Description
IntruderPayloads is a curated collection of Burp Suite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads, and web pentesting methodologies. Maintained by 1N3 (creator of Sn1per), it's organized by attack type for easy reference.
Installation
BASH
git clone https://github.com/1N3/IntruderPayloads.gitContents
TEXT
IntruderPayloads/
├── FuzzLists/ # General fuzzing wordlists
├── IntruderPayloads/ # Burp Intruder-specific payloads
│ ├── sqli.txt # SQL injection
│ ├── xss.txt # Cross-site scripting
│ ├── lfi.txt # Local file inclusion
│ ├── xxe.txt # XXE payloads
│ └── ssti.txt # Server-side template injection
├── BurpBounty/ # BurpBounty profiles
└── MethodologyChecklists/ # Pentest methodology checklistsCommon Usage
BASH
# Load in Burp Intruder
# Intruder → Payloads → Load → Select desired payload file
# Use with ffuf
ffuf -u "https://target.com/FUZZ" -w IntruderPayloads/FuzzLists/directories.txt
# Use with wfuzz
wfuzz -u "https://target.com/page?id=FUZZ" -w IntruderPayloads/IntruderPayloads/sqli.txt --hc 404
# SSTI detection
ffuf -u "https://target.com/search?q=FUZZ" -w IntruderPayloads/IntruderPayloads/ssti.txt -fr "49"Bug Bounty Tips
BASH
# Quick vulnerability checks with targeted payloads:
# SQLi: IntruderPayloads/IntruderPayloads/sqli.txt
# XSS: IntruderPayloads/IntruderPayloads/xss.txt
# LFI: IntruderPayloads/IntruderPayloads/lfi.txt
# SSTI: IntruderPayloads/IntruderPayloads/ssti.txt
# Open Redirect: IntruderPayloads/IntruderPayloads/redirect.txt