PayloadsAllTheThings
swisskyrepo/PayloadsAllTheThings
A comprehensive cheatsheet for cyber security, collecting common attack payloads and bypass techniques for penetration testing and CTF competitions, ideal for security researchers to reference quickly.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
AI Summary
What This Project Does
This is a massive repository dedicated to collecting web security attack codes and bypass techniques, like a super dictionary for the security community.
What Problems It Solves
Solves the trouble of not finding suitable test code during security testing, no need to write Payloads from scratch, just copy and paste to test.
Who It's For
Penetration testers, CTF competition players, backend developers wanting to self-learn web security.
Typical Use Cases
1. Testing if website anti-injection rules are effective; 2. Quickly finding solution ideas in CTF competitions; 3. Writing rule libraries for security scanners.
Key Strengths & Highlights
Extremely broad content coverage with continuous updates, active community contributions, clear categorization ready for use, recognized as an authoritative resource in the industry.
Getting Started Requirements
Almost no threshold, just open the website or clone the repository to read the docs, no software installation or environment configuration needed.
Purpose
Suitable for those needing quick lookup of vulnerability exploit code or wanting to systematically learn web security. Not suitable for ordinary users for daily use, this is a professional security tool.
Category
Project Info
- Primary Language
- Python
- Default Branch
- master
- License
- MIT
- Created
- Oct 18, 2016
- Last Commit
- today
- Last Push
- today
- Indexed
- Apr 18, 2026