A comprehensive collection of security testing resources and payloads for bug bounty hunters, penetration testers, and security researchers.
This repository contains a complete collection of testing payloads organized by vulnerability type.
Injection Vulnerabilities:
- SQL Injection - Database query manipulation
- NoSQL Injection - NoSQL database injection (MongoDB, Redis, CouchDB)
- XSS (Cross-Site Scripting) - Client-side code injection
- Command Injection - OS command execution & symbolic link attacks
- SSTI (Server-Side Template Injection) - Template engine exploitation & RCE
- SSJI (Server-Side JavaScript Injection) - Node.js code injection & RCE
- CSV Injection - Formula injection in spreadsheets
- LDAP Injection - Directory service manipulation
- Log Injection - Log file manipulation
- XML Injection - XML and XXE attacks
- Prompt Injection - AI/LLM prompt manipulation
Access Control Vulnerabilities:
- Path Traversal - Directory traversal attacks
- IDOR - Insecure direct object references
- Open Redirect - Unvalidated redirects
Authentication & Authorization:
- Authentication Bypass - Auth bypass techniques
- Password Reset - Password reset vulnerabilities & account takeover
- Weak Passwords - Common weak passwords and defaults
Server-Side Vulnerabilities:
- SSRF - Server-side request forgery
- Deserialization - Insecure deserialization
- File Upload - Malicious file upload & RCE techniques
- Symbolic Link Attacks - Symlink exploitation & file system attacks
- Timing Attacks - Side-channel timing analysis & user enumeration
Configuration & Design:
- Security Misconfiguration - Default credentials, misconfigurations
- CORS Misconfiguration - Cross-origin resource sharing issues
- HTTP Request Smuggling - Request desynchronization attacks
- JWT Vulnerabilities - JSON Web Token implementation flaws
- Business Logic - Business logic flaws
- Weak Cryptography - Weak crypto implementations
- Vulnerable Components - Known vulnerable libraries
Network & Anonymity:
- Tor-Based Attacks - Tor anonymity exploitation & onion service testing
This repository serves as a comprehensive reference for security professionals to:
- Test web applications for common vulnerabilities
- Learn about different attack vectors
- Prepare for bug bounty hunting
- Conduct authorized penetration testing
- Understand security risks in web applications
IMPORTANT: All payloads and techniques in this repository are for authorized testing only.
- ✅ Use on systems you own
- ✅ Use with explicit written permission
- ✅ Use in authorized bug bounty programs
- ✅ Use for educational purposes in controlled environments
- ❌ NEVER use on systems without authorization
Unauthorized testing is illegal and unethical. Always follow responsible disclosure practices.
- Choose the vulnerability type you want to test from the list above
- Navigate to the corresponding directory
- Review the README.md for context and methodology
- Use the payload files in your authorized testing
Contributions are welcome! Please read our Contributing Guidelines before submitting.
Quick guidelines:
- All content must be legal and ethical
- Payloads should be well-documented
- Follow existing structure and patterns
- Focus on educational value
For detailed information on how to contribute, see CONTRIBUTING.md.
A huge thank you to all our amazing contributors! This project wouldn't be possible without your support. 🙏
See our Contributors Hall of Fame to view all contributors with their GitHub profiles!
All contributors are automatically recognized and added to our hall of fame when they contribute to this repository. ✨
IMPORTANT: Read our Legal Disclaimer before using any content from this repository.
This repository is for EDUCATIONAL AND AUTHORIZED TESTING PURPOSES ONLY. Unauthorized access to computer systems is illegal.
This project is licensed under the MIT License - see the LICENSE file for details.
Note: While this repository is open source under the MIT License, all content is for educational and authorized testing purposes only. Please review our Legal Disclaimer before use.
Happy Hunting! 🎯 Stay Ethical. Stay Legal.