Metadata-Version: 2.4
Name: sm0g-payloads
Version: 0.1.4
Summary: Payload collections, encoders, and WAF signatures for the SM0G security tools
Author: SM0G-SEC
License-Expression: AGPL-3.0-or-later
License-File: LICENSE
Keywords: payloads,pentest,security,sqli,waf,xss
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Information Technology
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Requires-Python: >=3.11
Provides-Extra: dev
Requires-Dist: mypy>=1.0; extra == 'dev'
Requires-Dist: pytest-cov>=5.0; extra == 'dev'
Requires-Dist: pytest>=8.0; extra == 'dev'
Requires-Dist: ruff>=0.4; extra == 'dev'
Description-Content-Type: text/markdown

# sm0g-payloads

Payload library for the **SM0G** security-testing tools — curated XSS and
SQL-injection payloads, reversible obfuscation / WAF-evasion encoders, and WAF
fingerprint signatures. Pure standard library, **zero runtime dependencies**.

> For authorized security testing only.

## Install

```bash
pip install sm0g-payloads
```

## What's inside

- `xss/` — context-aware XSS payloads (HTML body, attribute, JS, framework, and
  modern browser vectors)
- `sqli/` — SQL-injection payloads (error, boolean, time-based, union, OOB,
  fingerprinting, and extraction helpers)
- `encode/twist.py` — `twist_payload` / `twist_chain` reversible obfuscation and
  WAF-evasion transforms
- `encoders/` — base64 / percent / HTML-entity encoders
- `waf/` — WAF fingerprints and bypass strings
- `markers.py` — reflection markers (`stamp_token` / `token_visible`)
- `jslib.py` — known-vulnerable JavaScript library detection

## License

AGPL-3.0-or-later
