https://bugcrowd.com/vulnerability-rating-taxonomy/

https://www.first.org/cvss/

https://owasp.org/www-project-mobile-security-testing-guide/

https://owasp.org/www-project-web-security-testing-guide/

https://en.wikipedia.org/wiki/Percent-encoding

https://www.urlencoder.org/

https://gchq.github.io/CyberChef/

https://www.kali.org/downloads/

https://portswigger.net/burp/

https://www.mozilla.orgfirefox/new/

https://www.google.com/

https://www.sublimetext.com/

https://obsidian.md/

https://www.xmind.net/

https://www.exploit-db.com/google-hacking-database/

https://viewdns.info/reversewhois/

https://github.com/assetnote/commonspeak2

https://github.com/danielmiessler/SecLists/

https://github.com/infosec-au/altdns/

https://github.com/dxa4481/Snapper/

https://github.com/FortyNorthSecurity/EyeWitness/

https://www.zaproxy.org/

https://buckets.grayhatwarfare.com/

https://github.com/nahamsec/lazys3/

https://github.com/eth0izzle/bucket-stream/

https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html

https://github.com/streaak/keyhacks/

https://github.com/michenriksen/gitrob/

https://github.com/trufflesecurity/truffleHog/

https://pastebin.com/

https://cve.mitre.org/cve/search_cve_list.html

https://github.com/kevthehermit/PasteHunter/

https://archive.org/web/

https://github.com/tomnomnom/waybackurls/

https://www.wappalyzer.com/

https://builtwith.com/

https://stackshare.io/

https://www.codecademy.com/

https://www.rexegg.com/regex-quickstart.html

https://stedolan.github.io/jq/manual/

https://github.com/new/

https://github.com/lanmaster53/recon-ng-marketplace/wiki/API-Keys/

https://censys.io/api

https://www.linkedin.com/developers/

https://developer.shodan.io/

https://github.com/OJ/gobuster

https://github.com/maurosoria/dirsearch/

https://www.rapid7.com/research/project-sonar/

https://censys.io/

https://www.shodan.io/

https://github.com/robertdavidgraham/masscan/

https://nmap.org/

https://github.com/infosec-au/altdns

https://github.com/assetnote/commonspeak2/

https://github.com/OJ/gobuster/

https://github.com/OWASP/Amass/

https://github.com/TheRook/subbrute/

https://github.com/aboul3la/Sublist3r/

https://sslmate.com/certspotter/

https://crt.sh/

https://viewdns.info/reverseip/

https://retirejs.github.io/retire.js/

https://owasp.org/www-project-zap/

https://github.com/intrigueio/intrigue-core/

https://github.com/projectdiscovery/nuclei/

https://git-scm.com/

https://www.w3schools.com/html/default.asp

https://portswigger.net/web-security/cross-site-scripting/dom-based/

https://www.offensive-security.com/awae-oswe/

https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html

https://github.com/OWASP/IoTGoat/

https://portswigger.net/web-security/cross-site-scripting/cheat-sheet/

https://xsshunter.com/features

https://polyglot.innerht.ml/

https://owasp.org/www-community/xss-filter-evasion-cheatsheet

http://www.unicode.org/charts/

https://hackerone.com/reports/591432/

https://github.com/trustedsec/social-engineer-toolkit/

https://en.wikipedia.org/wiki/Session_fixation

https://github.com/SecurityInnovation/AuthMatrix/

https://github.com/nccgroup/AutoRepeater/

https://github.com/Quitten/Autorize/

https://www.w3schools.com/sql/default.asp

https://en.wikipedia.org/wiki/Prepared_statement

https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html

https://github.com/codingo/NoSQLMap/

https://docs.mongodb.com/manual/faq/fundamentals/index.html

http://sqlmap.org/

http://www.dvwa.co.uk/

https://github.com/sqlmapproject/sqlmap/wiki/

https://en.wikipedia.org/wiki/Race_condition

