Payload Library

$ payload-library --source swisskyrepo/PayloadsAllTheThings

Payload Library

Explore payload references and bypass techniques in a searchable interface built from upstream PayloadsAllTheThings content.

Open LibraryView Source Repository

Categories

63

Code Blocks

621

Last Snapshot

4/14/2026, 7:05:04 AM

High-Signal Categories

Browse all

XXE Injection

XML External Entity An XML External Entity attack is a type of attack against an application that parses XML input and allows XML entities. XML entities can be used to tell the XML parser to fetch specific content on the server. Summary - Tools - Detect The Vulnerability - Exploi

43 code blocks

Open category

Command Injection

Command Injection Command injection is a security vulnerability that allows an attacker to execute arbitrary commands inside a vulnerable application. Summary Tools Methodology Basic Commands Chaining Commands Argument Injection Inside A Command Filter Bypasses Bypass Without Spa

39 code blocks

Open category

SQL Injection

SQL Injection SQL Injection (SQLi) is a type of security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. SQL Injection is one of the most common and severe types of web application vulnerabilities, enabling attackers

35 code blocks

Open category

Server Side Request Forgery

Server-Side Request Forgery Server Side Request Forgery or SSRF is a vulnerability in which an attacker forces a server to perform requests on their behalf. Summary Tools Methodology Bypassing Filters Default Targets Bypass Localhost with IPv6 Notation Bypass Localhost with a Dom

34 code blocks

Open category

XSS Injection

Cross Site Scripting Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. Summary - Methodology - Proof of Concept - Data Grabber - CO

34 code blocks

Open category

JSON Web Token

JWT - JSON Web Token JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. Summary - To

30 code blocks

Open category