payload

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Built with React + TypeScript, Payload is a free and open-source Headless CMS. [✩Star] if you support our work!

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Awesome XSS stuff

All about bug bounty (bypasses, payloads, and etc)

The LAZY script will make your life easier, and of course faster.

Tools and Techniques for Red Team / Penetration Testing

Git All the Payloads! A collection of web attack payloads.

🎯 SQL Injection Payload List

Python Remote Administration Tool (RAT)

Penetration tests guide based on OWASP including test cases, resources and examples.

🎯 Command Injection Payload List

🔥 CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems.

🐈Medusa是一个红队武器库平台，目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能，持续开发中

C++ GUI for TegraRcmSmash (Fusée Gelée exploit for Nintendo Switch)

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Python antivirus evasion tool

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.

Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.