https://hackerone.com/hacktivity?querystring=race%20condition/

https://api.slack.com/apps/

https://en.wikipedia.org/wiki/Reserved_IP_addresses

https://github.com/swisskyrepo/SSRFmap/

https://en.wikipedia.org/wiki/IPv6_address

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html

https://cloud.google.com/compute/docs/storing-retrieving-metadata

https://www.tutorialspoint.com/compile_java_online.php

https://java.com/en/download/help/download_options.html

https://extendsclass.com/php.html

https://www.php.net/manual/en/install.php

https://www.owasp.org/index.php/PHP_Object_Injection

https://www.php.net/manual/en/language.oop5.magic.php

https://owasp.org/www-community/vulnerabilities/PHP_Object_Injection

https://en.wikipedia.org/wiki/Return-oriented_programming

https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet/

https://github.com/frohoff/ysoserial/

https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html

https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.md

https://en.wikipedia.org/wiki/Billion_laughs_attack

https://xmllint.com/

https://github.com/ONsec-Lab/scripts/blob/master/xxe-ftp-server.rb

https://portswigger.net/research/server-side-template-injection/

https://github.com/epinna/tplmap

https://programmer.help/blogs/python-sandbox-escape.html

https://book.hacktricks.xyz/misc/basic-python/bypass-python-sandboxes/

https://en.wikipedia.org/wiki/Encryption#Attacks_and_countermeasures

https://github.com/EdOverflow/can-i-take-over-xyz/

https://github.com/duo-labs/secret-bridge/

https://github.com/hashicorp/vault/

https://github.com/zricethezav/gitleaks/

https://github.com/dxa4481/truffleHog/

https://github.com/streaak/pastebin-scraper/

https://github.com/GerbenJavado/LinkFinder/

https://owasp.org/www-project-code-review-guide/

https://owasp.org/www-project-dependency-check/

https://cve.mitre.org/

https://github.com/OWASP/owasp-mstg/

https://github.com/sensepost/objection/

https://codeshare.frida.re/@pcipolloni/universal-android-ssl-pinning-bypass-with-frida/

https://frida.re/docs/installation/

https://developer.android.com/studio/command-line/adb/

https://developer.android.com/guide/topics/manifest/manifest-intro/

https://ibotpeaches.github.io/Apktool/

https://developer.android.com/studio/

https://github.com/MobSF/Mobile-Security-Framework-MobSF/

https://frida.re/

https://developer.twitter.com/en/docs/twitter-api/

https://graphql.org/

https://github.com/nikitastupin/clairvoyance/

https://www.zaproxy.org/blog/2020-08-28-introducing-the-graphql-add-on-for-zap/

https://github.com/graphql/graphql-playground/

https://www.postman.com/

https://gist.github.com/yassineaboukir/8e12adefbd505ef704674ad6ad48743d/

https://swagger.io/

https://github.com/OWASP/wstg/

https://github.com/xmendez/wfuzz/

https://github.com/google/AFL/

https://github.com/fuzzdb-project/fuzzdb/

https://github.com/minimaxir/big-list-of-naughty-strings/

https://wfuzz.readthedocs.io/

https://nostarch.com/bug-bounty-bootcamp/

https://en-USvickieli.dev/en-US,

https://en.wikipedia.org/wiki/Bugen-US

http://assetsen-USdev.example.comen-UStest.example.com

http://..org

https://en-UScommunity.github.com/en-UShttp://resources.github.com/en-USAnd

https://example.com/change_passworden-US

http://037rst.org/en-US

https://bugcrowd.com/vulnerability-rating-taxonomy/en-US

http://en-US.com/hackers/severity.htmlen-US

https://example.com/change_passworden-US.en-US2.���

https://example.com/en-USchange_passworden-US.en-US3.���

https://owasp.org/www-project-web-security-testing-guide/en-US

https://en-USowasp.org/www-project-mobile-security-testing-guide/en-US.

