{"id":28214370,"url":"https://github.com/kiran-kumar-k3/vulnerability-payload-lists","last_synced_at":"2026-02-02T19:32:26.854Z","repository":{"id":290748327,"uuid":"975443505","full_name":"KIRAN-KUMAR-K3/vulnerability-payload-lists","owner":"KIRAN-KUMAR-K3","description":"A curated repository of categorized payloads for testing and exploiting common web vulnerabilities in ethical hacking and penetration testing.","archived":false,"fork":false,"pushed_at":"2025-05-14T08:24:18.000Z","size":159,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-19T23:08:03.881Z","etag":null,"topics":["bugbounty","command-injection","payload-lists","payloads","sql","sqli-payloads","vulnerability-testing","xss","xss-payloads","xxe"],"latest_commit_sha":null,"homepage":"https://kirankumark3.blogspot.com/2025/04/complete-guide-to-setup-configure-test.html","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/KIRAN-KUMAR-K3.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-30T10:18:39.000Z","updated_at":"2025-05-14T08:24:21.000Z","dependencies_parsed_at":"2025-06-11T23:33:17.645Z","dependency_job_id":"5cc6f03e-4e33-4cc3-8b2c-a6f27b0a7238","html_url":"https://github.com/KIRAN-KUMAR-K3/vulnerability-payload-lists","commit_stats":null,"previous_names":["kiran-kumar-k3/vulnerability-payload-lists"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/KIRAN-KUMAR-K3/vulnerability-payload-lists","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KIRAN-KUMAR-K3%2Fvulnerability-payload-lists","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KIRAN-KUMAR-K3%2Fvulnerability-payload-lists/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KIRAN-KUMAR-K3%2Fvulnerability-payload-lists/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KIRAN-KUMAR-K3%2Fvulnerability-payload-lists/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/KIRAN-KUMAR-K3","download_url":"https://codeload.github.com/KIRAN-KUMAR-K3/vulnerability-payload-lists/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KIRAN-KUMAR-K3%2Fvulnerability-payload-lists/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29018006,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-02T18:51:31.335Z","status":"ssl_error","status_checked_at":"2026-02-02T18:49:20.777Z","response_time":58,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","command-injection","payload-lists","payloads","sql","sqli-payloads","vulnerability-testing","xss","xss-payloads","xxe"],"created_at":"2025-05-17T21:07:27.229Z","updated_at":"2026-02-02T19:32:26.839Z","avatar_url":"https://github.com/KIRAN-KUMAR-K3.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003e๐Ÿ” Vulnerability Payload Lists\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n \u003cem\u003eA curated, modular, and powerful collection of payloads for web application vulnerability testing โ€” built for ethical hackers, penetration testers, and cybersecurity researchers.\u003c/em\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://github.com/KIRAN-KUMAR-K3/vulnerability-payload-lists/stargazers\"\u003e\n \u003cimg src=\"https://img.shields.io/github/stars/KIRAN-KUMAR-K3/vulnerability-payload-lists?style=for-the-badge\u0026color=8e44ad\" alt=\"GitHub Stars\"\u003e\n \u003c/a\u003e\n \u003ca href=\"https://github.com/KIRAN-KUMAR-K3/vulnerability-payload-lists/issues\"\u003e\n \u003cimg src=\"https://img.shields.io/github/issues/KIRAN-KUMAR-K3/vulnerability-payload-lists?style=for-the-badge\u0026color=e67e22\" alt=\"GitHub Issues\"\u003e\n \u003c/a\u003e\n \u003ca href=\"https://github.com/KIRAN-KUMAR-K3/vulnerability-payload-lists/blob/main/LICENSE\"\u003e\n \u003cimg src=\"https://img.shields.io/github/license/KIRAN-KUMAR-K3/vulnerability-payload-lists?style=for-the-badge\u0026color=3498db\" alt=\"License: MIT\"\u003e\n \u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n## ๐Ÿงฐ What is this?