# swisskyrepo/PayloadsAllTheThings **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/swisskyrepo-payloadsallthethings).** 75,346 stars · 16,660 forks · Python · mit ## Links - GitHub: https://github.com/swisskyrepo/PayloadsAllTheThings - Homepage: https://swisskyrepo.github.io/PayloadsAllTheThings/ - awesome-repositories: https://awesome-repositories.com/repository/swisskyrepo-payloadsallthethings.md ## Topics `bounty` `bugbounty` `bypass` `cheatsheet` `enumeration` `hacking` `hacktoberfest` `methodology` `payload` `payloads` `penetration-testing` `pentest` `privilege-escalation` `redteam` `security` `vulnerability` `web-application` ## Description This project is a comprehensive, community-sourced knowledge base designed for security professionals and researchers. It functions as a centralized repository of offensive security techniques, providing a structured collection of exploit payloads, attack vectors, and methodologies for conducting vulnerability assessments and penetration testing. The repository distinguishes itself through a cross-platform payload taxonomy that categorizes exploitation methods by vulnerability type and target environment, enabling rapid lookup during security assessments. It maintains high standards of data integrity and collaborative growth by utilizing version-controlled knowledge management and template-driven content generation, ensuring that the research remains current and consistent across a wide range of technical domains. The project covers a broad capability surface, including detailed references for web application security, database injection, insecure deserialization, and AI model security testing. It also aggregates external resources, such as research papers and third-party tools, to provide a holistic view of modern threat analysis and defensive research. The documentation is organized as a hierarchical tree of markdown files, designed for easy navigation and reference during active security engagements. ## Tags ### Security & Cryptography - [Offensive Security Cheatsheets](https://awesome-repositories.com/f/security-cryptography/security/offensive-operations/penetration-testing-ethical-hacking/offensive-security-cheatsheets.md) — Delivers a structured collection of actionable command-line sequences and payloads for verifying application resilience during security assessments. - [Community-Sourced Knowledge Bases](https://awesome-repositories.com/f/security-cryptography/security/offensive-operations/vulnerability-research-analysis/research-reference-knowledge/community-sourced-knowledge-bases.md) — Aggregates security research and verified attack vectors from a global contributor base to maintain an up-to-date reference database. - [Vulnerability Research](https://awesome-repositories.com/f/security-cryptography/security/offensive-operations/vulnerability-research-analysis/vulnerability-research.md) — Compiles extensive methodologies and technical frameworks for investigating, identifying, and documenting complex security weaknesses. - [Remote File Inclusion Payloads](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/injection-payloads/remote-file-inclusion-payloads.md) — Supplies a diverse library of payloads tailored for testing vulnerabilities where applications improperly process remote file inclusions. ([source](https://swisskyrepo.github.io/PayloadsAllTheThings/File%20Inclusion/)) - [Web Application Penetration Testing](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/web-application-penetration-testing.md) — Facilitates systematic security audits through a vast index of attack vectors and injection patterns used in web service validation. - [Exploit Taxonomies](https://awesome-repositories.com/f/security-cryptography/security/offensive-operations/vulnerability-research-analysis/research-reference-knowledge/exploit-taxonomies.md) — Categorizes diverse exploitation methods by vulnerability type and target environment to assist in structured security research. - [Local File Inclusion Payloads](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/injection-payloads/local-file-inclusion-payloads.md) — Exposes a specialized set of payloads designed to identify security flaws involving improper local file inclusion. ([source](https://swisskyrepo.github.io/PayloadsAllTheThings/File%20Inclusion/)) - [SQL Injection Scanners](https://awesome-repositories.com/f/security-cryptography/security/utilities/security-tools/vulnerability-assessment-tools/sql-injection-scanners.md) — Provides a curated list of resources and techniques for detecting and verifying SQL injection vulnerabilities within web applications. ([source](https://swisskyrepo.github.io/PayloadsAllTheThings/SQL%20Injection/)) - [Vulnerability Assessment