#payloads
hoaxshell
Windows reverse shell payload generator and handler that abuses the http(s) protocol.
Nuclei templates
Community curated list of templates for the Nuclei engine to find security vulnerabilities.
Donut
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files.
JS-Tap
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant.
DVenom
Helps to bypass antiviruses by providing an encryption wrapper and loader for your shellcode.
Invoke-PSImage
Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute.
SSRFPwned
Checks for SSRF using custom payloads after fetching URLs from sources & applying complex patterns.
eLdap-Ldap-Search-and-Filter
A tool that helps users searching and filtering queries in Ldap environment.
Cross-site scripting cheat sheet
PortSwigger XSS cheat sheet that contains many vectors that can help you bypass WAFs and filters.
PortSwigger Cross-Site Scripting cheatsheet data
All the XSS cheatsheet data to allow contributions from the community.
SecLists
Collection of multiple types of lists used during security assessments, collected in one place.
Xss-Sql-Fuzz
Burp Suite plugin for XSS and SQLi which add our payload to all parameters with one click.
FuzzDB
Attack patterns and primitives for black-box application fault injection and resource discovery.