daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated headless-open-redirect

patch-1
Prince Chaddha 2023-08-22 08:21:02 +05:30 committed by GitHub
parent f12b659cfb
commit c6f57fe5b2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 90 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

183
headless/headless-open-redirect.yaml
View File

@ -21,104 +21,101 @@ headless:
payloads:
redirect:
- '%0a/evil.com/'
- '%0d/evil.com/'
- '%00/evil.com/'
- '%09/evil.com/'
- '%5C%5Cevil.com/%252e%252e%252f'
- '%5Cevil.com'
- '%5cevil.com/%2f%2e%2e'
- '%5c{{RootURL}}evil.com/%2f%2e%2e'
- '../evil.com'
- '.evil.com'
- '/%5cevil.com'
- '////\;@evil.com'
- '////evil.com'
- '///evil.com'
- '///evil.com/%2f%2e%2e'
- '///evil.com@//'
- '///{{RootURL}}evil.com/%2f%2e%2e'
- '//;@evil.com'
- '//\/evil.com/'
- '//\@evil.com'
- '//\evil.com'
- '//\tevil.com/'
- '//evil.com/%2F..'
- '//evil.com//'
- '%0a/oast.live/'
- '%0d/oast.live/'
- '%00/oast.live/'
- '%09/oast.live/'
- '%5C%5Coast.live/%252e%252e%252f'
- '%5Coast.live'
- '%5coast.live/%2f%2e%2e'
- '%5c{{RootURL}}oast.live/%2f%2e%2e'
- '../oast.live'
- '.oast.live'
- '/%5coast.live'
- '////\;@oast.live'
- '////oast.live'
- '///oast.live'
- '///oast.live/%2f%2e%2e'
- '///oast.live@//'
- '///{{RootURL}}oast.live/%2f%2e%2e'
- '//;@oast.live'
- '//\/oast.live/'
- '//\@oast.live'
- '//\oast.live'
- '//\toast.live/'
- '//oast.live/%2F..'
- '//oast.live//'
- '//%69%6e%74%65%72%61%63%74%2e%73%68'
- '//evil.com@//'
- '//evil.com\tevil.com/'
- '//https://evil.com@//'
- '/<>//evil.com'
- '/\/\/evil.com/'
- '/\/evil.com'
- '/\evil.com'
- '/evil.com'
- '/evil.com/%2F..'
- '/evil.com/'
- '/evil.com/..;/css'
- '/https:evil.com'
- '/{{RootURL}}evil.com/'
- '/〱evil.com'
- '/〵evil.com'
- '/ゝevil.com'
- '/ーevil.com'
- '/ーevil.com'
- '<>//evil.com'
- '@evil.com'
- '@https://evil.com'
- '\/\/evil.com/'
- '//oast.live@//'
- '//oast.live\toast.live/'
- '//https://oast.live@//'
- '/<>//oast.live'
- '/\/\/oast.live/'
- '/\/oast.live'
- '/\oast.live'
- '/oast.live'
- '/oast.live/%2F..'
- '/oast.live/'
- '/oast.live/..;/css'
- '/https:oast.live'
- '/{{RootURL}}oast.live/'
- '/〱oast.live'
- '/〵oast.live'
- '/ゝoast.live'
- '/ーoast.live'
- '/ーoast.live'
- '<>//oast.live'
- '@oast.live'
- '@https://oast.live'
- '\/\/oast.live/'
- 'evil%E3%80%82com'
- 'evil.com'
- 'evil.com/'
- 'evil.com//'
- 'evil.com;@'
- 'https%3a%2f%2fevil.com%2f'
- 'https:%0a%0devil.com'
- 'https://%0a%0devil.com'
- 'https://%09/evil.com'
- 'https://%2f%2f.evil.com/'
- 'https://%3F.evil.com/'
- 'https://%5c%5c.evil.com/'
- 'https://%5cevil.com@'
- 'https://%23.evil.com/'
- 'https://.evil.com'
- 'https://////evil.com'
- 'https:///evil.com'
- 'https:///evil.com/%2e%2e'
- 'https:///evil.com/%2f%2e%2e'
- 'https:///evil.com@evil.com/%2e%2e'
- 'https:///evil.com@evil.com/%2f%2e%2e'
- 'https://:80#@evil.com/'
- 'https://:80?@evil.com/'
- 'https://:@\@evil.com'
- 'https://:@evil.com\@evil.com'
- 'https://;@evil.com'
- 'https://\tevil.com/'
- 'https://evil.com/evil.com'
- 'https://evil.com/https://evil.com/'
- 'https://www.\.evil.com'
- 'https:/\/\evil.com'
- 'https:/\evil.com'
- 'https:/evil.com'
- 'https:evil.com'
- '{{RootURL}}evil.com'
- '〱evil.com'
- '〵evil.com'
- 'ゝevil.com'
- 'ーevil.com'
- 'ーevil.com'
- 'redirect/evil.com'
- 'cgi-bin/redirect.cgi?evil.com'
- 'out?evil.com'
- 'login?to=http://evil.com'
- 'oast.live'
- 'oast.live/'
- 'oast.live//'
- 'oast.live;@'
- 'https%3a%2f%2foast.live%2f'
- 'https:%0a%0doast.live'
- 'https://%0a%0doast.live'
- 'https://%09/oast.live'
- 'https://%2f%2f.oast.live/'
- 'https://%3F.oast.live/'
- 'https://%5c%5c.oast.live/'
- 'https://%5coast.live@'
- 'https://%23.oast.live/'
- 'https://.oast.live'
- 'https://////oast.live'
- 'https:///oast.live'
- 'https:///oast.live/%2e%2e'
- 'https:///oast.live/%2f%2e%2e'
- 'https:///oast.live@oast.live/%2e%2e'
- 'https:///oast.live@oast.live/%2f%2e%2e'
- 'https://:80#@oast.live/'
- 'https://:80?@oast.live/'
- 'https://:@\@oast.live'
- 'https://:@oast.live\@oast.live'
- 'https://;@oast.live'
- 'https://\toast.live/'
- 'https://oast.live/oast.live'
- 'https://oast.live/https://oast.live/'
- 'https://www.\.oast.live'
- 'https:/\/\oast.live'
- 'https:/\oast.live'
- 'https:/oast.live'
- 'https:oast.live'
- '{{RootURL}}oast.live'
- '〱oast.live'
- '〵oast.live'
- 'ゝoast.live'
- 'ーoast.live'
- 'ーoast.live'
- 'redirect/oast.live'
- 'cgi-bin/redirect.cgi?oast.live'
- 'out?oast.live'
- 'login?to=http://oast.live'
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "evil.com"
- "Evil.Com - We get it...Daily."
condition: and
- "Interactsh Server"