http://google.com

http://www.google.com

https://en-USen.wikipedia.org/wiki/Percent-encodingen-US.en-USFor

https://www.urlencoder.org/en-US

http://gchq.github.io/CyberChef/en-US

https://medium.com/@vickielien-USIt

http://mediumen-US.com/en-UShttp://medium.com/en-UShttps://twitter.com/@vickieli7en-UShttps://medium.com:8080/@vickielien-USThe

https://medium.com/en-US

http://en-USmedium.com/en-US

http://medium.com/en-US

https://twitter.com/@vickieli7en-US

https://medium.com:8080/@vickielien-US

http://en-USattacker.com

https://www.kali.org/downloads/en-US.en-USIf

https://www.mozilla.org

https://portswigger.net/burp/en-US.

http://en-USexample.com/loginen-US.

https://www.sublimetext.com/en-US

https://obsidian.md/en-US

https://www.xmind.net/en-US

https://en-USen.wikipedia.org/wiki/ReDoS

http://reddit.com

http://stackoverflow.com

http://example.com

http://s3.amazonaws.com

https://www.exploit-db.com/google-hacking-database/en-US

http://en-USfacebook.com

http://en-USViewDNS.info

https://viewdns.info/reversewhois/en-US

http://ViewDNS.info

https://rdap.arin.net/registry/ip/157.240.0.0en-USOrgName:

https://rdap.arin.net/registry/entity/THEFA-3en-USOrgAbuseHandle:

https://rdap.arin.net/registry/entity/OPERA82-ARINen-USOrgTechHandle:

https://rdap.arin.net/registry/entity/OPERA82-ARINen-USAnother

http://whois.cymru.com

http://crt.sh

https://crt.sh/en-US

http://facebook.com

https://github.com/danielmiessler/SecLists/en-US

https://github.com/en-US

https://github.com/infosec-au/altdns/en-US

http://scanme.nmap.org

http://dirsearch.py

http://scanme.nmap.org/.svn/en-US[12:31:15]

http://scanme.nmap.org/images/en-US[12:31:40]

http://scanme.nmap.org/shared/en-USTask

http://en-US.com/FortyNorthSecurity/EyeWitness/en-US

https://github.com/dxa4481/en-USSnapper/en-US

https://www.zaproxy.org/en-US

http://en-USs3.amazonaws.com/BUCKETen-US,

http://amazonaws.com

https://buckets.grayhatwarfare.com/en-US

https://github.com/nahamsec/lazys3/en-US

https://github.com/eth0izzle/en-USbucket-stream/en-US

https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-con

https://github.com/streaak/keyhacks/en-US

https://github.com/michenriksen/gitrob/en-US

https://github.com/en-UStruf

https://pastebin.com/en-US

https://github.com/en-USkevthehermit/PasteHunter/en-US

https://en-USarchive.org/web/en-US

https://github.com/tomnomnom/waybackurls/en-US

https://cve.mitre.org/cve/searchen-US

https://nmap.org

http://nmap.org/submit/.en-USNmap

https://example.com/phpmyadminen-US,

http://en-US.wappalyzer.com/en-US

https://builtwith.com/en-US

https://stackshare.io/en-US

https://www.codecademy.com/en-US

http://1en-USdirsearch.py

http://recon.sh

http://scanme.nmap.org/.svn/en-US[11:14:33]

http://scanme.nmap.org/images/

http://scanmme.nmap.org

https://crt.sh/?q=$DOMAIN&output=json

https://www.rexegg.com/regex-quickstart.htmlen-US

http://en-US.name

https://stedolan.github.io/jq/manual/en-US

http://fbcdn.net

http://scan.sh

http://scan_diff.sh

https://github.com/new/en-US.

https://developer.shodan.io/en-US

https://api.shodan.io/shodan/host/{ip}?key={YOUR_API_KEY}en-US.

https://www.linkedin.com/developers/en-US

https://api.linkedin.com/v2/people/en-US{PERSON

https://censys.io/apien-US

https://censys.io/api/v1en-US.

