Windows reverse shell payload generator and handler that abuses the http(s) protocol.
Community curated list of templates for the Nuclei engine to find security vulnerabilities.
An advanced Cross Site Scripting vulnerability detection and exploitation framework.
A quick way to generate various basic Meterpreter payloads via MSFvenom.
RegStrike is a .reg payload generator.
Helps you to detect SQL injection "Error based" by sending multiple requests.
Open-source penetration testing tool that automates the process of exploiting XSS.
Offensive PowerShell for red team, penetration testing and offensive security.
Automated tool for testing header based blind SQL injection.
Payload toolkit for bypassing EDRs using suspended processes, direct syscalls written.
Powershell payload generator In Bash !
CRLF bug scanner for WebPentesters and Bugbounty Hunters.
Payload creation framework designed around EDR bypass.
Run PowerShell with rundll32 in order to bypass software restrictions.
Bypass for PowerShell Constrained Language Mode.
Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute.
Checks for SSRF using custom payloads after fetching URLs from sources & applying complex patterns.
File upload restrictions bypass by using different techniques!
Infect an existing Android application with a Meterpreter payload.
Black box fuzzer for web applications.
Tool to generate stable undetected payload.
Written by Black Hat Ethical Hacking and #ChatGPT for offensive security and XSS attacks.
A free and open source Ruby toolkit for security research and development.
Burp Suite extension for dynamic payload generation to detect injection flaws.
XSS payloads designed to turn alert(1) into P1.
A tool that helps users searching and filtering queries in Ldap environment.
Allows you to quickly substitute query string values with regex matches, one-at-a-time.
Understand how input is transformed on a system, which can help to craft payloads.
Bug Bounty notes gathered from various sources.
Exploitation framework for embedded devices.
PortSwigger XSS cheat sheet that contains many vectors that can help you bypass WAFs and filters.
ALL IN ONE Hacking Tool For Hackers.
Tag based conversion tool written in Java implemented as a Burp Suite extension.
All the XSS cheatsheet data to allow contributions from the community.
Collection of multiple types of lists used during security assessments, collected in one place.
GUI Burp Plugin to ease discovering of security holes in web applications.
A list of useful payloads and bypass for Web Application Security.
A ready to use JSONP endpoints/payloads to help bypass Content Security Policy.
A mini webserver with FTP support for XXE payloads.
PNG IDAT chunks XSS payload generator.
Burp Suite plugin for XSS and SQLi which add our payload to all parameters with one click.
Sleepy Puppy XSS Payload Management Framework.
Injects custom XSS payloads on every form/request submitted to detect blind XSS.
Embeds XXE/XML exploits into different filetypes.
Utility to embed XXE and XSS payloads in docx, odt, pptx...
List DTDs and generate XXE payloads using those local DTDs.
PHP unserialize() payloads along with a tool to generate them.
Deserialization payload generator for a variety of .NET formatters.
Generates payloads that exploit unsafe Java object deserialization.
Attack patterns and primitives for black-box application fault injection and resource discovery.