Shazzer - Shared online fuzzing

- Home
- Blog
  - Blog home
  - RSS
- Login
- Vectors
- Unicode table
- Help
- Home
- Blog
  - Blog home
  - RSS
- Login
- Vectors
- Unicode table
- Help

Shazzer
Shared online fuzzer

Fuzzing browsers since 2012

Made by Gareth Heyes
Follow me on Twitter: @garethheyes

New users

WaiZ0 lambdasawa james7malcolm-code prashunbaral 0xthem7 ilyas-cyber DaDrJ tsuruyu p4rr4 yellowrook1 trace37labs Giardi77 HazemHussien11 bbcoms3 fleazy IIlllIlIIl trongphuc12 Swaildeaf TitifelBro47 crinkytreadmill

Popular users

hackvertor (37)renniepak (9)JorianWoltjer (6)joaxcar (5)albinowax (5)RenwaX23 (4)0x999-x (4)masatokinugawa (3)d0ge (2)hansmach1ne (2)AyushXtha (2)freddyb (1)B-i-t-K (1)ThomasOrlita (1)koto (1)DreyAnd (1)jonathann403 (1)securaji (1)InsertScript (1)K4r1it0 (1)

Recently updated vectors

Properties are accessible in a sandboxed iframe Properties that are accessible on location Characters allowed before the JavaScript protocol Named HTML entities that can be closed with !Characters matching RegEx /\w/ui Valid space characters in a regex

New vectors

Valid space characters in a regex Unicode "Latin" characters using \p{scx=Latin} RegEx Characters matching RegEx /\w/ui Characters allowed in between // in absolute URL characters between function name and parentheses Characters allowed begin from a forward slash character in javascript protocol Characters allowed while closing script tag Characters after https URI scheme which prevent URL parsing of href chars before img tags Chars allowed before style attribute...Characters allowed before after onerror events Electron XSS TEST Characters allowed in between @import dsqd Closing title tag name separators masato - braves parsing finding entity test masato - braves parsing finding valid characters masato - braves parsing finding valid attributes masato - braves parsing finding Named HTML entities that can be closed with !

Most popular

URL domain dot alternatives (6k)Characters allowed javascript and colon (5.8k)JavaScript Scheme starting with https:// (5.8k)Characters between < and element name (5.2k)Characters that can precede the javascript protocol (4.9k)DOM element relationships (4.9k)Characters allowed between hostname and / but don't change the hostname (4.9k)Characters allowed javascript and colon copy2 (4.4k)characters allowed between exclamation mark and greater then (4.2k)HTML entities that create ASCII characters inside a JavaScript URL (4.1k)< removal bypass (4.1k)Character that closes HTML tag (3.6k)Characters that close or encapsulate HTML attribute values (3.6k)Entities that cause an external URL before @ (3.4k)Characters that cause exceptions when URL encoded (3.3k)Characters appended at the end of TLD within URL, which yield in the same Origin (3.3k)Includes Validation Chars Allowed (3.3k)Characters allowed between multiple HTML attributes (3.3k)Characters allowed in-between operators (3.2k)Characters allowed after hostname but don't change the hostname (3.2k)

Most liked

URL domain dot alternatives (5)JavaScript Scheme starting with https:// (4)Characters allowed between hostname and / but don't change the hostname (4)Characters allowed between multiple HTML attributes (4)HTML entities that create ASCII characters inside a JavaScript URL (4)Entities that cause an external URL before @ (4)Characters that cause an external URL before @ (3)Characters allowed inside javascript protocol and still returns the hostname (3)Characters allowed while closing script tag (3)Characters allowed javascript and colon (3)Characters that can precede the javascript protocol (3)Characters that cause exceptions when URL encoded (2)Properties that contain URLs (2)Characters allowed after hostname but don't change the hostname (2)Unicode characters that get normalized into path traversal characters (2)Characters that can start an HTML comment (2)HTML elements that are self closing or different text content (2)Characters appended at the end of TLD within URL, which yield in the same Origin (2)Characters allowed in-between operators (2)Characters that can be used as valid labels in JavaScript (2)