https://github.com/en-USlanmaster53/recon-ng-marketplace/wiki/API-Keys/en-US.en-USStart

http://IP.en-USViewDNS.info

https://viewdns.info/reverseip/en-US

http://domain.en-UScrt.sh

https://censys.io/en-US

https://en-USsslmate.com/certspotter/en-US

https://github.com/aboul3la/Sublist3r/en-US

http://en-US.com/TheRook/subbrute/en-US

https://github.com/OWASP/Amass/en-US

https://github.com/OJ/gobuster/en-US

https://github.com/assetnote/commonspeak2/en-US

https://github.com/infosec-au/altdnsen-US

https://nmap.org/en-US

https://github.com/robertdavidgraham/en-USmasscan/en-US

https://www.shodan.io/en-US

https://www.rapid7.com/research/project-sonar/en-US

https://github.com/maurosoria/dirsearch/en-US

https://en-USgithub.com/OJ/gobusteren-US

https://github.com/FortyNorthSecurity/EyeWitness/en-US

https://github.com/dxa4481/Snapper/en-US

https://owasp.org/www-project-zap/en-US

https://en-USgithub.com/eth0izzle/bucket-stream/en-US

https://www.exploit-db.com/googleen-US

https://github.com/truf

https://github.com/kevthehermit/PasteHunter/en-US

https://archive.org/web/en-US

https://cve.mitre.org/cve/search_cve_list.htmlen-US

https://www.wappalyzer.com/en-US

https://retirejs.github.io/retire.js/en-US

https://git-scm.com/en-US

https://github.com/projectdiscovery/en-USnuclei/en-US

https://github.com/intrigueio/intrigue-core/en-US

https://www.w3schools.com/html/default.aspen-US

http://gmail.com

http://attacker.com

http://attacker.com/xss.js/en-US

http://attacker.com/xss.js

https://en-USsubscribe.example.com

https://subscribe.example.com

http://attacker.co

https://example.com/search?q=en-US

https://example.com

https://portswigger.net/web-security/cross-site-scripting/en-USdom-based/en-US.

https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Preventionen-US

https://www.offensive-security.com/awae-oswe/en-US.en-USBefore

https://github.com/OWASP/IoTGoat/en-US.

https://example.com/upload_profile_pic?url=IMAGE_URLen-USThe

https://en-USportswigger.net/web-security/cross-site-scripting/cheat-sheet/en-US.

http://attacker.com/test.js

https://polyglot.innerht.ml/en-US:en-USjavascript:

https://xsshunter.com/featuresen-US

https://js.do/en-US,

https://en-USowasp.org/www-community/xss-

http://en-USxhr.open

https://example.com/dashboarden-US,

https://example.com/login.en-USTo

https://example.com/login?redirect=https://example.com/dashboarden-US

https://example.com/login?redirect=https://example.com/settingsen-US.

https://example.com/login?redirect=https://en-USattacker.comen-US.

https://example.com/login

http://example.co

https://en-USexample.com/loginen-US

https://example.com/login?en-USredirect=https://example.com/dashboarden-UShttps://example.com/login?en-USredir=https://example.com/dashboarden-UShttps://example.com/login?en-USnext=https://example.com/dashboarden-UShttps://example.com/login?en-USnext=/dashboarden-USOpen

https://example.com/loginen-US.

https://example.com/login?next=dashboarden-US.en-USNote

https://example.com/login?next=https://example.com/dashboarden-UShttps://example.com/login?u=http://example.com/settingsen-USAlso

https://example.com/login?n=/dashboarden-USAlternatively,

https://example.com/logout?dest=/en-UShttps://example.com/login?RelayState=https://example.com/homeen-UShttps://example.com/logout?forward=homeen-UShttps://example.com/login?return=home/settingsen-USNote

https://example.com/login?n=http://google.comen-UShttps://example.com/login?n=http://attacker.comen-USSome

https://attacker.com

https://attacker.com/@example.comen-USExploiting

https://example.com/login?redir=en-UShttp://example.com.attacker.comen-UShttps://example.com/login?redir=en-UShttp://attacker.com/example.comen-USTo

https://example.com/login?redir=en-UShttps://example.com.attacker.com/example.comen-USThis

https://example.com/login?redir=en-UShttps://[email protected]/example.comen-USCustom-built

https://example.com/login?redir=data:text/html;base64,en-USPHNjcmlwdD5sb2NhdGlvbj0iaHR0cHM6Ly9leGFtcGxlLmNvbSI8L3NjcmlwdD4=en-USExploiting

https://en-USexample.com/@attacker.comen-US.