and Testing](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing.md) — Offers a centralized knowledge hub containing tactical guidance and methodologies for evaluating the security posture of modern systems. - [AI Prompt Injection Vulnerabilities](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/ai-model-vulnerabilities/ai-prompt-injection-vulnerabilities.md) — Documents security flaws where indirect inputs are used to manipulate the intended behavior of large language models. ([source](https://swisskyrepo.github.io/PayloadsAllTheThings/Prompt%20Injection/)) - [Prompt Injection Payloads](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/ai-model-vulnerabilities/prompt-injection-payloads.md) — Curates a list of malicious input strings specifically crafted to manipulate the behavior and output of artificial intelligence applications. ([source](https://swisskyrepo.github.io/PayloadsAllTheThings/Prompt%20Injection/)) - [Deserialization Vulnerability Resources](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/deserialization-vulnerability-resources.md) — Maintains a comprehensive collection of research and testing payloads for identifying insecure deserialization across various programming languages. ([source](https://swisskyrepo.github.io/PayloadsAllTheThings/Insecure%20Deserialization/)) - [AWS Pentesting Resources](https://awesome-repositories.com/f/security-cryptography/security/infrastructure-and-hardware/infrastructure-system-hardening/aws-pentesting-resources.md) — Contains resources and utilities for assessing the security posture and identifying common misconfigurations within cloud infrastructure environments. ([source](https://swisskyrepo.github.io/PayloadsAllTheThings/Methodology%20and%20Resources/Active%20Directory%20Attack/)) - [Command Execution Cheat Sheets](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/command-execution-cheat-sheets.md) — Serves as a reference guide for shell commands and various payload execution techniques used during security testing. ([source](https://swisskyrepo.github.io/PayloadsAllTheThings/Methodology%20and%20Resources/Active%20Directory%20Attack/)) - [System Prompt Injection Payloads](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/ai-model-vulnerabilities/system-prompt-injection-payloads.md) — Includes specific payloads designed to override or manipulate the foundational instructions governing conversational artificial intelligence models. ([source](https://swisskyrepo.github.io/PayloadsAllTheThings/Prompt%20Injection/)) - [Account Takeover Techniques](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/authentication-session-flaws/account-takeover-techniques.md) — Details methods for gaining unauthorized access to user accounts by leveraging existing application vulnerabilities. ([source](https://swisskyrepo.github.io/PayloadsAllTheThings/Account%20Takeover/)) - [URL Scheme Exploits](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/ssrf-techniques/url-scheme-exploits.md) — Explains how to leverage specific URL protocols to access local files or internal services via server-side request forgery. ([source](https://swisskyrepo.github.io/PayloadsAllTheThings/Server%20Side%20Request%20Forgery/)) - [Docker Pentesting Resources](https://awesome-repositories.com/f/security-cryptography/application-and-system-security/sandbox-and-isolation/runtime-process-isolation/docker-pentesting-resources.md) — Directs researchers toward specialized resources for auditing containerized environments and testing system integrity. ([source](https://swisskyrepo.github.io/PayloadsAllTheThings/Methodology%20and%20Resources/Active%20Directory%20Attack/)) - [System Escape Techniques](https://awesome-repositories.com/f/security-cryptography/security/infrastructure-and-hardware/infrastructure-system-hardening/execution-sandboxes/system-escape-techniques.md) — Provides guidance on identifying weaknesses that allow unauthorized access outside of restricted execution environments. ([source](https://swisskyrepo.github.io/PayloadsAllTheThings/Methodology%20and%20Resources/Active%20Directory%20Attack/)) - [Exploitation Analysis Resources](https://awesome-repositories.com/f/security-cryptography/security/offensive-operations/vulnerability-research-analysis/analysis-discovery-tooling/exploitation-analysis-resources.md) — Indexes common security flaws while providing technical explanations and practical examples for verifying potential system weaknesses. - [Authentication Bypass Techniques](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/authentication-bypass-techniques.md) — Demonstrates specific techniques for manipulating input to circumvent standard login mechanisms and logic