A list of useful payloads and bypass for Web Application Security and Pentest/CTF
- 
            Updated
            Oct 5, 2025 
- Python
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Payload is the open-source, fullstack Next.js framework, giving you instant backend superpowers. Get a full TypeScript backend and admin panel instantly. Use Payload as a headless CMS or for building powerful applications.
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Tools and Techniques for Red Team / Penetration Testing
All about bug bounty (bypasses, payloads, and etc)
🎯 SQL Injection Payload List
Awesome XSS stuff
The LAZY script will make your life easier, and of course faster.
Git All the Payloads! A collection of web attack payloads.
🎯 Command Injection Payload List
Python Remote Administration Tool (RAT)
🔥 CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems.
Penetration tests guide based on OWASP including test cases, resources and examples.
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
一款支持自定义的 Java 内存马生成工具|A customizable Java in-memory webshell generation tool.
Vulhub Vulnerability Reproduction Designated Platform
RubberDucky like payloads for DigiSpark Attiny85
Add a description, image, and links to the payload topic page so that developers can more easily learn about it.
To associate your repository with the payload topic, visit your repo's landing page and select "manage topics."