http://en-USexample.com

https://attacker.com/@example.comen-USNon-ASCII

http://.example.com

https://attacker.com/.example.comen-USBrowsers

http://www.unicode.org/charts/en-US.

http://attacker.com/example.comen-USThis

http://en-US.com

https://example.com/@attacker.com/example.comen-USYou

https://example.com/login?next=https://attacker.com/fake_login.html.en-USThough

https://example.com/?next=https://attacker.com/en-USThis

https://www.example.com

https://www.youtube.com/embed/d1192Sqk

https://en-USwww.example.com/transfer_moneyen-US.

https://www.example.com/transfer_money?recipient=RECIPIENT_ACCOUNTen-US

https://www.example.com/transfer_money?en-US

https://www.example.com/transfer_money?

http://en-USbank.example.com/password_changeen-US

http://en-USbank.example.com/transfer_moneyen-US

http://en-USbank.example.com/unlinken-USYou

https://en-UShackerone.com/reports/591432/en-US.

https://bank.example.com/change_billing_email?email=attacker@at

http://tacker.com

https://bank.example.com/send_summary

https://en-USgithub.com/trustedsec/social-engineer-toolkit/en-US

https://twitter.com/send_a_tweet

https://twitter.com/send_aen-US

https://en-UStwitter.com/send_a_tweeten-US

https://twitter.com/send_a_tweeten-US.

https://email.example.com/password_change?new_password=abc123en-US.en-USSince

http://en-USemail.example.com/password_changeen-USPOST

http://en-USemail.example.com/send_emailen-USPOST

http://en-USemail.example.com/delete_emailen-USPOST

https://email.example.com/password_change

http://en-US.example.com/password_changeen-US.

https://email.example.com/password_change?new_password=abc12

https://en-USen.wikipedia.org/wiki/Session_

http://attacker.com/example.com

https://email.example.com/set_password

https://email.example.com/set_password?new_password=this_accou

https://example.com/messages?user_id=1234.en-USNow,

https://example.com/en-USmessages?user_id=1233en-US?en-USYou

https://en-USexample.com/uploads?

https://example.com/en-USuploads?

https://example.com/messages?user_id=1232en-UShttps://example.com/messages?user_id=1231en-USThis

https://example.com/messages?user_key=6MT9EalV9F7r9pns0mK1eDAEW

https://example.com/messages?user_id=1235en-US

https://example.com/messages?user_id=1236

https://example.com/messages?user_id=1236en-USThis

https://example.com/uploads?file=user1236-01.jpegen-USThis

https://example.com/group_files?group=group3en-USThis

https://example.com/messages?user_id=MTIzNQen-UShttps://example.com/messages?user_id=MTIzNgen-USThese

http://example.com/uploads/user1236-01.jpegen-USyou

http://example.com/uploads/user1236-01.jpeg

http://example.com/uploads/user1236-01.jpegen-US

https://github.com/Quitten/Autorize/en-US

https://github.com/nccgroup/AutoRepeater/en-US

https://github.com/SecurityInnovation/AuthMatrix/en-US

https://www.w3schools.com/sql/default.aspen-US.

https://en.wikipedia.org/wiki/Prepared_statementen-US.en-USAnother

https://cheatsheetseries.owasp.org/cheatsheets/SQLen-US

https://en-USexample.com/output.txten-US.

https://github.com/codingo/NoSQLMap/en-US

https://docs.mongodb.com/en-USmanual/faq/fundamentals/index.htmlen-US.

http://www.example.com/shell.php?cmd=en-USCOMMANDen-USAutomating

http://sqlmap.org/en-US

https://github.com/sqlmapproject/en-USsqlmap/wiki/en-US.

http://www.dvwa.co.uk/en-US.

