Payloads All The Things (Chinese Translation Edition)
A list of useful payloads and bypasses for Web Application Security. Feel free to contribute your payloads and techniques!
This is the 100% full Chinese translation version of the well-known security repository PayloadsAllTheThings. It aims to provide the Chinese security community with a precise, readable, and synchronized technical reference manual.
π Multi-language Support
This repository integrates MkDocs multi-language switching functionality. You can visit the online document preview (if deployed) or switch between English and Chinese locally via MkDocs.
- English Original (Default): See
README.mdunder each subdirectory. - Chinese Translation: See
README.zh.mdunder each subdirectory or corresponding exclusive technical documents.
Documentation
Each topic contains the following structure. You can use the _template_vuln folder to create a new chapter:
- README.md - Vulnerability descriptions, how to exploit them, and multiple payloads.
- Intruder - A set of files provided to Burp Intruder.
- Images/Files - Images and files referenced in the documentation.
Core Topic Coverage
- Injection Vulnerabilities: SQL Injection, SSTI, XPATH Injection, etc.
- Logic & Application Security: Prototype Pollution, JSON Web Token, Insecure Deserialization, etc.
- Penetration Testing Methodology: Active Directory Attack, Cloud - AWS Pentest, Windows/Linux Privilege Escalation, etc.
Learning Resources
Looking for more advanced content? Check out our curated resources:
Contributions & Feedback
Your contributions are highly welcome! Before submitting a PR, please make sure to read our Contributing Guidelines.
This project follows the open-source spirit of the original repository. Thanks to all global contributors who have contributed to PayloadsAllTheThings! β€οΈ
Sponsors
This project is proudly sponsored by the following companies.
| Company Logo | Description |
|---|---|
 |
SerpApi is a real-time API to access Google search results. It solves the issues of renting proxies, handeling CAPTCHAs and JSON parsing. |
 |
ProjectDiscovery - Detect real, exploitable vulnerabilities. Harness the power of Nuclei for fast, accurate discovery with zero false positives. |
 |
VAADATA - Ethical Hacking Services. |