\n\nThis repository provides a ready-to-use collection of **real-world payloads** commonly used in:\n\n- ๐Ÿ•ต๏ธโ€โ™‚๏ธ Bug bounty programs \n- ๐Ÿ” Vulnerability assessments \n- ๐ŸŽฏ Penetration testing \n- ๐Ÿงช CTF challenges \n- ๐Ÿ›ก๏ธ Security tool development\n\nEach payload is handpicked, categorized, and formatted for maximum effectiveness.\n\n\u003e โš ๏ธ **Disclaimer:** This project is intended for **educational and authorized testing purposes only**. Any misuse of this content is strictly prohibited.\n\n---\n\n## ๐Ÿ—‚๏ธ Directory Layout\n\n```bash\nOffensive-Payloads/\nโ”œโ”€โ”€ Command-Injection/\nโ”œโ”€โ”€ Directory-Traversal/\nโ”œโ”€โ”€ File-Extensions/\nโ”œโ”€โ”€ HTML-Injection/\nโ”œโ”€โ”€ IP-Headers/\nโ”œโ”€โ”€ Linux/\nโ”œโ”€โ”€ Open-Redirect/\nโ”œโ”€โ”€ PHP-Injection/\nโ”œโ”€โ”€ Reverse-Shell/\nโ”œโ”€โ”€ RFI-LFI/\nโ”œโ”€โ”€ SQLI/\nโ”œโ”€โ”€ SSRF/\nโ”œโ”€โ”€ Windows/\nโ”œโ”€โ”€ XSS/\nโ””โ”€โ”€ XXE/\n````\n\nEach directory contains `.txt` or `.md` files with hand-curated payloads.\n\n---\n\n## ๐Ÿ“š Categories \u0026 Payload Types\n\n### ๐Ÿงฌ SQL Injection (SQLi)\n\n* Generic error-based, time-based, and union-select payloads\n* Auth bypass tricks\n* JOIN/break queries\n\n### ๐Ÿ’‰ Command Injection\n\n* OS command payloads for Unix/Linux and Windows\n* Logic chaining and bypass payloads\n\n### ๐Ÿ“‚ File Inclusion (RFI / LFI)\n\n* Local and remote inclusion\n* Path traversal payloads\n\n### ๐Ÿงจ Cross-Site Scripting (XSS)\n\n* Reflected / Stored / DOM-based\n* File-read via injection\n* Advanced WAF bypass strings\n\n### ๐Ÿงพ HTML Injection\n\n* Classic and advanced HTML content injection payloads\n\n### ๐Ÿ›ฐ๏ธ Server-Side Request Forgery (SSRF)\n\n* Internal resource discovery payloads\n* SSRF chaining examples\n\n### ๐Ÿ”€ Open Redirect\n\n* Redirection bypass and manipulation payloads\n\n### ๐Ÿ—ƒ๏ธ Directory Traversal\n\n* OS path traversal vectors for Unix and Windows\n\n### ๐Ÿ“„ XML External Entity (XXE)\n\n* XXE file read, SSRF, and out-of-band (OOB) payloads\n\n### ๐Ÿ˜ PHP Injection\n\n* Code injection payloads in PHP environments\n\n### ๐Ÿงท MIME/File Extensions\n\n* MIME-type \u0026 extension tricks for bypass and upload testing\n\n### ๐Ÿงพ IP Header Injection\n\n* Spoofed headers for bypassing IP-based access controls\n\n### ๐Ÿง Linux / ๐ŸชŸ Windows\n\n* Sensitive file access\n* Log file paths\n\n### ๐Ÿ”„ Reverse Shells\n\n* One-liner PHP reverse shell snippet\n\n---\n\n## ๐Ÿš€ Getting Started\n\n```bash\n# Clone the repository\ngit clone https://github.com/KIRAN-KUMAR-K3/vulnerability-payload-lists.git\ncd vulnerability-payload-lists\n\n# Explore payloads\ncat SQLI/Generic\\ SQL\\ Injection\\ Payloads.txt\n```\n\n๐Ÿ› ๏ธ Use payloads in tools like:\n\n* Burp Suite\n* OWASP ZAP\n* Ffuf / Dirsearch / wfuzz\n* Custom Python/Bash scripts\n* Manual browser/postman testing\n\n---\n\n## โœ… Perfect For\n\n* โœ”๏ธ Ethical Hackers\n* โœ”๏ธ Red / Blue Teamers\n* โœ”๏ธ SOC Analysts\n* โœ”๏ธ Cybersecurity Students\n* โœ”๏ธ Bug Bounty Hunters\n* โœ”๏ธ CTF Players\n\n---\n\n## ๐Ÿค Contribute\n\n๐Ÿ’ก Found a new payload? See something to improve?\n\n1. Fork the repository\n2. Create a branch\n3. Add/edit payloads\n4. Submit a pull request\n\nAll contributions are welcomed and appreciated ๐Ÿ™Œ\n\n---\n\n## ๐Ÿ“Œ Legal Notice\n\n\u003e โš ๏ธ This project is for **educational use only** and should **not be used against any system without explicit authorization**.\n\u003e Use responsibly and follow the law.\n\n---\n\n## โญ Show Your Support\n\nIf this repo helped you in any way, show your support:\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkiran-kumar-k3%2Fvulnerability-payload-lists","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkiran-kumar-k3%2Fvulnerability-payload-lists","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkiran-kumar-k3%2Fvulnerability-payload-lists/lists"}