https://en.wikipedia.org/wiki/Race_conditionen-US

https://en-UShackerone.com/hacktivity?querystringen-US

http://en-USpublic.example.com/proxyen-US,

https://public.example.com/proxy?url=https://google.comen-USNow

https://public.example.com/proxy?url=https://admin.example.comen-USHere,

https://public.example.com/send_request?url=https://admin.example.com/de

https://www.attacker.com/profile.jpegen-USTo

https://api.slack.com/apps/en-US

https://www.attacker.com/profile.jpegen-USProxy

https://public.example.com/proxy?url=https://google.com

https://en.wikipedia.org/wiki/Reserved_IP_addressesen-US.en-USTo

https://public.example.com/proxy?url=https://192.168.0.1en-USStep

https://en-USgithub.com/swisskyrepo/SSRFmap/en-US

https://pics.example.com/123?redirect=127.0.0.1en-USThe

http://en-USpics.example.com

https://pics.example.com

https://public.example.com/proxy?url=https://attacker.com/ssrfen-USThen,

https://attacker.com/ssrfen-US,

https://attacker.com/ssrf,en-US

https://en.wikipedia.org/wiki/IPv6_addressen-US.en-USTricking

https://public.example.com/proxy?url=https://attacker.comen-USNow

https://public.example.com/proxy?url=https://0x7f.0x0.0x0.0x1en-USOctal

https://public.example.com/proxy?url=https://0177.0.0.01

https://public.example.com/proxy?url=https://2130706433en-USWhen

https://public.example.com/proxy?url=https://%6c%6f%63%61%6c%68%6f%73%74

https://public.example.com/proxy?url=http://169.254.169.254/latest/meta-

https://en-USdocs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.htmlen-US.

https://cloud.google.com/compute/en-USdocs/storing-retrieving-metadataen-US/en-US.

https://public.example.com/webhook?url=10.0.0.1

https://public.example.com/en-USwebhook?url=10.0.0.2en-US

https://public.example.com/proxy?url=https://admin.example.com

http://en-USadmin.example.com/delete_user

https://www.php.net/manual/en/install.phpen-US

https://extendsclass.com/php.htmlen-US

https://java.com/en/download/help/download_options.htmlen-US.

https://www.en-UStutorialspoint.com/compile_java_online.phpen-US.en-USPHPen-USAlthough

https://en-USwww.owasp.org/index.php/PHP_Object_Injectionen-US:en-US1en-US

https://www.php.net/en-USmanual/en/language.oop5.magic.phpen-US.

https://owasp.org/www-community/vulnerabilities/PHP_Object_Injectionen-US:en-USclass

https://en-USowasp.org/www-community/vulnerabilities/PHP_Object_Injectionen-US.en-USSay

https://en.wikipedia.org/wiki/Return-oriented_programmingen-US.en-USJavaen-USNow

http://en-USjava.io

http://java.io

https://github.com/frohoff/ysoserial/en-US

https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet/en-US.

https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.htmlen-US.en-USHunting

http://example.com/index.html

https://en-USgithub.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/XML_Externalen-US

http://www.w3.org/2001/XInclude

http://en-USwww.w3.org/2001/XIncludeen-US

https://en.wikipedia.org/wiki/Billion_laughs_attacken-US.

https://xmllint.com/en-US

https://github.com/ONsec-Lab/scripts/blob/en-USmaster/xxe-ftp-server.rben-US:en-US

http://f.read

https://en-USportswigger.net/research/server-side-template-injection/en-US.en-USMany

https://ctf-wiki.github.io/ctf-wiki/pwn/linux/sandbox/en-USpython-sandbox-escape/en-US

https://book.hacktricks.xyz/misc/basic-python/en-USbypass-python-sandboxes/en-US

https://programmer.help/blogs/python-sandbox-escape.htmlen-USAutomating

https://github.com/epinna/tplmapen-US/en-US

https://example.com/login/en-US.

https://example.com/en-USmfa/en-US.

https://example.com/security_questions/en-US.

https://example.com/security_questions/en-US,

http://shop.example.com

https://example.com/YWRtaW4/admin.phpen-US,

https://example.com/YWRtaW4/admin.phpen-US.

https://example.com/YWRtaW4/dashboard.phpen-US,

https://example.com/en-US

http://example.com/uploads?

