%FILES%
usr/
usr/share/
usr/share/doc/
usr/share/doc/payloadsallthethings/
usr/share/doc/payloadsallthethings/CONTRIBUTING.md
usr/share/doc/payloadsallthethings/DISCLAIMER.md
usr/share/doc/payloadsallthethings/README.md
usr/share/licenses/
usr/share/licenses/payloadsallthethings/
usr/share/licenses/payloadsallthethings/LICENSE
usr/share/payloadsallthethings/
usr/share/payloadsallthethings/API Key Leaks/
usr/share/payloadsallthethings/API Key Leaks/Files/
usr/share/payloadsallthethings/API Key Leaks/Files/MachineKeys.txt
usr/share/payloadsallthethings/API Key Leaks/IIS-Machine-Keys.md
usr/share/payloadsallthethings/API Key Leaks/README.md
usr/share/payloadsallthethings/Account Takeover/
usr/share/payloadsallthethings/Account Takeover/README.md
usr/share/payloadsallthethings/Account Takeover/mfa-bypass.md
usr/share/payloadsallthethings/Brute Force Rate Limit/
usr/share/payloadsallthethings/Brute Force Rate Limit/README.md
usr/share/payloadsallthethings/Business Logic Errors/
usr/share/payloadsallthethings/Business Logic Errors/README.md
usr/share/payloadsallthethings/CORS Misconfiguration/
usr/share/payloadsallthethings/CORS Misconfiguration/README.md
usr/share/payloadsallthethings/CRLF Injection/
usr/share/payloadsallthethings/CRLF Injection/Files/
usr/share/payloadsallthethings/CRLF Injection/Files/crlfinjection.txt
usr/share/payloadsallthethings/CRLF Injection/README.md
usr/share/payloadsallthethings/CSS Injection/
usr/share/payloadsallthethings/CSS Injection/README.md
usr/share/payloadsallthethings/CSV Injection/
usr/share/payloadsallthethings/CSV Injection/README.md
usr/share/payloadsallthethings/CVE Exploits/
usr/share/payloadsallthethings/CVE Exploits/Log4Shell.md
usr/share/payloadsallthethings/CVE Exploits/README.md
usr/share/payloadsallthethings/Clickjacking/
usr/share/payloadsallthethings/Clickjacking/README.md
usr/share/payloadsallthethings/Client Side Path Traversal/
usr/share/payloadsallthethings/Client Side Path Traversal/README.md
usr/share/payloadsallthethings/Command Injection/
usr/share/payloadsallthethings/Command Injection/Intruder/
usr/share/payloadsallthethings/Command Injection/Intruder/command-execution-unix.txt
usr/share/payloadsallthethings/Command Injection/Intruder/command_exec.txt
usr/share/payloadsallthethings/Command Injection/README.md
usr/share/payloadsallthethings/Cross-Site Request Forgery/
usr/share/payloadsallthethings/Cross-Site Request Forgery/Images/
usr/share/payloadsallthethings/Cross-Site Request Forgery/Images/CSRF-CheatSheet.png
usr/share/payloadsallthethings/Cross-Site Request Forgery/README.md
usr/share/payloadsallthethings/DNS Rebinding/
usr/share/payloadsallthethings/DNS Rebinding/README.md
usr/share/payloadsallthethings/DOM Clobbering/
usr/share/payloadsallthethings/DOM Clobbering/README.md
usr/share/payloadsallthethings/Denial of Service/
usr/share/payloadsallthethings/Denial of Service/README.md
usr/share/payloadsallthethings/Dependency Confusion/
usr/share/payloadsallthethings/Dependency Confusion/README.md
usr/share/payloadsallthethings/Directory Traversal/
usr/share/payloadsallthethings/Directory Traversal/Intruder/
usr/share/payloadsallthethings/Directory Traversal/Intruder/deep_traversal.txt
usr/share/payloadsallthethings/Directory Traversal/Intruder/directory_traversal.txt
usr/share/payloadsallthethings/Directory Traversal/Intruder/dotdotpwn.txt
usr/share/payloadsallthethings/Directory Traversal/Intruder/traversals-8-deep-exotic-encoding.txt
usr/share/payloadsallthethings/Directory Traversal/README.md
usr/share/payloadsallthethings/Encoding Transformations/
usr/share/payloadsallthethings/Encoding Transformations/README.md
usr/share/payloadsallthethings/External Variable Modification/
usr/share/payloadsallthethings/External Variable Modification/README.md
usr/share/payloadsallthethings/File Inclusion/
usr/share/payloadsallthethings/File Inclusion/Files/
usr/share/payloadsallthethings/File Inclusion/Files/LFI2RCE.py
usr/share/payloadsallthethings/File Inclusion/Files/phpinfolfi.py
usr/share/payloadsallthethings/File Inclusion/Files/uploadlfi.py
usr/share/payloadsallthethings/File Inclusion/Intruders/
usr/share/payloadsallthethings/File Inclusion/Intruders/BSD-files.txt
usr/share/payloadsallthethings/File Inclusion/Intruders/JHADDIX_LFI.txt
usr/share/payloadsallthethings/File Inclusion/Intruders/LFI-FD-check.txt
usr/share/payloadsallthethings/File Inclusion/Intruders/LFI-WindowsFileCheck.txt
usr/share/payloadsallthethings/File Inclusion/Intruders/Linux-files.txt
usr/share/payloadsallthethings/File Inclusion/Intruders/List_Of_File_To_Include.txt
usr/share/payloadsallthethings/File Inclusion/Intruders/List_Of_File_To_Include_NullByteAdded.txt
usr/share/payloadsallthethings/File Inclusion/Intruders/Mac-files.txt
usr/share/payloadsallthethings/File Inclusion/Intruders/Traversal.txt
usr/share/payloadsallthethings/File Inclusion/Intruders/Web-files.txt
usr/share/payloadsallthethings/File Inclusion/Intruders/Windows-files.txt
usr/share/payloadsallthethings/File Inclusion/Intruders/dot-slash-PathTraversal_and_LFI_pairing.txt