controls. ([source](https://swisskyrepo.github.io/PayloadsAllTheThings/SQL%20Injection/)) - [SQL](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/injection-payloads/sql.md) — Compiles a vast library of malicious strings tailored for testing database query vulnerabilities. ([source](https://swisskyrepo.github.io/PayloadsAllTheThings/SQL%20Injection/)) - [Stacked SQL Injections](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/injection-payloads/stacked-sql-injections.md) — Illustrates how to execute multiple sequential database commands by leveraging specific delimiters within a single injection point. ([source](https://swisskyrepo.github.io/PayloadsAllTheThings/SQL%20Injection/)) - [Authentication Misconfigurations](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/authentication-session-flaws/authentication-misconfigurations.md) — Examines frequent implementation errors that lead to broken authentication or session management. ([source](https://swisskyrepo.github.io/PayloadsAllTheThings/JSON%20Web%20Token/)) - [JSON Web Tokens](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/authentication-session-flaws/json-web-tokens.md) — Explains common security pitfalls and testing strategies associated with token-based authentication standards. ([source](https://swisskyrepo.github.io/PayloadsAllTheThings/JSON%20Web%20Token/)) - [Data Exfiltration Payloads](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/data-exfiltration-payloads.md) — Details techniques for extracting sensitive data through timing-based side channels and systematic response analysis. ([source](https://swisskyrepo.github.io/PayloadsAllTheThings/Command%20Injection/)) - [SQL Injection Detection Tools](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/injection-vulnerabilities/sql-injection-detection-tools.md) — Identifies common indicators and error patterns that reveal potential database injection entry points during security assessments. ([source](https://swisskyrepo.github.io/PayloadsAllTheThings/SQL%20Injection/)) - [SQL Injection Techniques](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/injection-vulnerabilities/sql-injection-techniques.md) — Details advanced SQL injection patterns and bypass techniques for identifying complex database vulnerabilities. ([source](https://swisskyrepo.github.io/PayloadsAllTheThings/SQL%20Injection/)) - [Mass Assignment Vulnerabilities](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/mass-assignment-vulnerabilities.md) — Highlights common scenarios where improper data binding allows unauthorized modification of internal object properties. ([source](https://swisskyrepo.github.io/PayloadsAllTheThings/JSON%20Web%20Token/)) - [Security Vulnerability Summaries](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/security-vulnerability-summaries.md) — Gathers detailed methodologies, proof-of-concept examples, and technical summaries for analyzing various security vulnerability classes. ([source](https://swisskyrepo.github.io/PayloadsAllTheThings/SQL%20Injection/)) - [Blind SSRF Exploitation](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/ssrf-techniques/blind-ssrf-exploitation.md) — Outlines advanced strategies for extracting information when direct responses are unavailable during server-side request forgery. ([source](https://swisskyrepo.github.io/PayloadsAllTheThings/Server%20Side%20Request%20Forgery/)) - [Filter Bypass Techniques](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/ssrf-techniques/filter-bypass-techniques.md) — Showcases various encoding and networking tricks to bypass security controls restricting internal network access. ([source](https://swisskyrepo.github.io/PayloadsAllTheThings/Server%20Side%20Request%20Forgery/)) ### Content Management & Publishing - [Version-Controlled Knowledge Bases](https://awesome-repositories.com/f/content-management-publishing/content-management-systems/content-architectures/document-architectures/version-controlled-knowledge-bases.md) — Leverages distributed version control to manage a historical, community-contributed knowledge base of security research and documentation. - [Security Resource Aggregators](https://awesome-repositories.com/f/content-management-publishing/documentation-knowledge-management/knowledge-bases/curated-resource-directories/security-resource-aggregators.md) — Unifies disparate security research, technical documentation, and testing utilities into a single searchable reference. ### Development Tools & Productivity - [Project Scaffolding](https://awesome-repositories.com/f/development-tools-productivity/project-scaffolding-config-code-generation/project-scaffolding-configuration/project-scaffolding.md) — Promotes a uniform organizational structure for documenting security findings and technical research.