Top 23 payload Open-Source Projects

PayloadsAllTheThings

34 56,681 8.6 Python

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Project mention: php shell not executed in wordpress | /r/hacking | 2023-12-08

Also https://github.com/swisskyrepo/PayloadsAllTheThings I'm sure there's a few test php files in here for filter bypasses too

xss-payload-list

6 5,613 0.0

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Project mention: XSS example | /r/bugbounty | 2023-06-15

Like an example XSS payload? Go nuts: https://github.com/payloadbox/xss-payload-list

InfluxDB

www.influxdata.com sponsored

Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
bugbounty-cheatsheet

3 5,555 0.0

A list of interesting payloads, tips and tricks for bug bounty hunters.
AllAboutBugBounty

3 5,409 3.5

All about bug bounty (bypasses, payloads, and etc)

Project mention: How I hacked chess.com with a rookie exploit | news.ycombinator.com | 2024-01-26

Yeah, pretty close: "On-site request forgery"[0]
[0] https://github.com/daffainfo/AllAboutBugBounty/blob/master/O...

sql-injection-payload-list

5 4,304 0.0

🎯 SQL Injection Payload List
IntruderPayloads

2 3,526 1.8 BlitzBasic

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
payloads

1 3,519 0.0 Shell

Git All the Payloads! A collection of web attack payloads. (by foospidy)
WorkOS

workos.com sponsored

The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
usbrubberducky-payloads

18 3,504 8.5 PowerShell

The Official USB Rubber Ducky Payload Repository

Project mention: Need help with BadKB. Issue with DuckyScript? | /r/flipperzero | 2023-10-30

HackVault

3 1,876 0.0 JavaScript

A container repository for my public web hacks!

Project mention: What are polyglots and how to use them as a pentester | dev.to | 2023-12-03

pwndrop

8 1,833 0.0 JavaScript

Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.

Project mention: A static website to hold my go-to tools | /r/selfhosted | 2023-05-04

Pwndrop has a convenient ui for uploads/downloads and generates https & webdav links.

PoshC2

1 1,692 0.0 PowerShell

A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
Chimera

3 1,260 0.0 PowerShell

Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
pixload

2 1,151 4.5 Perl

Image Payload Creating/Injecting tools
defcon27_csharp_workshop

1 952 10.0 C#

Writing custom backdoor payloads with C# - Defcon 27 Workshop
Payloads

1 842 3.7 PHP

Payload Arsenal for Pentration Tester and Bug Bounty Hunters (by sh377c0d3)
ssti-payloads

1 560 0.0

🎯 Server Side Template Injection Payloads
Open-Redirect-Payloads

1 542 10.0 Shell

Open Redirect Payloads
RomBuster

1 422 6.4 Python

RomBuster is a router exploitation tool that allows to disclosure network router admin password.
AMP-Research

1 315 3.6 C

Research on UDP/TCP amplification vectors, payloads and mitigations against their use in DDoS Attacks
badchars

1 259 10.0 Python

Bad char generator to instruct encoders such as shikata-ga-nai to transform those to other chars.
Web_Hacking

1 186 9.2

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

Project mention: Web Hacking Toolbox | news.ycombinator.com | 2023-10-05

Metasploit-termux

1 174 4.9 Shell

Install Metasploit In Termux 2023, No Error, Maintained, Termux
csv-injection-payloads

2 169 2.1

🎯 CSV Injection Payloads
SaaSHub

www.saashub.com sponsored

SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

payloads related posts

What are polyglots and how to use them as a pentester
1 project | dev.to | 3 Dec 2023
SC
2 projects | /r/alphonsusswag | 6 Dec 2022
A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters
12 projects | dev.to | 15 Nov 2022
GitHub - daffainfo/AllAboutBugBounty: All about bug bounty (bypasses, payloads, and etc)
1 project | /r/hacking | 23 Jun 2022
Cyber Security resources
5 projects | dev.to | 18 Jun 2022
Video file Reverse shell attack
1 project | /r/hacking | 30 Jan 2022
There are some script for automate SSTI attacks?
1 project | /r/HowToHack | 22 Jun 2021
A note from our sponsor - SaaSHub
www.saashub.com | 26 Apr 2024

SaaSHub helps you find the best software and product alternatives Learn more →

Index

What are some of the best open-source payload projects? This list will help you:

	Project	Stars
1	PayloadsAllTheThings	56,681
2	xss-payload-list	5,613
3	bugbounty-cheatsheet	5,555
4	AllAboutBugBounty	5,409
5	sql-injection-payload-list	4,304
6	IntruderPayloads	3,526
7	payloads	3,519
8	usbrubberducky-payloads	3,504
9	HackVault	1,876
10	pwndrop	1,833
11	PoshC2	1,692
12	Chimera	1,260
13	pixload	1,151
14	defcon27_csharp_workshop	952
15	Payloads	842
16	ssti-payloads	560
17	Open-Redirect-Payloads	542
18	RomBuster	422
19	AMP-Research	315
20	badchars	259
21	Web_Hacking	186
22	Metasploit-termux	174
23	csv-injection-payloads	169