usr/share/payloadsallthethings/File Inclusion/Intruders/php-filter-iconv.txt
usr/share/payloadsallthethings/File Inclusion/Intruders/simple-check.txt
usr/share/payloadsallthethings/File Inclusion/LFI-to-RCE.md
usr/share/payloadsallthethings/File Inclusion/README.md
usr/share/payloadsallthethings/File Inclusion/Wrappers.md
usr/share/payloadsallthethings/Google Web Toolkit/
usr/share/payloadsallthethings/Google Web Toolkit/README.md
usr/share/payloadsallthethings/GraphQL Injection/
usr/share/payloadsallthethings/GraphQL Injection/Images/
usr/share/payloadsallthethings/GraphQL Injection/Images/htb-help.png
usr/share/payloadsallthethings/GraphQL Injection/README.md
usr/share/payloadsallthethings/HTTP Parameter Pollution/
usr/share/payloadsallthethings/HTTP Parameter Pollution/README.md
usr/share/payloadsallthethings/Headless Browser/
usr/share/payloadsallthethings/Headless Browser/README.md
usr/share/payloadsallthethings/Headless Browser/files/
usr/share/payloadsallthethings/Headless Browser/files/iframe.html
usr/share/payloadsallthethings/Headless Browser/files/window_location_js.html
usr/share/payloadsallthethings/Hidden Parameters/
usr/share/payloadsallthethings/Hidden Parameters/README.md
usr/share/payloadsallthethings/Insecure Deserialization/
usr/share/payloadsallthethings/Insecure Deserialization/DotNET.md
usr/share/payloadsallthethings/Insecure Deserialization/Files/
usr/share/payloadsallthethings/Insecure Deserialization/Files/Ruby_universal_gadget_generate_verify.rb
usr/share/payloadsallthethings/Insecure Deserialization/Files/node-serialize.js
usr/share/payloadsallthethings/Insecure Deserialization/Files/ruby-serialize.yaml
usr/share/payloadsallthethings/Insecure Deserialization/Images/
usr/share/payloadsallthethings/Insecure Deserialization/Images/NETNativeFormatters.png
usr/share/payloadsallthethings/Insecure Deserialization/Java.md
usr/share/payloadsallthethings/Insecure Deserialization/Node.md
usr/share/payloadsallthethings/Insecure Deserialization/PHP.md
usr/share/payloadsallthethings/Insecure Deserialization/Python.md
usr/share/payloadsallthethings/Insecure Deserialization/README.md
usr/share/payloadsallthethings/Insecure Deserialization/Ruby.md
usr/share/payloadsallthethings/Insecure Direct Object References/
usr/share/payloadsallthethings/Insecure Direct Object References/Images/
usr/share/payloadsallthethings/Insecure Direct Object References/Images/idor.png
usr/share/payloadsallthethings/Insecure Direct Object References/README.md
usr/share/payloadsallthethings/Insecure Management Interface/
usr/share/payloadsallthethings/Insecure Management Interface/Intruder/
usr/share/payloadsallthethings/Insecure Management Interface/Intruder/springboot_actuator.txt
usr/share/payloadsallthethings/Insecure Management Interface/README.md
usr/share/payloadsallthethings/Insecure Randomness/
usr/share/payloadsallthethings/Insecure Randomness/README.md
usr/share/payloadsallthethings/Insecure Source Code Management/
usr/share/payloadsallthethings/Insecure Source Code Management/Bazaar.md
usr/share/payloadsallthethings/Insecure Source Code Management/Files/
usr/share/payloadsallthethings/Insecure Source Code Management/Files/github-dorks.txt
usr/share/payloadsallthethings/Insecure Source Code Management/Git.md
usr/share/payloadsallthethings/Insecure Source Code Management/Mercurial.md
usr/share/payloadsallthethings/Insecure Source Code Management/README.md
usr/share/payloadsallthethings/Insecure Source Code Management/Subversion.md
usr/share/payloadsallthethings/JSON Web Token/
usr/share/payloadsallthethings/JSON Web Token/README.md
usr/share/payloadsallthethings/Java RMI/
usr/share/payloadsallthethings/Java RMI/README.md
usr/share/payloadsallthethings/LDAP Injection/
usr/share/payloadsallthethings/LDAP Injection/Intruder/
usr/share/payloadsallthethings/LDAP Injection/Intruder/LDAP_FUZZ.txt
usr/share/payloadsallthethings/LDAP Injection/Intruder/LDAP_FUZZ_SMALL.txt
usr/share/payloadsallthethings/LDAP Injection/Intruder/LDAP_attributes.txt
usr/share/payloadsallthethings/LDAP Injection/README.md
usr/share/payloadsallthethings/LaTeX Injection/
usr/share/payloadsallthethings/LaTeX Injection/README.md
usr/share/payloadsallthethings/Mass Assignment/
usr/share/payloadsallthethings/Mass Assignment/README.md
usr/share/payloadsallthethings/Methodology and Resources/
usr/share/payloadsallthethings/Methodology and Resources/Active Directory Attack.md
usr/share/payloadsallthethings/Methodology and Resources/Bind Shell Cheatsheet.md
usr/share/payloadsallthethings/Methodology and Resources/Cloud - AWS Pentest.md
usr/share/payloadsallthethings/Methodology and Resources/Cloud - Azure Pentest.md
usr/share/payloadsallthethings/Methodology and Resources/Cobalt Strike - Cheatsheet.md
usr/share/payloadsallthethings/Methodology and Resources/Container - Docker Pentest.md
usr/share/payloadsallthethings/Methodology and Resources/Container - Kubernetes Pentest.md
usr/share/payloadsallthethings/Methodology and Resources/Escape Breakout.md
usr/share/payloadsallthethings/Methodology and Resources/HTML Smuggling.md
