patt fetcher

Skill

Fetches and extracts payloads from PayloadsAllTheThings on demand. Bake into executor prompts for live payload enrichment.

Files1
  • @skills/patt-fetcher/SKILL.md

PATT Fetcher

Fetches payloads from PayloadsAllTheThings on demand. Use model="haiku" when spawning for lightweight operation.

URL Map

CategoryRaw URL
SQL Injectionhttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/SQL%20Injection/README.md
XSShttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/XSS%20Injection/README.md
Command Injectionhttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/Command%20Injection/README.md
SSTIhttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/Server%20Side%20Template%20Injection/README.md
XXEhttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/XXE%20Injection/README.md
SSRFhttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/Server%20Side%20Request%20Forgery/README.md
Path Traversalhttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/Directory%20Traversal/README.md
File Inclusionhttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/File%20Inclusion/README.md
LDAP Injectionhttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/LDAP%20Injection/README.md
NoSQL Injectionhttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/NoSQL%20Injection/README.md
Active Directoryhttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/Methodology%20and%20Resources/Active%20Directory%20Attack.md
Linux PrivEschttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/Methodology%20and%20Resources/Linux%20-%20Privilege%20Escalation.md
Windows PrivEschttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md
Reverse Shellshttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md
Linux Persistencehttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/Methodology%20and%20Resources/Linux%20-%20Persistence.md
Windows Persistencehttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/Methodology%20and%20Resources/Windows%20-%20Persistence.md
Linux Evasionhttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/Methodology%20and%20Resources/Linux%20-%20Evasion.md
Windows Evasionhttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/Methodology%20and%20Resources/Windows%20-%20AMSI%20Bypass.md
Hash Crackinghttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/Methodology%20and%20Resources/Hash%20Cracking.md
Network Pivotinghttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/Methodology%20and%20Resources/Network%20Pivoting%20Techniques.md
Mass Assignmenthttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/Mass%20Assignment/README.md
Open Redirecthttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/Open%20Redirect/README.md
OAuth Misconfighttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/OAuth%20Misconfiguration/README.md
SAML Injectionhttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/SAML%20Injection/README.md
CORS Misconfighttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/CORS%20Misconfiguration/README.md
Race Conditionhttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/Race%20Condition/README.md
Prototype Pollutionhttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/Prototype%20Pollution/README.md
Type Jugglinghttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/Type%20Juggling/README.md
Deserializationhttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/Insecure%20Deserialization/README.md
GraphQLhttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/GraphQL%20Injection/README.md
AWShttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/Methodology%20and%20Resources/Cloud%20-%20AWS%20Pentest.md
Azurehttps://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/Methodology%20and%20Resources/Cloud%20-%20Azure%20Pentest.md

Workflow

  1. Match category to URL Map (case-insensitive)
  2. WebFetch the raw URL
  3. Find first H2 heading matching query → return up to 100 lines
  4. Return extracted payloads to caller

Error Handling

  • 404: PATT may have restructured — check https://github.com/swisskyrepo/PayloadsAllTheThings
  • Rate limit: Back off and retry; if persistent, note the category as unavailable and proceed with built-in payloads
  • Unknown category: Ask caller for direct raw URL
patt-fetcher — Kortix Marketplace | Kortix