GTFOBins vs PayloadsAllTheThings
GitHub Stats
About GTFOBins
GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions on misconfigured systems. It documents how standard system binaries (find, vim, python, bash, etc.) can be abused for privilege escalation, file read/write, shell escape, reverse shell creation, and more. It's the definitive reference for Living Off The Land techniques on Linux/Unix systems. Every pentester and red teamer has this bookmarked.
About PayloadsAllTheThings
PayloadsAllTheThings is a comprehensive, community-maintained reference repository containing curated payloads, bypass techniques, and methodology documentation for web application penetration testing and security research. It covers attack categories including SQL injection, XSS, SSRF, XXE, command injection, file inclusion, authentication bypasses, and dozens of other vulnerability classes with ready-to-use payload strings and detailed explanations. Penetration testers, bug bounty hunters, and CTF players reference PayloadsAllTheThings as a go-to cheat sheet during engagements, pulling tested payloads and bypass techniques for specific WAFs, frameworks, and filtering mechanisms. The repository also includes methodology guides, enumeration checklists, and privilege escalation references for Linux and Windows, making it one of the most valuable single resources in the offensive security community.
Platform Support
Tags
GTFOBins only
PayloadsAllTheThings only