usr/share/payloadsallthethings/Methodology and Resources/Hash Cracking.md
usr/share/payloadsallthethings/Methodology and Resources/Initial Access.md
usr/share/payloadsallthethings/Methodology and Resources/Linux - Evasion.md
usr/share/payloadsallthethings/Methodology and Resources/Linux - Persistence.md
usr/share/payloadsallthethings/Methodology and Resources/Linux - Privilege Escalation.md
usr/share/payloadsallthethings/Methodology and Resources/MSSQL Server - Cheatsheet.md
usr/share/payloadsallthethings/Methodology and Resources/Metasploit - Cheatsheet.md
usr/share/payloadsallthethings/Methodology and Resources/Methodology and enumeration.md
usr/share/payloadsallthethings/Methodology and Resources/Network Discovery.md
usr/share/payloadsallthethings/Methodology and Resources/Network Pivoting Techniques.md
usr/share/payloadsallthethings/Methodology and Resources/Office - Attacks.md
usr/share/payloadsallthethings/Methodology and Resources/Powershell - Cheatsheet.md
usr/share/payloadsallthethings/Methodology and Resources/Reverse Shell Cheatsheet.md
usr/share/payloadsallthethings/Methodology and Resources/Source Code Management.md
usr/share/payloadsallthethings/Methodology and Resources/Vulnerability Reports.md
usr/share/payloadsallthethings/Methodology and Resources/Web Attack Surface.md
usr/share/payloadsallthethings/Methodology and Resources/Windows - AMSI Bypass.md
usr/share/payloadsallthethings/Methodology and Resources/Windows - DPAPI.md
usr/share/payloadsallthethings/Methodology and Resources/Windows - Defenses.md
usr/share/payloadsallthethings/Methodology and Resources/Windows - Download and Execute.md
usr/share/payloadsallthethings/Methodology and Resources/Windows - Mimikatz.md
usr/share/payloadsallthethings/Methodology and Resources/Windows - Persistence.md
usr/share/payloadsallthethings/Methodology and Resources/Windows - Privilege Escalation.md
usr/share/payloadsallthethings/Methodology and Resources/Windows - Using credentials.md
usr/share/payloadsallthethings/NoSQL Injection/
usr/share/payloadsallthethings/NoSQL Injection/Intruder/
usr/share/payloadsallthethings/NoSQL Injection/Intruder/MongoDB.txt
usr/share/payloadsallthethings/NoSQL Injection/Intruder/NoSQL.txt
usr/share/payloadsallthethings/NoSQL Injection/README.md
usr/share/payloadsallthethings/OAuth Misconfiguration/
usr/share/payloadsallthethings/OAuth Misconfiguration/README.md
usr/share/payloadsallthethings/ORM Leak/
usr/share/payloadsallthethings/ORM Leak/README.md
usr/share/payloadsallthethings/Open Redirect/
usr/share/payloadsallthethings/Open Redirect/Intruder/
usr/share/payloadsallthethings/Open Redirect/Intruder/Open-Redirect-payloads.txt
usr/share/payloadsallthethings/Open Redirect/Intruder/open_redirect_wordlist.txt
usr/share/payloadsallthethings/Open Redirect/Intruder/openredirects.txt
usr/share/payloadsallthethings/Open Redirect/README.md
usr/share/payloadsallthethings/Prompt Injection/
usr/share/payloadsallthethings/Prompt Injection/README.md
usr/share/payloadsallthethings/Prototype Pollution/
usr/share/payloadsallthethings/Prototype Pollution/README.md
usr/share/payloadsallthethings/Race Condition/
usr/share/payloadsallthethings/Race Condition/README.md
usr/share/payloadsallthethings/Regular Expression/
usr/share/payloadsallthethings/Regular Expression/README.md
usr/share/payloadsallthethings/Request Smuggling/
usr/share/payloadsallthethings/Request Smuggling/README.md
usr/share/payloadsallthethings/Reverse Proxy Misconfigurations/
usr/share/payloadsallthethings/Reverse Proxy Misconfigurations/README.md
usr/share/payloadsallthethings/SAML Injection/
usr/share/payloadsallthethings/SAML Injection/Images/
usr/share/payloadsallthethings/SAML Injection/Images/SAML-xml-flaw.png
usr/share/payloadsallthethings/SAML Injection/Images/XSLT1.jpg
usr/share/payloadsallthethings/SAML Injection/README.md
usr/share/payloadsallthethings/SQL Injection/
usr/share/payloadsallthethings/SQL Injection/BigQuery Injection.md
usr/share/payloadsallthethings/SQL Injection/Cassandra Injection.md
usr/share/payloadsallthethings/SQL Injection/DB2 Injection.md
usr/share/payloadsallthethings/SQL Injection/Images/
usr/share/payloadsallthethings/SQL Injection/Images/PostgreSQL_cmd_exec.png
usr/share/payloadsallthethings/SQL Injection/Images/Unicode_SQL_injection.png
usr/share/payloadsallthethings/SQL Injection/Images/wildcard_underscore.jpg
usr/share/payloadsallthethings/SQL Injection/Intruder/
usr/share/payloadsallthethings/SQL Injection/Intruder/Auth_Bypass.txt
usr/share/payloadsallthethings/SQL Injection/Intruder/Auth_Bypass2.txt
usr/share/payloadsallthethings/SQL Injection/Intruder/FUZZDB_MSSQL-WHERE_Time.txt
usr/share/payloadsallthethings/SQL Injection/Intruder/FUZZDB_MSSQL.txt
usr/share/payloadsallthethings/SQL Injection/Intruder/FUZZDB_MSSQL_Enumeration.txt
usr/share/payloadsallthethings/SQL Injection/Intruder/FUZZDB_MYSQL.txt
usr/share/payloadsallthethings/SQL Injection/Intruder/FUZZDB_MySQL-WHERE_Time.txt
usr/share/payloadsallthethings/SQL Injection/Intruder/FUZZDB_MySQL_ReadLocalFiles.txt
