#payloads

hoaxshell on offsec.tools
Sponsor
hoaxshell

Windows reverse shell payload generator and handler that abuses the http(s) protocol.

Nuclei templates on offsec.tools
Sponsor
Nuclei templates

Community curated list of templates for the Nuclei engine to find security vulnerabilities.

Payloads All The Things on offsec.tools
Featured
Payloads All The Things

A list of useful payloads and bypass for Web Application Security.

RegStrike on offsec.tools
RegStrike

RegStrike is a .reg payload generator.

SQLiDetector on offsec.tools
SQLiDetector

Helps you to detect SQL injection "Error based" by sending multiple requests.

toxssin on offsec.tools
toxssin

Open-source penetration testing tool that automates the process of exploiting XSS.

Nishang on offsec.tools
Nishang

Offensive PowerShell for red team, penetration testing and offensive security.

HBSQLI on offsec.tools
HBSQLI

Automated tool for testing header based blind SQL injection.

Freeze-rs on offsec.tools
Freeze-rs

Payload toolkit for bypassing EDRs using suspended processes, direct syscalls written.

PowerMayhem on offsec.tools
PowerMayhem

Powershell payload generator In Bash !

Crlfi on offsec.tools
Crlfi

CRLF bug scanner for WebPentesters and Bugbounty Hunters.

ScareCrow on offsec.tools
ScareCrow

Payload creation framework designed around EDR bypass.

PowerShdll on offsec.tools
PowerShdll

Run PowerShell with rundll32 in order to bypass software restrictions.

PSByPassCLM on offsec.tools
PSByPassCLM

Bypass for PowerShell Constrained Language Mode.

Invoke-PSImage on offsec.tools
Invoke-PSImage

Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute.

SSRFPwned on offsec.tools
SSRFPwned

Checks for SSRF using custom payloads after fetching URLs from sources & applying complex patterns.

upload_bypass on offsec.tools
upload_bypass

File upload restrictions bypass by using different techniques!

Kwetza on offsec.tools
Kwetza

Infect an existing Android application with a Meterpreter payload.

Firefly on offsec.tools
Firefly

Black box fuzzer for web applications.

PayGen on offsec.tools
PayGen

Tool to generate stable undetected payload.

XSSRocket on offsec.tools
XSSRocket

Written by Black Hat Ethical Hacking and #ChatGPT for offensive security and XSS attacks.

Ronin on offsec.tools
Ronin

A free and open source Ruby toolkit for security research and development.

Agartha on offsec.tools
Agartha

Burp Suite extension for dynamic payload generation to detect injection flaws.

Weaponised XSS Payloads on offsec.tools
Weaponised XSS Payloads

XSS payloads designed to turn alert(1) into P1.

xssor2 on offsec.tools
xssor2

Hack with JavaScript.

eLdap-Ldap-Search-and-Filter on offsec.tools
eLdap-Ldap-Search-and-Filter

A tool that helps users searching and filtering queries in Ldap environment.

qsinject on offsec.tools
qsinject

Allows you to quickly substitute query string values with regex matches, one-at-a-time.

Transformations on offsec.tools
Transformations

Understand how input is transformed on a system, which can help to craft payloads.

AllAboutBugBounty on offsec.tools
AllAboutBugBounty

Bug Bounty notes gathered from various sources.

RouterSploit on offsec.tools
RouterSploit

Exploitation framework for embedded devices.

JSgen on offsec.tools
JSgen

Generate javascript code to be injected in case you find a Server Side Javascript Injection.

Cross-site scripting cheat sheet on offsec.tools
Cross-site scripting cheat sheet

PortSwigger XSS cheat sheet that contains many vectors that can help you bypass WAFs and filters.

Hackingtool on offsec.tools
Hackingtool

ALL IN ONE Hacking Tool For Hackers.

Hackvertor on offsec.tools
Hackvertor

Tag based conversion tool written in Java implemented as a Burp Suite extension.

PortSwigger Cross-Site Scripting cheatsheet data on offsec.tools
PortSwigger Cross-Site Scripting cheatsheet data

All the XSS cheatsheet data to allow contributions from the community.

SecLists on offsec.tools
SecLists

Collection of multiple types of lists used during security assessments, collected in one place.

BurpSentinel on offsec.tools
BurpSentinel

GUI Burp Plugin to ease discovering of security holes in web applications.

JSONBee on offsec.tools
JSONBee

A ready to use JSONP endpoints/payloads to help bypass Content Security Policy.

xxeserv on offsec.tools
xxeserv

A mini webserver with FTP support for XXE payloads.

xss2png on offsec.tools
xss2png

PNG IDAT chunks XSS payload generator.

Xss-Sql-Fuzz on offsec.tools
Xss-Sql-Fuzz

Burp Suite plugin for XSS and SQLi which add our payload to all parameters with one click.

XSS'OR on offsec.tools
XSS'OR

Hack with JavaScript.

Sleepy Puppy on offsec.tools
Sleepy Puppy

Sleepy Puppy XSS Payload Management Framework.

BitBlinder on offsec.tools
BitBlinder

Injects custom XSS payloads on every form/request submitted to detect blind XSS.

oxml_xxe on offsec.tools
oxml_xxe

Embeds XXE/XML exploits into different filetypes.

XXE-FTP on offsec.tools
XXE-FTP

A mini webserver with FTP support for XXE payloads.

docem on offsec.tools
docem

Utility to embed XXE and XSS payloads in docx, odt, pptx...

DTD Finder on offsec.tools
DTD Finder

List DTDs and generate XXE payloads using those local DTDs.

PHPGGC on offsec.tools
PHPGGC

PHP unserialize() payloads along with a tool to generate them.

ysoserial.net on offsec.tools
ysoserial.net

Deserialization payload generator for a variety of .NET formatters.

ysoserial on offsec.tools
ysoserial

Generates payloads that exploit unsafe Java object deserialization.

FuzzDB on offsec.tools
FuzzDB

Attack patterns and primitives for black-box application fault injection and resource discovery.