back to home

swisskyrepo / PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

75,404 stars
16,665 forks
14 issues
PythonRubyASP.NET
Chat with CodebaseArchitecture ScanSecurity AuditExplain Codebase

AI Architecture Analysis

This repository is indexed by RepoMind. By analyzing swisskyrepo/PayloadsAllTheThings in our AI interface, you can instantly generate complete architecture diagrams, visualize control flows, and perform automated security audits across the entire codebase.

Our Agentic Context Augmented Generation (Agentic CAG) engine loads full source files into context, avoiding the fragmentation of traditional RAG systems. Ask questions about the architecture, dependencies, or specific features to see it in action.

Click here to launch the interactive analysis workspace

Embed this Badge

Showcase RepoMind's analysis directly in your repository's README.

[![Analyzed by RepoMind](https://img.shields.io/badge/Analyzed%20by-RepoMind-4F46E5?style=for-the-badge)](https://repomind-ai.vercel.app/repo/swisskyrepo/PayloadsAllTheThings)
Preview:Analyzed by RepoMind

Repository Summary (README)

Preview

Payloads All The Things

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques!

You can also contribute with a :beers: IRL, or using the sponsor button.

Sponsor Tweet

An alternative display version is available at PayloadsAllTheThingsWeb.

<p align="center"> <img src="https://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/.github/banner.png" alt="banner"> </p>

:book: Documentation

Every section contains the following files, you can use the _template_vuln folder to create a new chapter:

  • README.md - vulnerability description and how to exploit it, including several payloads
  • Intruder - a set of files to give to Burp Intruder
  • Images - pictures for the README.md
  • Files - some files referenced in the README.md

You might also like the other projects from the AllTheThings family :

You want more? Check the Books and YouTube channel selections.

:technologist: Contributions

Be sure to read CONTRIBUTING.md

<p align="center"> <a href="https://github.com/swisskyrepo/PayloadsAllTheThings/graphs/contributors"> <img src="https://contrib.rocks/image?repo=swisskyrepo/PayloadsAllTheThings&max=36" alt="sponsors-list" > </a> </p>

Thanks again for your contribution! :heart:

:beers: Sponsors

This project is proudly sponsored by these companies.

LogoDescription
<img src="https://avatars.githubusercontent.com/u/34724717?s=40&v=4" alt="sponsor-serpapi">SerpApi is a real time API to access Google search results. It solves the issues of having to rent proxies, solving captchas, and JSON parsing.
<img src="https://avatars.githubusercontent.com/u/50994705?s=40&v=4" alt="sponsor-projectdiscovery">ProjectDiscovery - Detect real, exploitable vulnerabilities. Harness the power of Nuclei for fast and accurate findings without false positives.
<img src="https://avatars.githubusercontent.com/u/48131541?s=40&v=4" alt="sponsor-vaadata">VAADATA - Ethical Hacking Services