usr/share/payloadsallthethings/SQL Injection/Intruder/FUZZDB_Oracle.txt
usr/share/payloadsallthethings/SQL Injection/Intruder/FUZZDB_Postgres_Enumeration.txt
usr/share/payloadsallthethings/SQL Injection/Intruder/Generic_ErrorBased.txt
usr/share/payloadsallthethings/SQL Injection/Intruder/Generic_Fuzz.txt
usr/share/payloadsallthethings/SQL Injection/Intruder/Generic_TimeBased.txt
usr/share/payloadsallthethings/SQL Injection/Intruder/Generic_UnionSelect.txt
usr/share/payloadsallthethings/SQL Injection/Intruder/SQL-Injection
usr/share/payloadsallthethings/SQL Injection/Intruder/SQLi_Polyglots.txt
usr/share/payloadsallthethings/SQL Injection/Intruder/payloads-sql-blind-MSSQL-INSERT
usr/share/payloadsallthethings/SQL Injection/Intruder/payloads-sql-blind-MSSQL-WHERE
usr/share/payloadsallthethings/SQL Injection/Intruder/payloads-sql-blind-MySQL-INSERT
usr/share/payloadsallthethings/SQL Injection/Intruder/payloads-sql-blind-MySQL-ORDER_BY
usr/share/payloadsallthethings/SQL Injection/Intruder/payloads-sql-blind-MySQL-WHERE
usr/share/payloadsallthethings/SQL Injection/MSSQL Injection.md
usr/share/payloadsallthethings/SQL Injection/MySQL Injection.md
usr/share/payloadsallthethings/SQL Injection/OracleSQL Injection.md
usr/share/payloadsallthethings/SQL Injection/PostgreSQL Injection.md
usr/share/payloadsallthethings/SQL Injection/README.md
usr/share/payloadsallthethings/SQL Injection/SQLite Injection.md
usr/share/payloadsallthethings/SQL Injection/SQLmap.md
usr/share/payloadsallthethings/Server Side Include Injection/
usr/share/payloadsallthethings/Server Side Include Injection/Files/
usr/share/payloadsallthethings/Server Side Include Injection/Files/ssi_esi.txt
usr/share/payloadsallthethings/Server Side Include Injection/README.md
usr/share/payloadsallthethings/Server Side Request Forgery/
usr/share/payloadsallthethings/Server Side Request Forgery/Files/
usr/share/payloadsallthethings/Server Side Request Forgery/Files/SSRF_expect.svg
usr/share/payloadsallthethings/Server Side Request Forgery/Files/SSRF_url.svg
usr/share/payloadsallthethings/Server Side Request Forgery/Files/ip.py
usr/share/payloadsallthethings/Server Side Request Forgery/Files/ssrf_ffmpeg.avi
usr/share/payloadsallthethings/Server Side Request Forgery/Files/ssrf_iframe.svg
usr/share/payloadsallthethings/Server Side Request Forgery/Files/ssrf_svg_css_import.svg
usr/share/payloadsallthethings/Server Side Request Forgery/Files/ssrf_svg_css_link.svg
usr/share/payloadsallthethings/Server Side Request Forgery/Files/ssrf_svg_css_xmlstylesheet.svg
usr/share/payloadsallthethings/Server Side Request Forgery/Files/ssrf_svg_image.svg
usr/share/payloadsallthethings/Server Side Request Forgery/Files/ssrf_svg_use.svg
usr/share/payloadsallthethings/Server Side Request Forgery/Images/
usr/share/payloadsallthethings/Server Side Request Forgery/Images/Parser and Curl less than 7.54.png
usr/share/payloadsallthethings/Server Side Request Forgery/Images/SSRF_PDF.png
usr/share/payloadsallthethings/Server Side Request Forgery/Images/SSRF_Parser.png
usr/share/payloadsallthethings/Server Side Request Forgery/Images/SSRF_stream.png
usr/share/payloadsallthethings/Server Side Request Forgery/Images/WeakParser.jpg
usr/share/payloadsallthethings/Server Side Request Forgery/Images/aws-cli.jpg
usr/share/payloadsallthethings/Server Side Request Forgery/README.md
usr/share/payloadsallthethings/Server Side Request Forgery/SSRF-Advanced-Exploitation.md
usr/share/payloadsallthethings/Server Side Request Forgery/SSRF-Cloud-Instances.md
usr/share/payloadsallthethings/Server Side Template Injection/
usr/share/payloadsallthethings/Server Side Template Injection/ASP.md
usr/share/payloadsallthethings/Server Side Template Injection/Elixir.md
usr/share/payloadsallthethings/Server Side Template Injection/Images/
usr/share/payloadsallthethings/Server Side Template Injection/Images/serverside.png
usr/share/payloadsallthethings/Server Side Template Injection/Images/technique_Boolean-Based.png
usr/share/payloadsallthethings/Server Side Template Injection/Images/technique_Error-Based.png
usr/share/payloadsallthethings/Server Side Template Injection/Images/technique_Polyglot-Based.png
usr/share/payloadsallthethings/Server Side Template Injection/Images/technique_Rendered.png
usr/share/payloadsallthethings/Server Side Template Injection/Images/technique_Time-Based.png
usr/share/payloadsallthethings/Server Side Template Injection/Images/template-library.jpg
usr/share/payloadsallthethings/Server Side Template Injection/Intruder/
usr/share/payloadsallthethings/Server Side Template Injection/Intruder/ssti.fuzz
usr/share/payloadsallthethings/Server Side Template Injection/Java.md
usr/share/payloadsallthethings/Server Side Template Injection/JavaScript.md
usr/share/payloadsallthethings/Server Side Template Injection/PHP.md
usr/share/payloadsallthethings/Server Side Template Injection/Python.md
usr/share/payloadsallthethings/Server Side Template Injection/README.md
usr/share/payloadsallthethings/Server Side Template Injection/Ruby.md
usr/share/payloadsallthethings/Tabnabbing/
