https://github.com/sindecker/payload-reference

Payload Reference Book — Web Application, Post-Exploitation & Network Attack Payloads. Practical payload library for penetration testers.
https://github.com/sindecker/payload-reference

cybersecurity ethical-hacking payloads penetration-testing post-exploitation web-security

Last synced: 2 months ago
JSON representation

Payload Reference Book — Web Application, Post-Exploitation & Network Attack Payloads. Practical payload library for penetration testers.

• Host: GitHub
• URL: https://github.com/sindecker/payload-reference
• Owner: sindecker
• Created: 2026-03-17T10:29:14.000Z (4 months ago)
• Default Branch: main
• Last Pushed: 2026-03-17T10:29:22.000Z (4 months ago)
• Last Synced: 2026-03-18T01:30:52.319Z (3 months ago)
• Topics: cybersecurity, ethical-hacking, payloads, penetration-testing, post-exploitation, web-security
• Size: 101 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Payload Reference Book

**Author:** Matt McKee

**LinkedIn:** [linkedin.com/in/mattmckee-11193234](https://linkedin.com/in/mattmckee-11193234)

Professional penetration testing payload reference. A practical, no-filler library of web application attack payloads, post-exploitation commands, network attack techniques, and social engineering infrastructure — everything an authorized penetration tester needs during an engagement, organized for fast lookup.

---

## Table of Contents

### [Introduction & Appendices](payload_book_intro_appendix.md)

- Responsible Use Statement

- Appendix A: Vulnerability / Payload / Tool Cross-Reference

- Appendix B: Attack Surface / Book Mapping

- Appendix C: Engagement Checklist

- Appendix D: Wordlists and Dictionaries Reference

- Appendix E: Attacker Infrastructure Quick Setup

- Appendix F: Hash Reference

- Appendix G: Legal and Authorisation Templates

### [Part 1: Web Application Attacks](payload_book_part1_web.md)

- Section 1: SQL Injection

- Section 2: Cross-Site Scripting (XSS)

- Section 3: Command Injection

- Section 4: Server-Side Template Injection (SSTI)

- Section 5: XML External Entity (XXE)

- Section 6: Server-Side Request Forgery (SSRF)

- Section 7: File Inclusion

- Section 8: File Upload Attacks

- Section 9: Web Shells

- Section 10: Auth Bypass & Credential Attacks

### [Part 2: Post-Exploitation](payload_book_part2_postex.md)

- Section 11: Linux Post-Exploitation

- Section 12: Windows Post-Exploitation

- Section 13: Active Directory Attacks

### [Part 3: Network Attacks, Encoding & File Transfer](payload_book_part3_network.md)

- Section 14: Network Enumeration and Service Attacks

- Section 15: Wireless Attacks

- Section 17: Payload Encoding and Obfuscation

- Section 18: File Transfer Methods

- Section 19: Quick Reference Tables

### [Social Engineering Bridge](payload_book_part3_se_bridge.md)

- Section 16: Social Engineering — Payload Book Integration (Phishing Infrastructure, USB Drops, OSINT)

---

## Read Free Online

All content is available as Markdown files in this repository — readable directly on GitHub.

## Get the Formatted PDF

[Coming soon — formatted PDF version]

---

## License

Released for educational and professional use. You may use, adapt, and redistribute with attribution.

**Matt McKee** — [linkedin.com/in/mattmckee-11193234](https://linkedin.com/in/mattmckee-11193234)