Payload

A web-based payload repository that generates and encodes ready-to-use exploits for SQL injection, XSS, file inclusion, and command injection vulnerabilities.

A collection of XSS payloads designed to turn alert(1) into P1

A collection of payloads and methodologies for web pentesting.

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

A correlated injection proxy tool that integrates with XSS Hunter for automated cross-site scripting vulnerability testing and payload tracking.

A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.

A tool that generates .NET serialized gadgets for triggering assembly load and execution through BinaryFormatter deserialization in JavaScript, VBScript, and VBA scripts.

SecLists is a comprehensive repository of security testing lists including usernames, passwords, URLs, fuzzing payloads, and web shells used during penetration testing and security assessments.

A project providing honeypots for embedded device vulnerabilities with support for AWS integration and JSON output.

PyBOF is a Python library that enables in-memory loading and execution of Beacon Object Files (BOFs) with support for argument passing and function targeting.

Weaponize Word documents with PowerShell Empire using the Microsoft DDE exploit.

InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.

A comprehensive guide to using Metasploit, including searching for modules, specifying exploits and payloads, and using auxiliary modules.

A covert channel technique that uses WebDAV protocol features to deliver malicious payloads and establish C2 communication while bypassing security controls.

A collection of tools that execute programs directly in memory using various delivery methods including URL downloads and netcat connections.

Pwntools is a Python CTF framework and exploit development library that provides tools for rapid prototyping and development of exploits and CTF challenge solutions.

A honeypot specifically designed to detect and capture Log4Shell vulnerability exploitation attempts with payload analysis and flexible logging capabilities.

A Linux process injection tool that uses ptrace() to inject assembly-based shellcode into running processes without NULL byte restrictions.

A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.

A proof-of-concept executable injection tool that compiles and launches parasitic executables within target processes using standard or stealth injection techniques.

A payload creation framework for generating and executing C# code payloads with anti-evasion capabilities for offensive security operations.

TikiTorch is a process injection tool that executes code within the address space of other processes using various injection techniques.

ezXSS is a testing framework that helps penetration testers and bug bounty hunters identify Cross Site Scripting vulnerabilities, especially blind XSS attacks.

A tutorial on how to use Apache mod_rewrite to randomly serve payloads in phishing attacks