usr/share/payloadsallthethings/Tabnabbing/README.md
usr/share/payloadsallthethings/Type Juggling/
usr/share/payloadsallthethings/Type Juggling/Images/
usr/share/payloadsallthethings/Type Juggling/Images/table_representing_behavior_of_PHP_with_loose_type_comparisons.png
usr/share/payloadsallthethings/Type Juggling/README.md
usr/share/payloadsallthethings/Upload Insecure Files/
usr/share/payloadsallthethings/Upload Insecure Files/CVE FFmpeg HLS/
usr/share/payloadsallthethings/Upload Insecure Files/CVE FFmpeg HLS/gen_avi_bypass.py
usr/share/payloadsallthethings/Upload Insecure Files/CVE FFmpeg HLS/gen_xbin_avi.py
usr/share/payloadsallthethings/Upload Insecure Files/CVE FFmpeg HLS/read_passwd.avi
usr/share/payloadsallthethings/Upload Insecure Files/CVE FFmpeg HLS/read_passwd_bypass.mp4
usr/share/payloadsallthethings/Upload Insecure Files/CVE FFmpeg HLS/read_shadow.avi
usr/share/payloadsallthethings/Upload Insecure Files/CVE FFmpeg HLS/read_shadow_bypass.mp4
usr/share/payloadsallthethings/Upload Insecure Files/CVE ZIP Symbolic Link/
usr/share/payloadsallthethings/Upload Insecure Files/CVE ZIP Symbolic Link/etc_passwd.zip
usr/share/payloadsallthethings/Upload Insecure Files/CVE ZIP Symbolic Link/generate.sh
usr/share/payloadsallthethings/Upload Insecure Files/CVE ZIP Symbolic Link/passwd
usr/share/payloadsallthethings/Upload Insecure Files/Configuration Apache .htaccess/
usr/share/payloadsallthethings/Upload Insecure Files/Configuration Apache .htaccess/.htaccess
usr/share/payloadsallthethings/Upload Insecure Files/Configuration Apache .htaccess/.htaccess_phpinfo
usr/share/payloadsallthethings/Upload Insecure Files/Configuration Apache .htaccess/.htaccess_rce_files
usr/share/payloadsallthethings/Upload Insecure Files/Configuration Apache .htaccess/.htaccess_shell
usr/share/payloadsallthethings/Upload Insecure Files/Configuration Apache .htaccess/README.md
usr/share/payloadsallthethings/Upload Insecure Files/Configuration IIS web.config/
usr/share/payloadsallthethings/Upload Insecure Files/Configuration IIS web.config/web.config
usr/share/payloadsallthethings/Upload Insecure Files/Configuration Python __init__.py/
usr/share/payloadsallthethings/Upload Insecure Files/Configuration Python __init__.py/python-admin-__init__.py.zip
usr/share/payloadsallthethings/Upload Insecure Files/Configuration Python __init__.py/python-conf-__init__.py.zip
usr/share/payloadsallthethings/Upload Insecure Files/Configuration Python __init__.py/python-config-__init__.py.zip
usr/share/payloadsallthethings/Upload Insecure Files/Configuration Python __init__.py/python-controllers-__init__.py.zip
usr/share/payloadsallthethings/Upload Insecure Files/Configuration Python __init__.py/python-generate-init.py
usr/share/payloadsallthethings/Upload Insecure Files/Configuration Python __init__.py/python-login-__init__.py.zip
usr/share/payloadsallthethings/Upload Insecure Files/Configuration Python __init__.py/python-models-__init__.py.zip
usr/share/payloadsallthethings/Upload Insecure Files/Configuration Python __init__.py/python-modules-__init__.py.zip
usr/share/payloadsallthethings/Upload Insecure Files/Configuration Python __init__.py/python-scripts-__init__.py.zip
usr/share/payloadsallthethings/Upload Insecure Files/Configuration Python __init__.py/python-settings-__init__.py.zip
usr/share/payloadsallthethings/Upload Insecure Files/Configuration Python __init__.py/python-tests-__init__.py.zip
usr/share/payloadsallthethings/Upload Insecure Files/Configuration Python __init__.py/python-urls-__init__.py.zip
usr/share/payloadsallthethings/Upload Insecure Files/Configuration Python __init__.py/python-utils-__init__.py.zip
usr/share/payloadsallthethings/Upload Insecure Files/Configuration Python __init__.py/python-view-__init__.py.zip
usr/share/payloadsallthethings/Upload Insecure Files/Configuration uwsgi.ini/
usr/share/payloadsallthethings/Upload Insecure Files/Configuration uwsgi.ini/uwsgi.ini
usr/share/payloadsallthethings/Upload Insecure Files/EICAR/
usr/share/payloadsallthethings/Upload Insecure Files/EICAR/eicar.txt
usr/share/payloadsallthethings/Upload Insecure Files/Extension ASP/
usr/share/payloadsallthethings/Upload Insecure Files/Extension ASP/extensions.lst
usr/share/payloadsallthethings/Upload Insecure Files/Extension ASP/shell.asa
usr/share/payloadsallthethings/Upload Insecure Files/Extension ASP/shell.ashx
usr/share/payloadsallthethings/Upload Insecure Files/Extension ASP/shell.asmx
usr/share/payloadsallthethings/Upload Insecure Files/Extension ASP/shell.asp
usr/share/payloadsallthethings/Upload Insecure Files/Extension ASP/shell.aspx
usr/share/payloadsallthethings/Upload Insecure Files/Extension ASP/shell.cer
usr/share/payloadsallthethings/Upload Insecure Files/Extension ASP/shell.soap
usr/share/payloadsallthethings/Upload Insecure Files/Extension ASP/shell.xamlx
usr/share/payloadsallthethings/Upload Insecure Files/Extension HTML/
usr/share/payloadsallthethings/Upload Insecure Files/Extension HTML/xss.html
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/extensions.lst
