cloudie-w/payload-kit

[](https://github.com/wavegxz-design/payload-kit) [](LICENSE) [](https://github.com/wavegxz-design/payload-kit) [](https://github.com/wavegxz-design/payload-kit) [](https://github.com/wavegxz-design/payload-kit) [](https://github.com/wavegxz-design/payload-kit) **为 CTF 和授权渗透测试组织进攻性载荷。** **每个载荷都包含上下文、平台说明和 WAF 绕过变体。**
[分类](#-categories) · [结构](#-structure) · [用法](#-how-to-use) · [贡献](#-contributing) · [作者](#-author) ## 📦 分类 | # | 分类 | 载荷 | 平台 | |---|----------|----------|-----------| | 01 | [SQL 注入](sql-injection/) | 基础 · 报错型 · 盲注 · WAF 绕过 | MySQL · PostgreSQL · MSSQL · SQLite | | 02 | [XSS](xss/) | 反射型 · 存储型 · DOM · 过滤绕过 · 多态 | 所有浏览器 | | 03 | [SSTI](ssti/) | 检测 · Jinja2 · Twig · Freemarker · Pebble | Python · PHP · Java | | 04 | [命令注入](command-injection/) | Linux · Windows · 盲注 · 绕过 | Bash · PowerShell | | 05 | [LFI / 路径遍历](lfi/) | Linux · Windows · PHP 封装器 · 日志污染 | Apache · Nginx · PHP | | 06 | [XXE](xxe/) | 经典型 · 盲注 · OOB · SSRF 通过 XXE | 任意 XML 解析器 | | 07 | [SSRF](ssrf/) | 基础 · 云元数据 · 过滤器绕过 | AWS · GCP · Azure | | 08 | [授权绕过](auth-bypass/) | SQL · JWT · 头操作 · 逻辑漏洞 | 任意 | ## 🗂️ 结构 ``` payload-kit/ │ ├── sql-injection/ │ ├── README.md ← category overview + detection │ ├── basic.md ← fundamental payloads │ ├── error-based.md ← extract data via error messages │ ├── blind.md ← boolean & time-based │ └── waf-bypass.md ← encoding, comments, case variants │ ├── xss/ │ ├── README.md │ ├── reflected.md │ ├── stored.md │ ├── dom.md │ └── filter-bypass.md ← tag/attr/event bypass + polyglots │ ├── ssti/ │ ├── README.md ← detection tree + engine fingerprint │ ├── jinja2.md ← Python/Flask │ ├── twig.md ← PHP/Symfony │ └── freemarker.md ← Java │ ├── command-injection/ │ ├── README.md │ ├── linux.md │ ├── windows.md │ └── blind.md ← OOB via DNS/HTTP │ ├── lfi/ │ ├── README.md │ ├── linux.md │ ├── windows.md │ └── php-wrappers.md ← filter, data, expect, zip │ ├── xxe/ │ ├── README.md │ ├── classic.md │ └── blind-oob.md │ ├── ssrf/ │ ├── README.md │ ├── basic.md │ └── cloud-metadata.md ← AWS · GCP · Azure IMDSv1/v2 │ └── auth-bypass/ ├── README.md ├── sql-login.md ├── jwt.md └── logic.md ``` ## 🎯 如何使用 每个载荷文件遵循以下格式： ``` ## Payload Name **When to use:** specific scenario where this applies **Platform:** MySQL / Apache / Python / etc. **Risk of detection:** Low / Medium / High [payload here] **Notes:** what it does, why it works, common variations ``` **克隆并搜索：** ``` git clone https://github.com/wavegxz-design/payload-kit.git cd payload-kit # Search across all categories grep -r "union select" . grep -r "jinja2" . --include="*.md" # View a specific category cat sql-injection/waf-bypass.md ``` ## 🛣️ 路线图 **v1.1** - [ ] 开源重定向载荷 - [ ] CORS 误配置 - [ ] HTTP 请求走私 - [ ] GraphQL 注入 **v2.0** ## 🤝 贡献 新增载荷？请遵循以下格式： ``` git checkout -b feat/new-payload-category # Add your file following the template format git commit -m "feat: add GraphQL injection payloads" git push origin feat/new-payload-category ``` **规则：** ## 🔗 相关项目 | 项目 | 描述 | |---------|-------------| | [**webcheck**](https://github.com/wavegxz-design/webcheck) | HTTP 安全审计器 — 定位这些载荷适用场景 | | [**recon-kit**](https://github.com/wavegxz-design/recon-kit) | 侦察工具包 — 测试前收集情报 | | [**NEXORA-TOOLKIT**](https://github.com/wavegxz-design/NEXORA-TOOLKIT) | Android ADB 工具包 | **[krypthane](https://github.com/wavegxz-design)** · 红队操作员与开源开发者
[](https://krypthane.workernova.workers.dev) [](https://t.me/Skrylakk) [](mailto:Workernova@proton.me) [](https://github.com/wavegxz-design)
_{⭐ 如果 payload-kit 为你的 CTF 或漏洞赏金节省时间，请给予星标}