All Generators

Generate reverse shell one-liners for various languages and OS targets.

Craft Cross-Site Scripting payloads with encoding and tag options.

Build SQL injection payloads for MySQL, PostgreSQL, MSSQL, and more.

Create OS command injection payloads with separators and encoding.

Generate LFI traversal payloads with wrappers and encoding options.

Craft Server-Side Request Forgery payloads with IP encoding tricks.

Generate malicious filenames and web shell content for upload testing.

Build XXE payloads for file retrieval, SSRF, and OOB exfiltration.

Create SSTI payloads for Jinja2, Twig, Freemarker, and more.

Generate deserialization exploit commands for Java, PHP, and .NET.

Craft NoSQL injection payloads for MongoDB and other databases.

Build prototype pollution payloads using __proto__ and constructor.

Generate CRLF injection payloads for header injection and response splitting.

Create and sign JWT tokens with various algorithms including 'none'.

Craft open redirect payloads with protocol-relative and domain bypass tricks.

Generate CORS misconfiguration PoC payloads for reflected origin and subdomain bypass testing.

Generate GraphQL injection payloads for introspection, batching, and query abuse.

Generate XPath injection payloads for authentication bypass and data extraction.

Generate LDAP injection payloads for authentication bypass and data extraction.

Generate HTTP request smuggling payloads for CL.TE, TE.CL, and HTTP/2 downgrade attacks.

Generate Cross-Site Request Forgery PoC payloads with auto-submit forms, XHR, and clickjacking.

Generate WAF evasion payloads using encoding tricks, case variations, and alternative syntax.

Generate Insecure Direct Object Reference testing payloads with sequential IDs, UUID tampering, and path traversal.

Generate race condition PoC payloads with parallel curl, Turbo Intruder, async Python, and last-byte sync.

Generate AWS, GCP, Azure, Kubernetes, and Docker attack payloads for metadata SSRF, IAM credential theft, and container escape.