PayloadsAllTheThings

TRENDINGVERIFIED

Comprehensive list of payloads and bypass techniques for web security

MiscellaneousOSS

Easy

LinuxWindowsmacOS

Description

PayloadsAllTheThings is a comprehensive repository of security payloads, bypass techniques, and methodology documentation for web application security testing. It covers SQL injection, XSS, XXE, SSRF, SSTI, IDOR, and dozens of other vulnerability classes with real-world examples and filter bypasses.

Use Cases

Reference payload lists for specific vulnerability classes
Find WAF bypass techniques for blocked attack vectors
Learn exploitation methodologies with documented examples

Attack Phases

01. RECON

02. SCAN

03. EXPLOIT

04. PERSIST

05. COVER

MITRE ATT&CK Techniques (2)

T1190Exploit Public-Facing Application

Related Tools (4)

Burp Suite ffuf SecLists OWASP ZAP