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/php-script-tag.php
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/phpinfo.jpg.php
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/phpinfo.phar
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/phpinfo.php
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/phpinfo.php3
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/phpinfo.php4
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/phpinfo.php5
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/phpinfo.php7
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/phpinfo.php8
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/phpinfo.phpt
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/phpinfo.pht
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/phpinfo.phtml
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/shell.gif^shell.php
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/shell.jpeg.php
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/shell.jpg.php
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/shell.jpg^shell.php
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/shell.pgif
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/shell.phar
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/shell.php
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/shell.php3
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/shell.php4
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/shell.php5
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/shell.php7
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/shell.phpt
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/shell.pht
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/shell.phtml
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/shell.png.php
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/shell.png^shell.php
usr/share/payloadsallthethings/Upload Insecure Files/Extension PHP/tiny.php
usr/share/payloadsallthethings/Upload Insecure Files/Images/
usr/share/payloadsallthethings/Upload Insecure Files/Images/file-upload-mindmap.png
usr/share/payloadsallthethings/Upload Insecure Files/Jetty RCE/
usr/share/payloadsallthethings/Upload Insecure Files/Jetty RCE/JettyShell.xml
usr/share/payloadsallthethings/Upload Insecure Files/Picture Compression/
usr/share/payloadsallthethings/Upload Insecure Files/Picture Compression/GIF_exploit.gif
usr/share/payloadsallthethings/Upload Insecure Files/Picture Compression/JPG_exploit-55.jpg
usr/share/payloadsallthethings/Upload Insecure Files/Picture Compression/PNG_110x110_resize_bypass_use_LFI.png
usr/share/payloadsallthethings/Upload Insecure Files/Picture Compression/PNG_32x32_resize_bypass_use_LFI.png
usr/share/payloadsallthethings/Upload Insecure Files/Picture Compression/createBulletproofJPG.py
usr/share/payloadsallthethings/Upload Insecure Files/Picture Compression/createCompressedPNG_110x110.php
usr/share/payloadsallthethings/Upload Insecure Files/Picture Compression/createGIFwithGlobalColorTable.php
usr/share/payloadsallthethings/Upload Insecure Files/Picture Compression/createPNGwithPLTE.php
usr/share/payloadsallthethings/Upload Insecure Files/Picture ImageMagick/
usr/share/payloadsallthethings/Upload Insecure Files/Picture ImageMagick/convert_local_etc_passwd.svg
usr/share/payloadsallthethings/Upload Insecure Files/Picture ImageMagick/convert_local_etc_passwd_html.svg
usr/share/payloadsallthethings/Upload Insecure Files/Picture ImageMagick/ghostscript_rce_curl.jpg
usr/share/payloadsallthethings/Upload Insecure Files/Picture ImageMagick/imagemagick_CVE-2022-44268_convert_etc_passwd.png
usr/share/payloadsallthethings/Upload Insecure Files/Picture ImageMagick/imagemagick_ghostscript_cmd_exec.pdf
usr/share/payloadsallthethings/Upload Insecure Files/Picture ImageMagick/imagemagik_ghostscript_reverse_shell.jpg
usr/share/payloadsallthethings/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_imageover_file_exfiltration_pangu_wrapper.jpg
usr/share/payloadsallthethings/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_imageover_file_exfiltration_text_wrapper.jpg
usr/share/payloadsallthethings/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_imageover_reverse_shell_devtcp.jpg
usr/share/payloadsallthethings/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_imageover_reverse_shell_netcat_fifo.png
usr/share/payloadsallthethings/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_imageover_wget.gif
usr/share/payloadsallthethings/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_url_bind_shell_nc.mvg
usr/share/payloadsallthethings/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_url_curl.png
usr/share/payloadsallthethings/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_url_portscan.jpg
usr/share/payloadsallthethings/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_url_remote_connection.mvg
usr/share/payloadsallthethings/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_url_reverse_shell_bash.mvg
usr/share/payloadsallthethings/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_url_touch.jpg
