ๐ฅ Offensive Ops
- Language
- Python
- Repository
- swisskyrepo/PayloadsAllTheThings
- License
- MIT
- Platforms
- ๐งlinux๐macos๐ชwindows
Links
Community Reviews
Alternatives & Comparisons
More in Offensive Ops
Mythic
GoCollaborative, multi-platform C2 framework. Docker-based with web UI, multiple agent types, and plugin architecture.
Havoc
C/C++Modern C2 framework. Qt-based GUI, BOF support, custom agents, and a Cobalt Strike-inspired workflow.
Rubeus
C#C# toolset for raw Kerberos interaction and abuse. AS-REP roasting, Kerberoasting, ticket manipulation, delegation attacks.
Certipy
PythonActive Directory Certificate Services (AD CS) abuse tool. Find and exploit certificate template misconfigurations.
Coercer
PythonAutomatically find and exploit Windows authentication coercion vulnerabilities. PetitPotam, PrinterBug, and more.
SharpHound
C#Official BloodHound data collector. Enumerates Active Directory objects, sessions, ACLs, and trusts for graph analysis.