PDF Files for Pentesting
β710Oct 4, 2024Updated last year
Alternatives and similar repositories for PayloadsAllThePDFs
Users that are interested in PayloadsAllThePDFs are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flawsβ3,985Oct 4, 2025Updated 7 months ago
- π Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF vieβ¦β3,677Apr 20, 2026Updated 2 weeks ago
- Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal, GhostArchive & Intelligence X!β2,625Mar 8, 2026Updated last month
- 70k+ WordPress Nuclei templates, updated daily from Wordfence intelβfilter by severity/tags/CVE and scan in one line. ππβ1,231Updated this week
- Extract URLs, paths, secrets, and other interesting bits from JavaScriptβ1,824May 22, 2024Updated last year
- Managed hosting for WordPress and PHP on Cloudways β’ AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- ππ¦ Dalfox is a powerful open-source XSS scanner and utility focused on automation.β4,959Updated this week
- Rockyou for web fuzzingβ3,141Mar 11, 2026Updated last month
- Burp Plugin to Bypass WAFs through the insertion of Junk Dataβ1,472Jul 14, 2025Updated 9 months ago
- Hidden parameters discovery suiteβ2,052Sep 8, 2024Updated last year
- NucleiFuzzer is a robust automation tool that efficiently detects web application vulnerabilities, including XSS, SQLi, SSRF, and Open Reβ¦β1,837Apr 17, 2026Updated 2 weeks ago
- declutters url lists for crawling/pentestingβ1,551Feb 23, 2025Updated last year
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable β¦β756Dec 19, 2023Updated 2 years ago
- linWinPwn is a bash script that streamlines the use of a number of Active Directory toolsβ2,175Updated this week
- A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formβ¦β1,145Jun 10, 2024Updated last year
- Managed hosting for WordPress and PHP on Cloudways β’ AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applicationsβ1,340Aug 7, 2025Updated 8 months ago
- APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intβ¦β965Jan 17, 2025Updated last year
- i will upload more templates here to share with the comunity.β569Apr 17, 2024Updated 2 years ago
- Fast and customizable subdomain wordlist generator using DSLβ947Feb 5, 2026Updated 3 months ago
- The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.β464Oct 3, 2023Updated 2 years ago
- Community curated list of nuclei templates for finding "unknown" security vulnerabilities.β91May 2, 2024Updated 2 years ago
- An IIS short filename enumeration toolβ1,153Nov 25, 2024Updated last year
- Automated Tool for Testing Header Based Blind SQL Injectionβ323Jul 23, 2023Updated 2 years ago
- jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic using the CLI tool jsluiceβ294Apr 9, 2024Updated 2 years ago
- Deploy open-source AI quickly and easily - Special Bonus Offer β’ AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- 1337 Wordlists for Bug Bounty Huntingβ956Updated this week
- Awesome EDR Bypass Resources For Ethical Hackingβ1,522Jan 26, 2026Updated 3 months ago
- Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.β4,915Mar 20, 2026Updated last month
- Amsi Bypass payload that works on Windwos 11β381Jul 30, 2023Updated 2 years ago
- A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.β845Mar 24, 2026Updated last month
- β594Aug 14, 2025Updated 8 months ago
- Prototype Pollution and useful Script Gadgetsβ1,617Jan 27, 2024Updated 2 years ago
- All-in Fuzzer. Burp suite extension for auto fuzzing params, headers, bodyβ36Apr 9, 2026Updated 3 weeks ago
- Real-world infosec wordlists, updated regularlyβ1,746Updated this week
- GPU virtual machines on DigitalOcean Gradient AI β’ AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- WebLogic vulnerability exploration from beginner to expert.β154Apr 27, 2023Updated 3 years ago
- A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.β792Dec 9, 2025Updated 4 months ago
- Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.β562Mar 8, 2025Updated last year
- CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.β165Jul 2, 2024Updated last year
- A simple tool for bypassing file upload restrictions.β901Jul 22, 2024Updated last year
- Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one plβ¦β1,042Aug 23, 2025Updated 8 months ago
- Content-Type Researchβ663Jun 29, 2025Updated 10 months ago