List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.
☆427Sep 20, 2024Updated last year
Alternatives and similar repositories for Offensive-Payloads
Users that are interested in Offensive-Payloads are comparing it to the libraries listed below
Sorting:
- A proper approach to pentest a Web application with the mixture of all useful payloads and complete testing guidance of attacks. Designed…☆101Feb 12, 2025Updated last year
- Scripts that are intended to help you in your pen-testing and bug-hunting efforts by automating various manual tasks, making your work mo…☆98Sep 27, 2025Updated 5 months ago
- Penetration testing tools cheat sheet, a quick reference high level overview for typical penetration testing engagements. Convenient comm…☆94Oct 13, 2025Updated 4 months ago
- This Repositories contains list of One Liners with Descriptions and Installation requirements☆500Jun 28, 2025Updated 8 months ago
- ex-param is an automated tool designed for finding reflected parameters for XSS vulnerabilities. It crawls a target website, extracts GET…☆63Feb 22, 2025Updated last year
- A compilation of important commands, files, and tools used in Pentesting☆53Jan 17, 2023Updated 3 years ago
- Template Nuclei SSTI☆34Nov 18, 2025Updated 3 months ago
- NucleiFuzzer is a robust automation tool that efficiently detects web application vulnerabilities, including XSS, SQLi, SSRF, and Open Re…☆1,823Aug 20, 2025Updated 6 months ago
- Passive Reconnaissance Techniques Approach helps for penetration testing and bug bounty hunting by gathering information about a target s…☆20Aug 19, 2025Updated 6 months ago
- My Favorite Offensive Security Scripts☆85Apr 25, 2025Updated 10 months ago
- A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidde…☆434Oct 16, 2025Updated 4 months ago
- Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.☆753Nov 19, 2025Updated 3 months ago
- Automated Subdomain Enumeration and Scanning Tool☆116Oct 5, 2023Updated 2 years ago
- This is a python wrapper around the amazing KNOXSS API by Brute Logic☆280Jan 12, 2026Updated last month
- ☆583Aug 14, 2025Updated 6 months ago
- 1337 Wordlists for Bug Bounty Hunting☆932Updated this week
- my own 2fa bypass methodolgy☆28Sep 22, 2023Updated 2 years ago
- ☆25Jan 11, 2023Updated 3 years ago
- LFI-FINDER is an open-source tool available on GitHub that focuses on detecting Local File Inclusion (LFI) vulnerabilities☆299Jan 7, 2024Updated 2 years ago
- This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter☆3,266Feb 10, 2024Updated 2 years ago
- Real-world infosec wordlists, updated regularly☆1,642Updated this week
- Passively check for XSS character encodings☆18Updated this week
- best tool for finding SQLi,CRLF,XSS,LFi,OpenRedirect☆1,524Dec 7, 2025Updated 2 months ago
- HackerOne Notifier is an automated bot that monitors new programs launched on HackerOne and sends Telegram Bot notifications whenever a n…☆22Nov 4, 2025Updated 4 months ago
- Welcome to the Bug Hunter's Wordlists repository! 🐛🔍 This repository serves as a comprehensive collection of essential wordlists utiliz…☆152May 17, 2024Updated last year
- AllForOne allows bug bounty hunters and security researchers to collect all Nuclei YAML templates from various public repositories,☆733Mar 21, 2024Updated last year
- Oneliner Bug Bounty Collection collected from GitHub to all bug bounty hunters☆36Dec 12, 2023Updated 2 years ago
- Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal, GhostArchive & Intelligence X!☆2,543Feb 7, 2026Updated 3 weeks ago
- A simple tool for bypassing file upload restrictions.☆893Jul 22, 2024Updated last year
- User-Agent , X-Forwarded-For and Referer SQLI Fuzzer☆382May 19, 2023Updated 2 years ago
- RedCloudOS is a Cloud Adversary Simulation Operating System for Red Teams to assess the Cloud Security of Leading Cloud Service Providers…☆673Feb 17, 2026Updated 2 weeks ago
- A collection of one-liners for bug bounty hunting.☆1,427Jan 21, 2025Updated last year
- Fuzz 401/403/404 pages for bypasses☆388Jan 22, 2026Updated last month
- All about bug bounty (bypasses, payloads, and etc)☆6,655Sep 8, 2023Updated 2 years ago
- Command & Control-Framework created for collaboration in python3☆322Aug 7, 2023Updated 2 years ago
- ☆38Apr 7, 2023Updated 2 years ago
- A modern tool written in Python that automates your xss findings.☆471Nov 26, 2023Updated 2 years ago
- CLI Search for Security Operators of MITRE ATT&CK URLs☆17Jan 5, 2023Updated 3 years ago
- Simple-XSS is a multiplatform cross-site scripting (XSS) vulnerability exploitation tool.☆48Jul 2, 2025Updated 8 months ago