Home

Awesome

XSS-Payloads

XSS-Payloads Without Parentheses

List of XSS Vectors/Payloads i have been collecting since 2015 from different resources like websites,tweets,books..

You can use them to bypass WAF and find XSS vulnerabilities, i will try to update the list as possible.

I collected most of them and they have real authors, i can't remember where i got each one of them so i can give credit sorry. If you own any payload want to be mentioned or removed just ping me on Twitter.

Payloads.txt is no longer updated and most of the payloads are outdated, please refer to PORTSWIGGER XSS cheat sheet for best XSS payloads

Other good sources for XSS:

PORTSWIGGER XSS cheat sheet

HTML5 Security Cheatsheet

XSS Payloads Twitter

AwesomeXSS

Brutelogic Blog

XSS Cheat Sheet

Pgaijin66 XSS-Payloads

Swisskyrepo PayloadsAllTheThings

OWASP XSS

Any suggestion or improvements contact me:

Twitter