Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/portswigger/url-cheatsheet-data
This is the data that powers the PortSwigger URL validation bypass cheat sheet.
https://github.com/portswigger/url-cheatsheet-data
Last synced: about 2 months ago
JSON representation
This is the data that powers the PortSwigger URL validation bypass cheat sheet.
- Host: GitHub
- URL: https://github.com/portswigger/url-cheatsheet-data
- Owner: PortSwigger
- Created: 2024-08-05T08:59:22.000Z (5 months ago)
- Default Branch: main
- Last Pushed: 2024-10-21T16:11:21.000Z (2 months ago)
- Last Synced: 2024-10-21T22:39:23.042Z (2 months ago)
- Language: JavaScript
- Homepage: https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet
- Size: 72.3 KB
- Stars: 25
- Watchers: 4
- Forks: 4
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# URL validation bypass cheat sheet data
This is the data that powers the [PortSwigger URL validation bypass cheat sheet](https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet). We have put this data on Github so the community can contribute vectors via pull requests.
## Contributing
To contribute, please create a pull request with changes to the JSON data.
For example, to add a new payload to the `domain_allow_list_bypass.json` file, use the following template:
```json
{
"id": "d82a33ae7aa92b0f1f1f5d71a24c0f1197da4e7a",
"payload": ".",
"description": ".",
"tags": ["URL", "HOST", "CORS"],
"filters": []
}
```- The `id` should be a sha1 hash of the payload parameters: `${prefix}${payload}${suffix}`.
- The `payload` may include template strings `` and ``, which will be replaced with corresponding domain names during wordlist generation.
- The `description` property is not processed during execution.
- The `tags` array should only include supported tags: URL, HOST, and CORS.
- The `filters` array should remain empty as it is intended for future releases with advanced filtering options.Please make sure you search the data to ensure your vector hasn't already been added. The json schema validation file available at [schema.json](schema.json)
Please include your Twitter handle in the pull request message if you would like to be credited with it.## License
The copyright for this project belongs to PortSwigger Web Security. We do not want this data to be used to create derivative cheat sheets hosted elsewhere, so we are not providing a license. That said, you are free to fork this repo in order to create pull requests back.