Packages and Binaries:


A list of useful payloads and bypasses for Web Application Security and Pentest/CTF.

Installed size: 7.52 MB
How to install: sudo apt install payloadsallthethings

  • kali-defaults
root@kali:~# payloadsallthethings -h
> payloadsallthethings ~ Collection of useful payloads and bypasses
  |--AWS Amazon Bucket S3
  |--CRLF Injection
  |--CSRF Injection
  |--CSV Injection
  |--CVE Exploits
  |--Command Injection
  |--Directory Traversal
  |--File Inclusion
  |--GraphQL Injection
  |--Insecure Deserialization
  |--Insecure Direct Object References
  |--Insecure Management Interface
  |--Insecure Source Code Management
  |--JSON Web Token
  |--LDAP Injection
  |--LaTeX Injection
  |--Methodology and Resources
  |--NoSQL Injection
  |--Open Redirect
  |--SAML Injection
  |--SQL Injection
  |--Server Side Request Forgery
  |--Server Side Template Injection
  |--Type Juggling
  |--Upload Insecure Files
  |--Web Cache Deception
  |--Web Sockets
  |--XPATH Injection
  |--XSS Injection
  |--XXE Injection

Updated on: 2021-Nov-26