Payloads All The Things

A list of useful payloads and bypasses for Web Application Security

Pricing: Free
Visit website

What is Payloads All The Things?

Payloads All The Things is a list of useful payloads and bypass for Web Application Security and Pentest/CTF. It is an exceptional resource for cybersecurity enthusiasts and security testers alike.

This open source repository, hosted on GitHub by the talented Swissky, is a treasure trove of diverse payloads and exploits that cover a wide range of security testing scenarios.

What makes Payloads All The Things standout?

One of its standout features is its comprehensive nature, offering payloads not just for web applications but also for various platforms, frameworks, and services.

Whether you're focused on penetration testing, ethical hacking, or simply eager to enhance your cybersecurity knowledge, Payloads All The Things has got you covered.

How to use Payloads All The Things?

Navigating the repository, users will discover a well-organized collection of payloads, exploits, techniques, and tricks. This meticulous categorization makes it easy to find the right tool for the job, saving valuable time.

Moreover, the repository is frequently updated, reflecting the dynamic landscape of cybersecurity. This commitment to staying current ensures that users have access to the latest and most effective payloads, aligning with the ever-evolving nature of cyber threats.

Is Payloads All The Things a community-driven project?

Yes, Payloads All The Things is a community-driven repository initiative that fosters collaboration and knowledge-sharing about cyber security and testing. Its user-friendly format encourages contributions from cybersecurity experts globally, creating a rich ecosystem of shared expertise.

You can checkout CONTRIBUTING.md file on Github to learn how you can contribute.

In essence, Payloads All The Things stands as a testament to the power of open source collaboration, providing an invaluable resource for individuals and organizations looking to fortify their digital defenses and stay ahead in the ongoing battle against cyber threats.

Swissky, main maintainor of the project is also maintaining,

More tools in Security Testing

Mariana Trench logo

Mariana Trench

Security Testing

Mariana Trench is a security focused static analysis platform targeting Android.



Security Testing

Simple, continuous and fully automated application security testing.

Cherrybomb logo


Security Testing

A CLI tool that helps you avoid undefined user behaviour by validating your API specifications.