What is SecLists Payloads (Curated)?

A curated subset of SecLists payloads focused on antivirus testing, file name exploits, and malicious payloads for authorized security testing.

Is it safe to use this skill?

Only in authorized environments with explicit permission and within the defined scope. Follow legal and ethical guidelines at all times.

What kinds of files are included?

Includes items like the EICAR test file, null byte file names, and command execution file names, along with other curated payloads for testing defenses.

SecLists Payloads (Curated)

npx machina-cli add skill Eyadkelleh/awesome-claude-skills-security/payloads --openclaw

Files (1)

SKILL.md

2.3 KB

SecLists Payloads (Curated)

Description

Essential exploitation payloads: anti-virus test files, file name exploits, malicious files. Curated for testing.

Source: SecLists/Payloads Repository: https://github.com/danielmiessler/SecLists License: MIT

When to Use This Skill

Use this skill when you need:

Anti-virus testing
File upload testing
Path traversal testing
Security control validation

⚠️ IMPORTANT: Only use for authorized security testing, bug bounty programs, CTF competitions, or educational purposes.

Key Files in This Skill

EICAR test file
Null byte file names
Command execution file names

Usage Example

# Access files from this skill
import os

# Example: Load patterns/payloads
skill_path = "references/Payloads"

# List all available files
for root, dirs, files in os.walk(skill_path):
    for file in files:
        if file.endswith('.txt'):
            filepath = os.path.join(root, file)
            print(f"Found: {filepath}")
            
            # Read file content
            with open(filepath, 'r', errors='ignore') as f:
                content = f.read().splitlines()
                print(f"  Lines: {len(content)}")

Security & Ethics

Authorized Use Cases ✅

Authorized penetration testing with written permission
Bug bounty programs (within scope)
CTF competitions
Security research in controlled environments
Testing your own systems
Educational demonstrations

Prohibited Use Cases ❌

Unauthorized access attempts
Testing without permission
Malicious activities
Privacy violations
Any illegal activities

Complete SecLists Collection

This is a curated subset of SecLists. For the complete collection:

Full repository: https://github.com/danielmiessler/SecLists
Size: 4.5 GB with 6,000+ files
All categories: Passwords, Usernames, Discovery, Fuzzing, Payloads, Web-Shells, Pattern-Matching, AI, Miscellaneous

Generated by Skill Seeker | SecLists Payloads Collection License: MIT - Use responsibly with proper authorization

Source

git clone https://github.com/Eyadkelleh/awesome-claude-skills-security/blob/main/seclists-categories payloads/payloads/SKILL.md

View on GitHub

Overview

SecLists Payloads (Curated) provides a focused collection of exploitation payloads drawn from the SecLists project. It highlights antivirus test files, file-name exploits, and other malicious payloads curated specifically for testing in authorized environments. This toolkit helps validate antivirus detections, file upload handlers, path traversal defenses, and general security controls during controlled assessments.

How This Skill Works

This skill bundles key files such as the EICAR test file, null byte file names, and command execution file names into a tested subset. Users load the payloads from references/Payloads and iterate through available files to simulate delivery, observe responses, and refine defenses in code or infrastructure.

When to Use It

Anti-virus testing to verify detection and behavior
File upload testing to assess upload handlers and content restrictions
Path traversal testing to reveal insecure file access patterns
Security control validation in controlled pen tests
Educational demos in labs, CTFs, or bug bounty scopes

Quick Start

Step 1: Access the payloads from references/Payloads in the skill repository
Step 2: Load and enumerate payload files (e.g., via the provided usage example or your script)
Step 3: Run tests in a controlled environment and review detections, logs, and results

Best Practices

Obtain written authorization before testing
Operate strictly within the defined scope and targets
Use isolated test environments and dummy data
Document findings and correlate with logs for verification
Avoid exposing PII or sensitive data; clean up artifacts after tests

Example Use Cases

Using the EICAR test file to confirm antivirus detection across endpoints
Uploading files with null byte names to test server handling and sanitization
Testing upload endpoints with command execution file names to assess input validation
Performing path traversal attempts in a controlled app to validate defenses
Demonstrating payload testing in a CTF lab or bug bounty scope with clear authorization

Frequently Asked Questions

Add this skill to your agents