PDF Files for Pentesting
β701Oct 4, 2024Updated last year
Alternatives and similar repositories for PayloadsAllThePDFs
Users that are interested in PayloadsAllThePDFs are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flawsβ3,953Oct 4, 2025Updated 5 months ago
- π Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.shβ3,636Nov 14, 2025Updated 4 months ago
- Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal, GhostArchive & Intelligence X!β2,574Mar 8, 2026Updated 2 weeks ago
- 70k+ WordPress Nuclei templates, updated daily from Wordfence intelβfilter by severity/tags/CVE and scan in one line. ππβ1,218Updated this week
- Extract URLs, paths, secrets, and other interesting bits from JavaScriptβ1,785May 22, 2024Updated last year
- DigitalOcean Gradient AI Platform β’ AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Burp Plugin to Bypass WAFs through the insertion of Junk Dataβ1,429Jul 14, 2025Updated 8 months ago
- Rockyou for web fuzzingβ3,094Mar 11, 2026Updated 2 weeks ago
- ππ¦ Dalfox is a powerful open-source XSS scanner and utility focused on automation.β4,884Updated this week
- Hidden parameters discovery suiteβ2,038Sep 8, 2024Updated last year
- NucleiFuzzer is a robust automation tool that efficiently detects web application vulnerabilities, including XSS, SQLi, SSRF, and Open Reβ¦β1,826Aug 20, 2025Updated 7 months ago
- declutters url lists for crawling/pentestingβ1,538Feb 23, 2025Updated last year
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable β¦β755Dec 19, 2023Updated 2 years ago
- A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formβ¦β1,117Jun 10, 2024Updated last year
- linWinPwn is a bash script that streamlines the use of a number of Active Directory toolsβ2,157Mar 8, 2026Updated 2 weeks ago
- GPU virtual machines on DigitalOcean Gradient AI β’ AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applicationsβ1,297Aug 7, 2025Updated 7 months ago
- APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intβ¦β959Jan 17, 2025Updated last year
- CVEs and Techniques used PDF as an attack vector.β112Jul 5, 2022Updated 3 years ago
- Fast and customizable subdomain wordlist generator using DSLβ935Feb 5, 2026Updated last month
- The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.β458Oct 3, 2023Updated 2 years ago
- i will upload more templates here to share with the comunity.β569Apr 17, 2024Updated last year
- An IIS short filename enumeration toolβ1,132Nov 25, 2024Updated last year
- Community curated list of nuclei templates for finding "unknown" security vulnerabilities.β91May 2, 2024Updated last year
- jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic using the CLI tool jsluiceβ293Apr 9, 2024Updated last year
- Managed Database hosting by DigitalOcean β’ AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- 1337 Wordlists for Bug Bounty Huntingβ937Updated this week
- Automated Tool for Testing Header Based Blind SQL Injectionβ324Jul 23, 2023Updated 2 years ago
- Awesome EDR Bypass Resources For Ethical Hackingβ1,497Jan 26, 2026Updated 2 months ago
- Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.β4,860Updated this week
- Amsi Bypass payload that works on Windwos 11β379Jul 30, 2023Updated 2 years ago
- A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.β795Updated this week
- β587Aug 14, 2025Updated 7 months ago
- Prototype Pollution and useful Script Gadgetsβ1,601Jan 27, 2024Updated 2 years ago
- Real-world infosec wordlists, updated regularlyβ1,725Updated this week
- Proton VPN Special Offer - Get 70% off β’ AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.β779Dec 9, 2025Updated 3 months ago
- All-in Fuzzer. Burp suite extension for auto fuzzing params, headers, bodyβ36Dec 13, 2025Updated 3 months ago
- WebLogic vulnerability exploration from beginner to expert.β155Apr 27, 2023Updated 2 years ago
- CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.β163Jul 2, 2024Updated last year
- Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.β562Mar 8, 2025Updated last year
- A simple tool for bypassing file upload restrictions.β896Jul 22, 2024Updated last year
- Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one plβ¦β1,040Aug 23, 2025Updated 7 months ago