1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
//! Compile-time embedded payload data from the `payloads/` directory.
//!
//! Uses `include_str!()` to bake all payload files into the binary at compile time.
//! This gives zero runtime I/O overhead while keeping the data as editable `.txt` files.
/// SQL injection payloads (26 patterns)
pub const SQL_INJECTION: &str = include_str!;
/// Cross-site scripting payloads (24 patterns)
pub const XSS: &str = include_str!;
/// Server-side request forgery probe URLs (31 patterns)
pub const SSRF: &str = include_str!;
/// XML external entity injection payloads (7 patterns)
pub const XXE: &str = include_str!;
/// Command injection payloads (29 patterns)
pub const COMMAND_INJECTION: &str = include_str!;
/// Local file inclusion paths (24 patterns)
pub const LFI: &str = include_str!;
/// NoSQL injection payloads (20 patterns)
pub const NOSQL_INJECTION: &str = include_str!;
/// Server-side template injection payloads (24 patterns)
pub const SSTI: &str = include_str!;
/// Authentication bypass headers (26 patterns)
pub const AUTH_BYPASS_HEADERS: &str = include_str!;
/// API endpoint paths (846 paths)
pub const API_ENDPOINTS: &str = include_str!;
/// Parse a payload file into lines, skipping comments and empty lines.
/// Parse auth bypass headers into (header_name, header_value) tuples.