A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The best way to build a modern backend + admin UI. No black magic, all TypeScript, and fully open-source, Payload is both an app framework and a headless CMS.

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

All about bug bounty (bypasses, payloads, and etc)

Awesome XSS stuff

Tools and Techniques for Red Team / Penetration Testing

The LAZY script will make your life easier, and of course faster.

🎯 SQL Injection Payload List

Git All the Payloads! A collection of web attack payloads.

Python Remote Administration Tool (RAT)

Penetration tests guide based on OWASP including test cases, resources and examples.

🎯 Command Injection Payload List

🔥 CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems.

🐈Medusa是一个红队武器库平台，目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能，持续开发中

C++ GUI for TegraRcmSmash (Fusée Gelée exploit for Nintendo Switch)

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Python antivirus evasion tool

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.

Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.