Home Tools Pricing API Docs About Sign in Get started

Payload Generator

Generators

Generate XSS, SQLi, LFI and SSTI payloads with built-in encoders and context variants.

What is Payload Generator?

Payload Generator produces ready-to-use offensive payloads across the most common web-vulnerability classes, with encoding options to slip past filters and WAFs.

Instead of hunting through cheat sheets, pick a category and context and copy a tuned payload — or a whole set — in seconds.

What it generates

XSS — reflected, stored and DOM contexts, plus polyglots.
SQL injection — error-based, union, boolean and time-based templates.
LFI / path traversal — traversal sequences with encoding tricks.
SSTI — template-engine probes and exploitation payloads.
Encoders — URL, double-URL, HTML, base64 and case variations.

Where it fits in your workflow

→Drop context-appropriate payloads straight into a request or proxy.
→Generate WAF-bypass variants when a base payload is blocked.

Use Payload Generator

Free, in-browser — no sign-up needed to try.

Create free account Sign in

At a glance

CategoryGenerators

RunsIn your browser

Token cost Free — no tokens

AccessFree · no login to try

Status● Live

Frequently asked questions

How is this different from Payload Lists?

Payload Generator builds and encodes payloads dynamically to your chosen context; Payload Lists is a curated, copy-ready reference of known-good payloads.

Explore more tools →