usr/share/payloadsallthethings/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_xml_reverse_shell_nctraditional.xml
usr/share/payloadsallthethings/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_xml_reverse_shell_netcat_encoded.xml
usr/share/payloadsallthethings/Upload Insecure Files/Picture ImageMagick/imagetragik2_burpcollaborator_passwd.jpg
usr/share/payloadsallthethings/Upload Insecure Files/Picture ImageMagick/imagetragik2_centos_id.jpg
usr/share/payloadsallthethings/Upload Insecure Files/Picture ImageMagick/imagetragik2_ubuntu_id.jpg
usr/share/payloadsallthethings/Upload Insecure Files/Picture ImageMagick/imagetragik2_ubuntu_shell.jpg
usr/share/payloadsallthethings/Upload Insecure Files/Picture ImageMagick/imagetragik2_ubuntu_shell2.jpg
usr/share/payloadsallthethings/Upload Insecure Files/Picture Metadata/
usr/share/payloadsallthethings/Upload Insecure Files/Picture Metadata/Build_image_to_LFI.py
usr/share/payloadsallthethings/Upload Insecure Files/Picture Metadata/CVE-2021-22204_exiftool_echo.jpg
usr/share/payloadsallthethings/Upload Insecure Files/Picture Metadata/CVE-2021-22204_exiftool_revshell.jpg
usr/share/payloadsallthethings/Upload Insecure Files/Picture Metadata/PHP_exif_phpinfo.jpg
usr/share/payloadsallthethings/Upload Insecure Files/Picture Metadata/PHP_exif_system.gif
usr/share/payloadsallthethings/Upload Insecure Files/Picture Metadata/PHP_exif_system.jpg
usr/share/payloadsallthethings/Upload Insecure Files/Picture Metadata/PHP_exif_system.png
usr/share/payloadsallthethings/Upload Insecure Files/README.md
usr/share/payloadsallthethings/Upload Insecure Files/Server Side Include/
usr/share/payloadsallthethings/Upload Insecure Files/Server Side Include/exec.shtml
usr/share/payloadsallthethings/Upload Insecure Files/Server Side Include/include.shtml
usr/share/payloadsallthethings/Upload Insecure Files/Server Side Include/index.stm
usr/share/payloadsallthethings/Virtual Hosts/
usr/share/payloadsallthethings/Virtual Hosts/README.md
usr/share/payloadsallthethings/Web Cache Deception/
usr/share/payloadsallthethings/Web Cache Deception/Images/
usr/share/payloadsallthethings/Web Cache Deception/Images/wcd.jpg
usr/share/payloadsallthethings/Web Cache Deception/Intruders/
usr/share/payloadsallthethings/Web Cache Deception/Intruders/param_miner_lowercase_headers.txt
usr/share/payloadsallthethings/Web Cache Deception/README.md
usr/share/payloadsallthethings/Web Sockets/
usr/share/payloadsallthethings/Web Sockets/Files/
usr/share/payloadsallthethings/Web Sockets/Files/ws-harness.py
usr/share/payloadsallthethings/Web Sockets/Images/
usr/share/payloadsallthethings/Web Sockets/Images/WebsocketHarness.jpg
usr/share/payloadsallthethings/Web Sockets/Images/sqlmap.png
usr/share/payloadsallthethings/Web Sockets/Images/websocket-harness-start.png
usr/share/payloadsallthethings/Web Sockets/README.md
usr/share/payloadsallthethings/XPATH Injection/
usr/share/payloadsallthethings/XPATH Injection/README.md
usr/share/payloadsallthethings/XS-Leak/
usr/share/payloadsallthethings/XS-Leak/README.md
usr/share/payloadsallthethings/XSLT Injection/
usr/share/payloadsallthethings/XSLT Injection/Files/
usr/share/payloadsallthethings/XSLT Injection/Files/enum-system-version-vendor.xsl
usr/share/payloadsallthethings/XSLT Injection/Files/file-write.xsl
usr/share/payloadsallthethings/XSLT Injection/Files/rce-dotnet-2.xsl
usr/share/payloadsallthethings/XSLT Injection/Files/rce-dotnet.xsl
usr/share/payloadsallthethings/XSLT Injection/Files/rce-java-1.xsl
usr/share/payloadsallthethings/XSLT Injection/Files/rce-java-2.xsl
usr/share/payloadsallthethings/XSLT Injection/Files/rce-php-assert.xsl
usr/share/payloadsallthethings/XSLT Injection/Files/rce-php-file-create.xsl
usr/share/payloadsallthethings/XSLT Injection/Files/rce-php-file-read.xsl
usr/share/payloadsallthethings/XSLT Injection/Files/rce-php-meterpreter.xsl
usr/share/payloadsallthethings/XSLT Injection/Files/rce-php-scandir.xsl
usr/share/payloadsallthethings/XSLT Injection/Files/read-and-ssrf.xsl
usr/share/payloadsallthethings/XSLT Injection/Files/system-properties.xml
usr/share/payloadsallthethings/XSLT Injection/Files/system-properties.xsl
usr/share/payloadsallthethings/XSLT Injection/Files/xxe.xsl
usr/share/payloadsallthethings/XSLT Injection/README.md
usr/share/payloadsallthethings/XSS Injection/
usr/share/payloadsallthethings/XSS Injection/1 - XSS Filter Bypass.md
usr/share/payloadsallthethings/XSS Injection/2 - XSS Polyglot.md
usr/share/payloadsallthethings/XSS Injection/3 - XSS Common WAF Bypass.md
usr/share/payloadsallthethings/XSS Injection/4 - CSP Bypass.md
usr/share/payloadsallthethings/XSS Injection/5 - XSS in Angular.md
usr/share/payloadsallthethings/XSS Injection/Files/
usr/share/payloadsallthethings/XSS Injection/Files/InsecureFlashFile.swf
usr/share/payloadsallthethings/XSS Injection/Files/JupyterNotebookXSS.ipynb
usr/share/payloadsallthethings/XSS Injection/Files/SVG_XSS1.svg
usr/share/payloadsallthethings/XSS Injection/Files/SVG_XSS2.svg
usr/share/payloadsallthethings/XSS Injection/Files/SVG_XSS3.svg