http://example.com/upload?file=../../../../../etc/shadowen-USThe

http://example.com/?page=index.phpen-US

http://example.com/?page=about.phpen-US,

http://example.com/?page=http://attacker.com/malicious.php?cmd=ls

http://example.com/?page=de-index.phpen-US

http://en-USexample.com/?page=en-index.phpen-US

http://example.com/?page=../uploads/USERNAME/malicious.phpen-USIf

http://example.com/?page=http://attacker.com/malicious.phpen-UShttp://example.com/?page=http:attacker.com/malicious.phpen-USAnd

http://example.com/?page=../uploads/malicious.phpen-UShttp://example.com/?page=..%2fuploads%2fmalicious.phpen-USYou

http://en-USa.example.com/en-USuser_infoen-US.

http://en-USa.example.com/user_infoen-US

http://en-USRECIPIENT_WINDOW.post

http://en-USwindow.open

http://window.open

https://b.example.com

http://en-USrecipient_window.post

https://a.example.com

http://en-USa.example.com/useren-US

http://en-USb.example.com

https://a.example.com/user_info

https://a.example.com/user_info?callback=parseinfo

https://a.example.com/user_info?jsonp=parseinfo

http://www.example.com.attacker.com

https://en-USen.wikipedia.org/wiki/Encryption#Attacks_and_countermeasuresen-US.en-USSAML

http://en-USidentity.com/oauth?en-USclient_id=en-USCLIENT_IDen-US&response_type=codeen-US&state=en-USSTATEen-US&redirect_uri=https://example.com/callbacken-US&scope=emailen-USThen,

https://example.com/callback?authorization_code=abc123&state=STATEen-USThe

http://en-USidentity.com/oauth/token?en-USclient_id=en-USCLIENT_IDen-US&client_secret=CLIENT_SECRETen-US&redirect_uri=https://example.com/callbacken-US&code=abc123en-USThe

https://example.com/callback?#access_token=xyz123en-USA

https://example.com/callback?next=attacker.comen-USwill

https://example.com/callback?next=attacker.com#access_token=xyz123en-USand

http://en-USidentity.com/oauth?en-USclient_id=en-USCLIENT_IDen-US&response_type=codeen-US&state=en-USSTATEen-US&redirect_uri=https://example.com/callback?next=attacker.comen-US&scope=emailen-USAnother

https://example.com/login_via_facebook

https://example.com/callback?#access_token=xyz123en-USThen

https://example.com/logout?next=attacker.com

https://example.com/callback?next=example.com/logout?next=a

https://example.com/callback?next=example.com/logout?next=attacker.com#a

https://example.com/logout?next=attacker.com#access_token=xyz123en-USThen

https://github.com/EdOver

https://github.com/hashicorp/vault/en-US

https://github.com/duo-labs/secret-bridge/en-US

https://example.com/images/en-US

https://example.com/image?url=/images/1.pngen-USIn

https://example.com/image?url=/images/../index.htmlen-USSimilarly,

https://example.com/image?url=/images/../../../../../../../etc/shadowen-USIt

https://web.archive.org/web/*/en-USDOMAINen-US.en-USAdd

https://web.archive.org/web/*/example.com/*en-US

https://en-USgithub.com/streaak/pastebin-scraper/en-US

http://scrape.sh

http://en-USpastebin.com/IDen-US.en-USStep

https://github.com/en-USdxa4481/truf

https://github.com/zricethezav/gitleaks/en-US

https://example.com/.giten-USThree

http://example.com/.giten-USBut

https://example.com/.git/configen-USIf

https://example.com/.git/HEADen-USUse

https://example.com/.git/refs/heads/masteren-USUse

https://example.com/.git/objects/0a/72e6850ef963c6aeee4121d38cf9de773865

https://example.com/.git/objects/4b/66088945aab8b967da07ddd8d3cf8c47a3f5

http://STDIN.read

http://sys.stdin.read

https://github.com/GerbenJavado/LinkFinder/en-US

https://owasp.org/www-projecten-US

https://owasp.org/www-community/vulnerabilities/PHP_Objecten-US

https://api.github.com

https://cve.mitre.org/en-US

https://en-USowasp.org/www-project-dependency-check/en-US

http://dev.example.com/admin?debug=1&password=password

http://en-USattacker.com/example.comen-US,

https://www.example.com/index.html

https://example.com/downloaden-US.

