$loading...
Copy-ready payload references for penetration testing. Each cheat sheet contains categorized payloads with descriptions, filter bypasses, and platform-specific variants.
Cross-Site Scripting (XSS) payloads for testing reflected, stored, and DOM-based XSS vulnerabilities.
SQL Injection payloads for testing authentication bypass, UNION-based, error-based, and blind injection.
Reverse shell one-liners for Bash, Python, PHP, Perl, Ruby, Netcat, PowerShell, and more.
OS command injection payloads for testing command separators, blind injection, and filter bypasses.
Local File Inclusion and Path Traversal payloads for reading files, bypassing filters, and PHP wrappers.
Server-Side Request Forgery payloads for accessing internal services, cloud metadata, and bypassing filters.
Server-Side Template Injection payloads for Jinja2, Twig, FreeMarker, ERB, and more template engines.
XML External Entity injection payloads for file reading, SSRF, out-of-band exfiltration, and denial of service.
Cross-Site Request Forgery proof-of-concept payloads for auto-submitting forms, XHR, fetch, and JSON CSRF.
JWT attack payloads for algorithm confusion, none algorithm, key injection, and claim manipulation.
File upload bypass payloads for extension filtering, MIME type checks, content validation, and webshell deployment.
Open redirect payloads for URL parsing confusion, protocol tricks, and filter bypass techniques.
NoSQL injection payloads for MongoDB, CouchDB, and other NoSQL databases.
Insecure Direct Object Reference testing techniques for sequential IDs, UUIDs, encoded references, and parameter tampering.
JavaScript prototype pollution payloads for __proto__, constructor, and deep merge exploitation.
CRLF injection payloads for HTTP response splitting, header injection, and log poisoning.
WAF evasion techniques for XSS, SQLi, RCE, and LFI payloads using encoding, comments, and alternative syntax.
HTTP request smuggling payloads for CL.TE, TE.CL, TE.TE desync, and HTTP/2 downgrade attacks.
Insecure deserialization payloads for Java, PHP, Python, and .NET with gadget chains and tool commands.
CORS misconfiguration exploitation payloads for origin reflection, null origin, and wildcard subdomain attacks.
Race condition payloads for exploiting time-of-check to time-of-use (TOCTOU) bugs in web applications.
GraphQL injection and exploitation payloads for testing GraphQL APIs — introspection, batching, injection, and DoS.
Linux privilege escalation techniques: SUID, sudo misconfigs, cron jobs, capabilities, writable files, path hijacking, kernel exploits, and container escapes.
Windows privilege escalation techniques: unquoted service paths, weak permissions, DLL hijacking, token impersonation, AlwaysInstallElevated, UAC bypass, and credential access.
Post-exploitation commands for shell stabilization, persistence, file transfer, data exfiltration, network pivoting, and covering tracks on Linux and Windows.
Cloud attack payloads for AWS, GCP, Azure, and Kubernetes. SSRF-to-metadata exploitation, IAM credential theft, S3/Cloud Storage misconfigs, container escape, and Kubernetes service account abuse.
Active Directory enumeration, Kerberoasting, AS-REP roasting, Pass-the-Hash, DCSync, Golden Ticket, and lateral movement techniques.
OAuth 2.0 and OpenID Connect attack techniques including CSRF via missing state, open redirect in redirect_uri, token scope escalation, and PKCE bypass.
API security testing techniques covering BOLA/IDOR, mass assignment, broken function level auth, excessive data exposure, SSRF, and shadow APIs.
Kubernetes security testing — pod enumeration, secrets access, RBAC abuse, privileged container escape, kubelet API exploitation, and etcd attacks.
Mobile application security testing — Android/iOS static analysis, ADB dynamic analysis, traffic interception, SSL pinning bypass, and Frida instrumentation.
Cloud security testing for AWS, GCP, and Azure — credential enumeration, privilege escalation paths, lateral movement, and service-specific attack techniques.
Docker container escape techniques — privileged container abuse, Docker socket exploitation, cgroup release agent escape, and capability-based escapes.
Complete nmap command reference for host discovery, port scanning, service enumeration, OS detection, NSE scripts, and IDS evasion.
