List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.
☆443Mar 16, 2026Updated 2 months ago
Alternatives and similar repositories for Offensive-Payloads
Users that are interested in Offensive-Payloads are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Scripts that are intended to help you in your pen-testing and bug-hunting efforts by automating various manual tasks, making your work mo…☆99May 14, 2026Updated last week
- A proper approach to pentest a Web application with the mixture of all useful payloads and complete testing guidance of attacks. Designed…☆109Feb 12, 2025Updated last year
- Penetration testing tools cheat sheet, a quick reference high level overview for typical penetration testing engagements. Convenient comm…☆102Oct 13, 2025Updated 7 months ago
- A compilation of important commands, files, and tools used in Pentesting☆56Jan 17, 2023Updated 3 years ago
- Passive Reconnaissance Techniques Approach helps for penetration testing and bug bounty hunting by gathering information about a target s…☆20Aug 19, 2025Updated 9 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Passively check for XSS character encodings☆19Mar 9, 2026Updated 2 months ago
- NucleiFuzzer is a robust automation tool that efficiently detects web application vulnerabilities, including XSS, SQLi, SSRF, and Open Re…☆1,843Apr 17, 2026Updated last month
- My Favorite Offensive Security Scripts☆89Apr 25, 2025Updated last year
- This Repositories contains list of One Liners with Descriptions and Installation requirements☆505Jun 28, 2025Updated 10 months ago
- ex-param is an automated tool designed for finding reflected parameters for XSS vulnerabilities. It crawls a target website, extracts GET…☆62Feb 22, 2025Updated last year
- Comprehensive guide to configuring Kali Linux, a Debian-based Linux distribution designed for penetration testers. The guide covers every…☆38Jan 6, 2025Updated last year
- A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidde…☆442Apr 24, 2026Updated last month
- Template Nuclei SSTI☆34Nov 18, 2025Updated 6 months ago
- HackerOne Notifier is an automated bot that monitors new programs launched on HackerOne and sends Telegram Bot notifications whenever a n…☆22Nov 4, 2025Updated 6 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter☆3,481Feb 10, 2024Updated 2 years ago
- This is a python wrapper around the amazing KNOXSS API by Brute Logic☆286Mar 6, 2026Updated 2 months ago
- 1337 Wordlists for Bug Bounty Hunting☆961May 17, 2026Updated last week
- ☆598Aug 14, 2025Updated 9 months ago
- Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.☆777Nov 19, 2025Updated 6 months ago
- best tool for finding SQLi,CRLF,XSS,LFi,OpenRedirect☆1,572Dec 7, 2025Updated 5 months ago
- Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal, GhostArchive & Intelligence X!☆2,644Mar 8, 2026Updated 2 months ago
- AllForOne allows bug bounty hunters and security researchers to collect all Nuclei YAML templates from various public repositories,☆736Mar 21, 2024Updated 2 years ago
- Real-world infosec wordlists, updated regularly☆1,747May 16, 2026Updated last week
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- IDOR Scanner is a Burp Suite extension that automates the detection and enumeration of potentially vulnerable numeric fields to identify …☆45Feb 24, 2025Updated last year
- vhost scanning☆38Nov 1, 2023Updated 2 years ago
- All about bug bounty (bypasses, payloads, and etc)☆6,742Sep 8, 2023Updated 2 years ago
- Community curated list of nuclei templates for finding "unknown" security vulnerabilities.☆93May 2, 2024Updated 2 years ago
- Red Teaming and Penetration Testing Checklist, Cheatsheet, Clickscript☆143Oct 26, 2023Updated 2 years ago
- A list of useful payloads and bypass for Web Application Security☆14Nov 26, 2023Updated 2 years ago
- Welcome to the Bug Hunter's Wordlists repository! 🐛🔍 This repository serves as a comprehensive collection of essential wordlists utiliz…☆153May 17, 2024Updated 2 years ago
- LFI-FINDER is an open-source tool available on GitHub that focuses on detecting Local File Inclusion (LFI) vulnerabilities☆300Jan 7, 2024Updated 2 years ago
- 🚫 Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast…☆1,724Apr 12, 2026Updated last month
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Fuzz 401/403/404 pages for bypasses☆417Jan 22, 2026Updated 4 months ago
- JaelesFuzzer is a Powerful Automation tool for detecting XSS, SQLi, SSRF, Open-Redirect, etc.. Vulnerabilities in Web Applications☆22May 1, 2024Updated 2 years ago
- Automated Subdomain Enumeration and Scanning Tool☆116Oct 5, 2023Updated 2 years ago
- A cheat sheet that contains advanced queries for SQL Injection of all types.☆3,217May 13, 2023Updated 3 years ago
- Xss payload for bypassing waf☆18Apr 18, 2020Updated 6 years ago
- Rockyou for web fuzzing☆3,157Mar 11, 2026Updated 2 months ago
- ☆25Jan 11, 2023Updated 3 years ago