https://example.com/abcen-US:en-UShttps://example.com/download?download_file=https://example.com/abcen-USThe

https://example.com/download?download_file=https://example.com/download;

https://api.example.com/new_password

http://requests.post

https://example.com/change_password?new_password=abc&csrf_token=en-UShttps://example.com/change_password?new_password=abcen-USCode

https://github.com/OWASP/owasp-mstg/en-US

https://frida.re/docs/installation/en-US.

https://codeshare.frida.re/@pcipolloni/en-US

https://github.com/sensepost/objection/en-US

https://developer.android.com/guide/topics/manifest/manifest-intro/en-US.en-USThe

https://developer.android.com/studio/en-UScommand-line/adb/en-US.en-USTo

https://developer.android.com/studio/en-US.en-USApktoolen-USApktoolen-US,

http://en-US.github.io/Apktool/en-US.en-USYou

https://frida.re/en-US

https://github.com/en-USMobSF/Mobile-Security-Framework-MobSF/en-US

https://developer.twitter.com/en/docs/en-UStwitter-api/en-US

https://t.co/en-USMkGjXf9aXm

https://t.co/MkGjXf9aXm

https://twitter.com/i/web/en-USstatus/1050118621198921728

http://twitter.com/i/web/status/1...

https://api.twitter.com/1.1/statuses/show/en-US

https://api.twitter.com/1.1/users/show/en-US

https://api.twitter.com/1.1/statuses/destroy/en-US,

https://api.twitter.com/1.1/statuses/en-USretweet/en-US.

https://api.twitter.com/1.1/RESOURCE/ACTIONen-US

https://api.twitter.com/1.1/users/showen-UShttps://api.twitter.com/1.1/statuses/showen-UShttps://api.twitter.com/1.1/statuses/destroyen-UShttps://api.twitter.com/1.1/statuses/retweet

http://doc.s3.amazonaws.com/2006-03-01

http://s3.amazonaws.com/doc/2006-03-01

https://SHOPNAME.myshopify.com/admin/api/API_VERSION/graphql.json

https://example.myshopify.com

http://example.myshopify.com

http://johns-apparel.com

https://graphql.org/en-US.en-USGraphQL

https://www.postman.com/en-US

https://github.com/graphql/graphql-playground/en-US

https://www.zaproxy.org/blog/2020-08-28en-US

https://github.com/nikitastupin/en-USclairvoyance/en-US

https://swagger.io/en-US

https://gist.github.com/yassineaboukir/8e12aen-USdefbd505ef704674ad6ad48743d/en-US.

https://github.com/OWASP/wstg/en-US

https://github.com/google/AFL/en-US

https://github.com/xmendez/wfuzz/en-US

http://example.com/FUZZen-USYou

http://example.com/adminen-UShttp://example.com/admin.phpen-UShttp://example.com/cgi-binen-UShttp://example.com/secureen-UShttp://example.com/authorize.phpen-UShttp://example.com/cron.phpen-UShttp://example.com/administrator

http://example.com/view_inbox?user_id=FUZZen-USSay

http://en-USexample.com/view_inboxen-US

http://example.com/view_inbox?user_id=1en-UShttp://example.com/view_inbox?user_id=2en-UShttp://example.com/view_inbox?user_id=3en-USOnce

https://github.com/minimaxir/big-list-of-naughty-strings/en-US

https://github.com/en-USfuzzdb-project/fuzzdb/en-US

http://facebook.co

http://facebook.com/FUZZen-USTotal

http://e.com/adminen-USThe

http://example.com/adminen-USTotal

http://example.com/view_message?message_id=FUZZen-USThen

http://example.com/get_user?use

http://example.com/get_useren-USMore

https://wfuzz.readthedocs.io/en-US.en-USFuzzing

https://github.com/xmendez/en-US

http://en-USJen-USjava.io

https://nostarch.com/bug-bounty-bootcamp/en-US

http://231en-USwww.nostarch.com