Complete sqlmap reference for SQL injection enumeration, data extraction, file read/write, and OS shell access across all major databases.
Complete ffuf reference for directory fuzzing, parameter discovery, vhost enumeration, and filter tuning.
Complete gobuster reference for directory brute-forcing, DNS subdomain discovery, vhost enumeration, and fuzzing.
Complete hashcat reference for hash modes, attack types, mask characters, rule-based attacks, and optimization flags.
Complete hydra reference for brute-forcing SSH, FTP, HTTP forms, SMB, RDP, and other protocols.
Complete Metasploit reference for msfconsole, Meterpreter, session management, privilege escalation, and post-exploitation.
Burp Suite shortcuts, Repeater techniques, Intruder attack types, scanner tips, Match & Replace rules, and essential BApp extensions.
Complete chisel reference for TCP/SOCKS tunneling, reverse port forwarding, multi-hop pivoting, and firewall evasion.
Complete mimikatz reference for credential dumping, Pass-the-Hash, Pass-the-Ticket, Golden/Silver Tickets, and DCSync attacks.
Real, public XPath/XQuery injection techniques for authorized pentests, bug bounties, and CTFs — auth bypass, blind boolean extraction, error-based leaks, and out-of-band exfil.
Real, public LDAP injection techniques for authorized pentests, bug bounties, and CTFs — auth bypass, enumeration, blind extraction, filter manipulation, and encoding.
Copy-ready HTTP header payloads and techniques for finding and exploiting web cache poisoning and cache deception during authorized testing.
Copy-ready WebSocket attack payloads and PoCs for authorized testing: CSWSH, origin-check bypass, message/auth injection, and wscat/Burp tooling.
Real-world business logic abuse techniques for authorized pentests, bug bounties, and CTFs: price/quantity tampering, workflow bypass, coupon abuse, privilege assumptions, and race conditions.
Copy-ready Google search operators and dorks for authorized recon, plus equivalents for GitHub code search, Shodan, and Censys.
Copy-ready commands for discovering subdomains via passive sources, active brute force, permutations, probing, and takeover checks during authorized testing.
Minimal web shells, system() one-liners, upload filter bypasses, and post-upload command execution for authorized penetration testing and CTF engagements.
Copy-ready techniques for bypassing Content Security Policy during authorized pentests, bug-bounty, and CTF/OSCP engagements.
Copy-ready commands for OSCP-style stack buffer overflow exploitation: fuzzing, EIP offset, bad chars, JMP ESP, shellcode, and DEP/ROP.
Copy-ready commands and techniques for exploiting weak cryptography in web apps and CTFs during authorized testing.
Capture-time BPF filters vs post-capture display filters, essential filters for HTTP/DNS/TLS/TCP, credential and file extraction, and headless tshark/tcpdump/ngrep one-liners for authorized packet analysis.
A field-tested toolkit of copy-ready commands for solving CTF steganography challenges, from first-pass triage through image and audio extraction to passphrase recovery.
Copy-ready Bash one-liners for host discovery, file transfer, reverse shells, local enumeration, and data exfiltration during authorized pentests.
Copy-ready password spraying and credential stuffing commands for authorized pentests, with lockout-aware timing and scope guidance throughout.
Public, copy-ready DNS recon, SPF/DKIM/DMARC interpretation, authorized swaks spoof testing, and header analysis for authorized email security assessments.
Battle-tested regular expressions for finding secrets, scraping endpoints from source, spotting ReDoS, and recon with grep/ripgrep.
Passive and active reconnaissance recipes — domains, subdomains, people/email, code, and cloud — for authorized engagements.
Test session management for fixation, weak identifiers, cookie-scope flaws, cookie injection, and broken logout/invalidation.
Wireless auditing workflow for networks you own or are authorized to test — monitor mode, handshake/PMKID capture, and cracking.
DFIR and CTF forensics workflow — file/disk triage, memory analysis with Volatility3, network artifacts, and Windows evidence.
Binary RE workflow for CTF and malware triage — static analysis, disassemblers/decompilers, dynamic debugging, and patching.