Test your defenses against known exploits

Generates safe test payloads — file names, content patterns, and formats — that trigger security tools without causing actual harm. Use to validate your filters work.

Best for: Security and ops teams validating their detection and blocking rules catch what they should.

Operations / compliance-securityatomicfor-opsno-setupfrom-text

Skill file

Preview skill file↓↑

---
name: security-payloads
description: "Essential exploitation payloads: anti-virus test files, file name exploits, malicious files. Curated for testing."
---

# SecLists Payloads (Curated)

## Description

Essential exploitation payloads: anti-virus test files, file name exploits, malicious files. Curated for testing.

**Source:** [SecLists/Payloads](https://github.com/danielmiessler/SecLists/tree/master/Payloads)
**Repository:** https://github.com/danielmiessler/SecLists
**License:** MIT

## When to Use This Skill

Use this skill when you need:
- Anti-virus testing
- File upload testing
- Path traversal testing
- Security control validation

**⚠️ IMPORTANT:** Only use for authorized security testing, bug bounty programs, CTF competitions, or educational purposes.

## Key Files in This Skill

- `EICAR test file`
- `Null byte file names`
- `Command execution file names`


## Usage Example

```python
# Access files from this skill
import os

# Example: Load patterns/payloads
skill_path = "references/Payloads"

# List all available files
for root, dirs, files in os.walk(skill_path):
    for file in files:
        if file.endswith('.txt'):
            filepath = os.path.join(root, file)
            print(f"Found: {filepath}")
            
            # Read file content
            with open(filepath, 'r', errors='ignore') as f:
                content = f.read().splitlines()
                print(f"  Lines: {len(content)}")
```

## Security & Ethics

### Authorized Use Cases ✅
- Authorized penetration testing with written permission
- Bug bounty programs (within scope)
- CTF competitions
- Security research in controlled environments
- Testing your own systems
- Educational demonstrations

### Prohibited Use Cases ❌
- Unauthorized access attempts
- Testing without permission
- Malicious activities
- Privacy violations
- Any illegal activities

## Complete SecLists Collection

This is a curated subset of SecLists. For the complete collection:
- **Full repository:** https://github.com/danielmiessler/SecLists
- **Size:** 4.5 GB with 6,000+ files
- **All categories:** Passwords, Usernames, Discovery, Fuzzing, Payloads, Web-Shells, Pattern-Matching, AI, Miscellaneous

---

**Generated by Skill Seeker** | SecLists Payloads Collection
**License:** MIT - Use responsibly with proper authorization

Source

Creator's repository · eyadkelleh/awesome-skills-security

View on GitHub ↗

Security

Security checks in progress

Results will appear here once audits complete

Checked by 3 independent security firms

Does it try to trick the AI?Not yet checkedPending · Gen Agent Trust Hub

Does it sneak in hidden code?Not yet checkedPending · Socket

Does it have known bugs?Not yet checkedPending · Snyk