Skip to content

Payload Playground

Tools Cheat Sheets CLI

⌘K

Playground Collections Practice Labs Methodology Map

Encoder / Decoder Hash Generator JWT Decoder Encoding Pipeline Regex Tester Header Analyzer Password Generator IP Calculator Timestamp Converter CVSS Calculator JS Deobfuscator MSFVenom Builder WAF Bypass Text Diff Favicon Hash CSP Evaluator Dork Generator HTTP Parser Payload Mutator GraphQL Tester Subdomain Takeover OAuth/OIDC Wizard Findings Documenter OWASP Checklist AI Payload Mutator Attack Chain Builder Header Scanner SSTI Identifier Shellcode Encoder SQLi Wizard Subdomain Wordlist CORS Scanner Callback Catcher DNS Lookup CT Search Nuclei Builder WAF Encoder What Is This?Cipher Decoder TTY Shell Upgrade Hash ID & Cracker WAF Evasion Studio API Security Hub Recon Hub API Security Studio Secret Scanner Email Header Analyzer Network Recon Smart Paste

SQL Injection NoSQL Injection GraphQL Injection XPath Injection LDAP Injection

XSS Payload SSRF File Upload Template Injection (SSTI)Prototype Pollution Open Redirect CORS Misconfiguration CSRF WAF Bypass Race Condition Web Cache Poisoning Business Logic

Reverse Shell Command Injection Local File Inclusion Cloud Attacks Privilege Escalation Cloud Infrastructure Mobile Security

JWT Payloads IDOR Active Directory

CRLF Injection HTTP Request Smuggling WebSocket Exploitation

XML External Entity (XXE)Insecure Deserialization

Home
Tools
Nmap

$loading...

Payload Playground

The one-stop shop for penetration testers. Generate payloads, decode tokens, analyze headers, and streamline your security testing workflow — all from your browser.

100% client-side processing

Tools

All Tools
Generators
Encoder / Decoder
JWT Decoder
Encoding Pipeline
Hash Generator

Resources

Blog
Documentation
Testing Guides
Cheatsheets
Glossary
Changelog
CTF Toolkit
Methodology Map

Features

Pentest in a Box
Report Templates
Embeddable Widgets
Playground
Collections
Labs
Alternatives
CLI Tool

Built with passion for the security community

No data leaves your browser.

© 2026 Payload Playground. All rights reserved.

Nmap Command Builder

Build nmap scan commands visually. Choose scan type, port range, timing, OS/service detection, NSE scripts, and output format. Includes red team notes for stealth scanning.

X LinkedIn Reddit

Command Builder

Scan Type

Half-open scan — fast and stealthy, sends SYN, does not complete handshake. Requires root.

Target

Port Range

Timing Template

Fast — assumes reliable network. Good for CTFs and labs.

Detection OptionsOS Detection (-O)Service Version (-sV)Default Scripts (-sC)Vuln Scripts (--script vuln)

Output Format

Normal (-oN)XML (-oX)Greppable (-oG)All Formats (-oA)

Verbosity

Verbose (-v)Debug (-d)

Additional Flags

Generated Command

$ nmap -sS -T4 <target>

Nmap Command Builder — Visual Nmap Scanner Generator | Payload Playground