Payload Generation
Browse 43 payload generation tools
FEATURED
Red team toolkit for EDR evasion, initial access, and post-exploitation.
Dynamic API vulnerability scanner with payload-based testing and fuzzing
AI-driven DAST tool for automated vulnerability testing of web applications
A web-based payload repository that generates ready-to-use exploits for pentesting
A correlated injection proxy tool that integrates with XSS Hunter for automated cross-site scripting vulnerability testing and payload tracking.
A covert channel technique that uses WebDAV protocol features to deliver malicious payloads and establish C2 communication while bypassing security controls.
SecLists is a comprehensive repository of security testing lists including usernames, passwords, URLs, fuzzing payloads, and web shells used during penetration testing and security assessments.
A Burp Suite plugin for automatically adding XSS and SQL payload to fuzz
A Burp Suite extension that automates XSS vulnerability detection and validation through custom payload generation and response analysis.
A collection of XSS payloads designed to turn alert(1) into P1
ezXSS is a testing framework that helps penetration testers and bug bounty hunters identify Cross Site Scripting vulnerabilities, especially blind XSS attacks.
A powerful tool for identifying and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
A collection of payloads and methodologies for web pentesting.
A tutorial on how to use Apache mod_rewrite to randomly serve payloads in phishing attacks
InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.
A honeypot specifically designed to detect and capture Log4Shell vulnerability exploitation attempts with payload analysis and flexible logging capabilities.
A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.
A unified repository for different Metasploit Framework payloads.
A payload creation framework for generating and executing C# code payloads with anti-evasion capabilities for offensive security operations.
A Python library that simplifies format string vulnerability exploitation by providing tools for payload generation, memory manipulation, and automated parameter detection.
A proof-of-concept executable injection tool that compiles and launches parasitic executables within target processes using standard or stealth injection techniques.
A Linux process injection tool that uses ptrace() to inject assembly-based shellcode into running processes without NULL byte restrictions.
