A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

Payload is the open-source, fullstack Next.js framework, giving you instant backend superpowers. Get a full TypeScript backend and admin panel instantly. Use Payload as a headless CMS or for building powerful applications.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

🎯 SQL Injection Payload List

All about bug bounty (bypasses, payloads, and etc)

The LAZY script will make your life easier, and of course faster.

Git All the Payloads! A collection of web attack payloads.

Tools and Techniques for Red Team / Penetration Testing

Awesome XSS stuff

Python Remote Administration Tool (RAT)

🎯 Command Injection Payload List

Penetration tests guide based on OWASP including test cases, resources and examples.

🔥 CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems.

RubberDucky like payloads for DigiSpark Attiny85

🐈Medusa是一个红队武器库平台，目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能，持续开发中

Python antivirus evasion tool

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Powerful batch script to dismantle complete windows defender protection and even bypass tamper protection ..Disable Windows-Defender Permanently....Hack windows. POC

🎯 XML External Entity (XXE) Injection Payload List