The-XSS-Rat
The-XSS-Rat
/ orgis
Created
April 2, 2024 20:52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from flask import Flask, request, jsonify | |
| from flask_sqlalchemy import SQLAlchemy | |
| from flask_jwt_extended import JWTManager, create_access_token, jwt_required, get_jwt_identity | |
| from werkzeug.security import generate_password_hash, check_password_hash | |
| import os | |
| # Flask application setup | |
| app = Flask(__name__) | |
| app.config['SQLALCHEMY_DATABASE_URI'] = 'mysql+pymysql://<username>:<password>@localhost/humanRatsources' | |
| app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False |
The-XSS-Rat
/ gist:8b6d56df0f439f7f9abb90276d971400
Created
November 2, 2023 17:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Information Disclosure: Look for endpoints that leak sensitive data. | |
| Broken Object-Level Authorization (BOLA/IDOR): Accessing objects not meant for the authenticated user. | |
| Broken User Authentication: Bypassing authentication mechanisms. | |
| Rate Limiting: Test for unprotected endpoints against DoS or brute-force attacks. | |
| HTTP Verb Tampering: Changing the HTTP verb (e.g., from GET to POST). | |
| Missing Function Level Access Control: Accessing unauthorized functionalities. | |
| Parameter Tampering: Altering parameters to manipulate responses. | |
| SQL Injection: Injecting malicious SQL queries in input. | |
| Command Injection: Injecting malicious commands in input. | |
| Unsecured Endpoints: Looking for endpoints that lack security measures. |
The-XSS-Rat
/ solarcity subdomains
Created
May 14, 2023 20:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| login.solarcity.com | |
| solarcity.com | |
| payments.solarcity.com | |
| payments.billing.solarcity.com | |
| www.solarcity.com | |
| origin-login.solarcity.com | |
| origin-secure.solarcity.com | |
| origin-api.solarcity.com | |
| api-test.solarcity.com | |
| gw-dev.solarcity.com |
The-XSS-Rat
/ fgfKOPnjkcsiofjls
Last active
December 15, 2022 22:49
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://drive.google.com/file/d/1Lhx1Sc_SKTkR6ggHP_vt-jfhlZAPTeQV/view?usp=sharing |
The-XSS-Rat
/ findme
Created
October 21, 2022 20:35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function _0x5bc6(){const _0x214920=['692980iYEFhA','102WehLSg','1294376CavoDm','315UvUEyM','9CVCeKC','199637AwjqCn','224807LXjdti','230348wDVzcN','204Rfizlh','346aJzFeC','5iExvPT','log','https://thexssrat.podia.com/pentesting-101-the-ultimate-guide-from-start-to-finish-from-planning-to-reporting?coupon=CNWPPFREE','93289CXgtVA','Hello\x20World!'];_0x5bc6=function(){return _0x214920;};return _0x5bc6();}(function(_0xdd2707,_0x1db6f6){const _0x284845=_0x1faa,_0x1764b9=_0xdd2707();while(!![]){try{const _0x3a2a92=parseInt(_0x284845(0x1ea))/0x1+-parseInt(_0x284845(0x1ee))/0x2*(-parseInt(_0x284845(0x1e8))/0x3)+-parseInt(_0x284845(0x1ec))/0x4*(-parseInt(_0x284845(0x1ef))/0x5)+-parseInt(_0x284845(0x1f5))/0x6*(parseInt(_0x284845(0x1f2))/0x7)+-parseInt(_0x284845(0x1e7))/0x8+-parseInt(_0x284845(0x1e9))/0x9*(parseInt(_0x284845(0x1f4))/0xa)+parseInt(_0x284845(0x1eb))/0xb*(parseInt(_0x284845(0x1ed))/0xc);if(_0x3a2a92===_0x1db6f6)break;else _0x1764b9['push'](_0x1764b9['shift']());}catch(_0x563995){_0x1764b9['push'](_0x1764b9[ |
The-XSS-Rat
/ reverse me
Created