usr/share/payloadsallthethings/XSS Injection/Files/SVG_XSS_green_triangle.svg
usr/share/payloadsallthethings/XSS Injection/Files/SVG_XSS_nested_img_xlink.svg
usr/share/payloadsallthethings/XSS Injection/Files/SVG_XSS_nested_svg.svg
usr/share/payloadsallthethings/XSS Injection/Files/SVG_XSS_nested_use_xlink.svg
usr/share/payloadsallthethings/XSS Injection/Files/SVG_XSS_red_lightning.svg
usr/share/payloadsallthethings/XSS Injection/Files/SWF_XSS.swf
usr/share/payloadsallthethings/XSS Injection/Files/mouseover-xss-ecs.jpeg
usr/share/payloadsallthethings/XSS Injection/Files/onclick-xss-ecs.jpeg
usr/share/payloadsallthethings/XSS Injection/Files/payload_in_all_known_exif_corrupted.jpg
usr/share/payloadsallthethings/XSS Injection/Files/payload_in_all_known_exif_corrupted.png
usr/share/payloadsallthethings/XSS Injection/Files/payload_in_all_known_metadata.jpg
usr/share/payloadsallthethings/XSS Injection/Files/payload_in_all_known_metadata.png
usr/share/payloadsallthethings/XSS Injection/Files/payload_text_xss.png
usr/share/payloadsallthethings/XSS Injection/Files/xml.xsd
usr/share/payloadsallthethings/XSS Injection/Files/xss.cer
usr/share/payloadsallthethings/XSS Injection/Files/xss.dtd
usr/share/payloadsallthethings/XSS Injection/Files/xss.htm
usr/share/payloadsallthethings/XSS Injection/Files/xss.html.demo
usr/share/payloadsallthethings/XSS Injection/Files/xss.hxt
usr/share/payloadsallthethings/XSS Injection/Files/xss.mno
usr/share/payloadsallthethings/XSS Injection/Files/xss.rdf
usr/share/payloadsallthethings/XSS Injection/Files/xss.svgz
usr/share/payloadsallthethings/XSS Injection/Files/xss.url.url
usr/share/payloadsallthethings/XSS Injection/Files/xss.vml
usr/share/payloadsallthethings/XSS Injection/Files/xss.wsdl
usr/share/payloadsallthethings/XSS Injection/Files/xss.xht
usr/share/payloadsallthethings/XSS Injection/Files/xss.xhtml
usr/share/payloadsallthethings/XSS Injection/Files/xss.xml
usr/share/payloadsallthethings/XSS Injection/Files/xss.xsd
usr/share/payloadsallthethings/XSS Injection/Files/xss.xsf
usr/share/payloadsallthethings/XSS Injection/Files/xss.xsl
usr/share/payloadsallthethings/XSS Injection/Files/xss.xslt
usr/share/payloadsallthethings/XSS Injection/Files/xss_comment_exif_metadata_double_quote.png
usr/share/payloadsallthethings/XSS Injection/Files/xss_comment_exif_metadata_single_quote.png
usr/share/payloadsallthethings/XSS Injection/Images/
usr/share/payloadsallthethings/XSS Injection/Images/DwrkbH1VAAErOI2.jpg
usr/share/payloadsallthethings/XSS Injection/Intruders/
usr/share/payloadsallthethings/XSS Injection/Intruders/0xcela_event_handlers.txt
usr/share/payloadsallthethings/XSS Injection/Intruders/BRUTELOGIC-XSS-JS.txt
usr/share/payloadsallthethings/XSS Injection/Intruders/BRUTELOGIC-XSS-STRINGS.txt
usr/share/payloadsallthethings/XSS Injection/Intruders/IntrudersXSS.txt
usr/share/payloadsallthethings/XSS Injection/Intruders/JHADDIX_XSS.txt
usr/share/payloadsallthethings/XSS Injection/Intruders/MarioXSSVectors.txt
usr/share/payloadsallthethings/XSS Injection/Intruders/RSNAKE_XSS.txt
usr/share/payloadsallthethings/XSS Injection/Intruders/XSSDetection.txt
usr/share/payloadsallthethings/XSS Injection/Intruders/XSS_Polyglots.txt
usr/share/payloadsallthethings/XSS Injection/Intruders/jsonp_endpoint.txt
usr/share/payloadsallthethings/XSS Injection/Intruders/port_swigger_xss_cheatsheet_event_handlers.txt
usr/share/payloadsallthethings/XSS Injection/Intruders/xss_alert.txt
usr/share/payloadsallthethings/XSS Injection/Intruders/xss_alert_identifiable.txt
usr/share/payloadsallthethings/XSS Injection/Intruders/xss_payloads_quick.txt
usr/share/payloadsallthethings/XSS Injection/Intruders/xss_swf_fuzz.txt
usr/share/payloadsallthethings/XSS Injection/README.md
usr/share/payloadsallthethings/XXE Injection/
usr/share/payloadsallthethings/XXE Injection/Files/
usr/share/payloadsallthethings/XXE Injection/Files/Classic XXE - etc passwd.xml
usr/share/payloadsallthethings/XXE Injection/Files/Classic XXE B64 Encoded.xml
usr/share/payloadsallthethings/XXE Injection/Files/Classic XXE.xml
usr/share/payloadsallthethings/XXE Injection/Files/Deny Of Service - Billion Laugh Attack
usr/share/payloadsallthethings/XXE Injection/Files/XXE OOB Attack (Yunusov, 2013).xml
usr/share/payloadsallthethings/XXE Injection/Files/XXE PHP Wrapper.xml
usr/share/payloadsallthethings/XXE Injection/Intruders/
usr/share/payloadsallthethings/XXE Injection/Intruders/XXE_Fuzzing.txt
usr/share/payloadsallthethings/XXE Injection/Intruders/xml-attacks.txt
usr/share/payloadsallthethings/XXE Injection/README.md
usr/share/payloadsallthethings/Zip Slip/
usr/share/payloadsallthethings/Zip Slip/README.md
usr/share/payloadsallthethings/_LEARNING_AND_SOCIALS/
usr/share/payloadsallthethings/_LEARNING_AND_SOCIALS/BOOKS.md
usr/share/payloadsallthethings/_LEARNING_AND_SOCIALS/TWITTER.md
usr/share/payloadsallthethings/_LEARNING_AND_SOCIALS/YOUTUBE.md
usr/share/payloadsallthethings/_template_vuln/
usr/share/payloadsallthethings/_template_vuln/README.md
usr/share/payloadsallthethings/custom.css
usr/share/payloadsallthethings/mkdocs.yml
