Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/portswigger/url-cheatsheet-data

This is the data that powers the PortSwigger URL validation bypass cheat sheet.
https://github.com/portswigger/url-cheatsheet-data

Last synced: 7 days ago
JSON representation

This is the data that powers the PortSwigger URL validation bypass cheat sheet.

Host: GitHub
URL: https://github.com/portswigger/url-cheatsheet-data
Owner: PortSwigger
Created: 2024-08-05T08:59:22.000Z (3 months ago)
Default Branch: main
Last Pushed: 2024-10-21T16:11:21.000Z (24 days ago)
Last Synced: 2024-10-21T22:39:23.042Z (23 days ago)
Language: JavaScript
Homepage: https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet
Size: 72.3 KB
Stars: 25
Watchers: 4
Forks: 4
Open Issues: 2
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# URL validation bypass cheat sheet data

This is the data that powers the [PortSwigger URL validation bypass cheat sheet](https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet). We have put this data on Github so the community can contribute vectors via pull requests.

## Contributing

To contribute, please create a pull request with changes to the JSON data.

For example, to add a new payload to the `domain_allow_list_bypass.json` file, use the following template:

```json
{
"id": "d82a33ae7aa92b0f1f1f5d71a24c0f1197da4e7a",
"payload": ".",
"description": ".",
"tags": ["URL", "HOST", "CORS"],
"filters": []
}
```

- The `id` should be a sha1 hash of the payload parameters: `${prefix}${payload}${suffix}`.
- The `payload` may include template strings `` and ``, which will be replaced with corresponding domain names during wordlist generation.
- The `description` property is not processed during execution.
- The `tags` array should only include supported tags: URL, HOST, and CORS.
- The `filters` array should remain empty as it is intended for future releases with advanced filtering options.

Please make sure you search the data to ensure your vector hasn't already been added. The json schema validation file available at [schema.json](schema.json)
Please include your Twitter handle in the pull request message if you would like to be credited with it.

## License

The copyright for this project belongs to PortSwigger Web Security. We do not want this data to be used to create derivative cheat sheets hosted elsewhere, so we are not providing a license. That said, you are free to fork this repo in order to create pull requests back.