August 24, 2022 09:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin mattis mollis imperdiet. Duis in ligula vel dui imperdiet venenatis. Ut lobortis velit nunc, ac sodales ante auctor quis. Nulla posuere ornare dignissim. Phasellus sit amet laoreet velit. Cras tristique nunc at varius volutpat. Nunc pharetra arcu ut sapien porttitor, quis euismod ipsum egestas. Maecenas ultrices, diam ac vulputate fringilla, sem orci dapibus nulla, at ornare nibh dolor in lacus. Sed vitae dolor luctus, consectetur ligula in, tempor sapien. Cras maximus vestibulum ultricies. Maecenas in sem posuere nisi sodales imperdiet in sed elit. Mauris id nisl enim. Nunc euismod mi at erat suscipit ultricies at rhoncus ex. Morbi lacinia elementum tempus. Praesent pulvinar orci elementum, feugiat ex ut, luctus diam. | |
| Nunc dapibus vehicula faucibus. Nullam felis purus, fermentum eget fringilla iaculis, rutrum id sem. Maecenas orci nisi, lobortis vel rhoncus eget, lobortis sit amet tortor. Cras efficitur tristique nibh, ac interdum urna pellentes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (function(_0x246bcb,_0x324bb7){var _0x4fe06b=_0x5b64,_0x4d554d=_0x246bcb();while(!![]){try{var _0xec81a7=-parseInt(_0x4fe06b(0x91))/0x1*(-parseInt(_0x4fe06b(0x9c))/0x2)+-parseInt(_0x4fe06b(0x97))/0x3*(parseInt(_0x4fe06b(0x80))/0x4)+parseInt(_0x4fe06b(0x88))/0x5*(-parseInt(_0x4fe06b(0x87))/0x6)+parseInt(_0x4fe06b(0x8f))/0x7+-parseInt(_0x4fe06b(0x85))/0x8+-parseInt(_0x4fe06b(0x84))/0x9+parseInt(_0x4fe06b(0x7f))/0xa;if(_0xec81a7===_0x324bb7)break;else _0x4d554d['push'](_0x4d554d['shift']());}catch(_0x114474){_0x4d554d['push'](_0x4d554d['shift']());}}}(_0x3209,0xa325a));function hi(){var _0x278516=_0x5b64,_0x2af8c3=(function(){var _0x4cdfc1=!![];return function(_0x1b3983,_0x56763a){var _0x50d282=_0x4cdfc1?function(){var _0x5ddfa5=_0x5b64;if(_0x56763a){var _0x1b9cf5=_0x56763a[_0x5ddfa5(0x8d)](_0x1b3983,arguments);return _0x56763a=null,_0x1b9cf5;}}:function(){};return _0x4cdfc1=![],_0x50d282;};}()),_0x1273fa=_0x2af8c3(this,function(){var _0x3e125e=_0x5b64;return _0x1273fa[_0x3e125e(0x92)]()[_0x3e125e(0x93)]('(((.+) |
The-XSS-Rat
/ blackjack.py
Created
March 12, 2022 22:07
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import random | |
| # utytyur6ryt | |
| def printRand(): | |
| return random.randint(1, 11) | |
| # The XXS noob | |
| def drawNew(a, b): |
The-XSS-Rat
/ Short test plan
Created
March 1, 2022 02:28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Revisions | |
| =========== | |
| 0.1 - Draft - Wesley Thijs | |
| 0.2 - Review 1 - Uncle rat | |
| 0.3 - | |
| Document goals | |
| =========== | |
| The goal of this document is to inform the client of the intention of the pentest before it occurs. We want to describe who will test, how they will test and what tools they will be using. |
The-XSS-Rat
/ sayCheese.js
Created
February 28, 2022 20:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function _0x11c8(_0x33a6bf,_0x3ce30c){var _0x4b64a6=_0x1dcc();return _0x11c8=function(_0x4a9b73,_0x5402aa){_0x4a9b73=_0x4a9b73-0x10c;var _0x54b6dc=_0x4b64a6[_0x4a9b73];return _0x54b6dc;},_0x11c8(_0x33a6bf,_0x3ce30c);}function _0x1dcc(){var _0x542ab5=['reliableTrDimensions','mimeType','fireWith','contentType','notifyWith','isPlainObject','abort','nonce','children','pixelBoxStyles','ajaxTransport','selectors','getAttribute','focus','content-box','?|\x5c\x5c([^\x5cr\x5cn\x5cf])','prefilters','cur','text/xml','delegateCount','parse','nth','content','expand',')*)|','cleanData','offsetWidth','sort','getResponseHeader','Event','run','timeStamp','canceled','display','getElementsByClassName','merge','resolveWith','flat','valHooks','makeArray','Animation','TAG','defaultView','opts','handler','off','checkClone','Deferred','documentElement','\x20to\x20','stop','setRequestHeader','empty','now','addEventListener','auto','-\x0d\x5c\x27\x20msallowcapture=\x27\x27>','checked','[msallowcapture^=\x27\x27]','fromCharCode','of-ty |
NewerOlder