Shazzer - Shared online fuzzing

- Home
- Vectors
- Network
- Tools
- Blog
  - Blog home
  - RSS
- Help
- Home
- Vectors
- Network
- Tools
- Blog
  - Blog home
  - RSS
- Help

Sanitizing...

Shazzer
Shared online fuzzer

Fuzzing browsers since 2012

Made by Gareth Heyes
Follow me on Twitter: @garethheyes

New users

0xs8n Connor1105 VAENPP MachiavelliII pablosobrerobdo hocnc hipotermiahacks fishystock dulphMain dandh811 Serizao-bzhunt t0t048 LEEjieiun nullkrypt jonathanlevy-imper xkmikze L3ster1337 ixSly fiansodesmines x6vrn

Popular users

hackvertor (38)renniepak (9)JorianWoltjer (6)joaxcar (5)albinowax (5)0x999-x (4)RenwaX23 (4)masatokinugawa (3)d0ge (2)hansmach1ne (2)AyushXtha (2)securaji (1)DreyAnd (1)jonathann403 (1)B-i-t-K (1)koto (1)ThomasOrlita (1)weizman (1)InsertScript (1)K4r1it0 (1)

Recently updated vectors

Characters between element name and >masato - braves parsing finding valid characters JavaScript separators between function names Characters allowed after parentheses Characters allowed before parentheses Characters that act like new line or single line comment Characters after strings HTML comment before greater than Characters that act as quotes or whitespace Characters that can break out of a single line comment framers event executors Characters that can be inserted in the middle of the JS protocol name Characters that change length on .toLowerCase()Break out of CSS strings Characters allowed in-between hyphens Characters allowed as a class separator Characters allowed within a hostname but don't change the hostname Characters that change length on .toUpperCase()Characters allowed between an object and the dot operator characters after slash that make a http protocol

New vectors

Characters allowed in middle of HTML tag name Characters allowed as start of HTML tag name Valid space characters in a regex Unicode "Latin" characters using \p{scx=Latin} RegEx Characters matching RegEx /\w/ui Characters allowed in between // in absolute URL characters between function name and parentheses Characters allowed begin from a forward slash character in javascript protocol Characters allowed while closing script tag Characters after https URI scheme which prevent URL parsing of href chars before img tags Chars allowed before style attribute...Characters allowed before after onerror events Electron XSS TEST Characters allowed in between @import dsqd Closing title tag name separators masato - braves parsing finding entity test masato - braves parsing finding valid characters masato - braves parsing finding valid attributes

Most popular

URL domain dot alternatives (6.5k)Characters allowed javascript and colon (6.3k)JavaScript Scheme starting with https:// (6.2k)Characters allowed between hostname and / but don't change the hostname (5.3k)Characters between < and element name (5.3k)Characters that can precede the javascript protocol (5.1k)DOM element relationships (5k)HTML entities that create ASCII characters inside a JavaScript URL (4.7k)characters allowed between exclamation mark and greater then (4.6k)Characters allowed javascript and colon copy2 (4.5k)< removal bypass (4.2k)Characters appended at the end of TLD within URL, which yield in the same Origin (3.8k)Characters that close or encapsulate HTML attribute values (3.7k)Character that closes HTML tag (3.7k)Characters that cause exceptions when URL encoded (3.7k)Entities that cause an external URL before @ (3.6k)Unicode characters that get normalized into path traversal characters (3.5k)Characters allowed between multiple HTML attributes (3.4k)Characters allowed after hostname but don't change the hostname (3.4k)Includes Validation Chars Allowed (3.4k)

Most liked

URL domain dot alternatives (5)Entities that cause an external URL before @ (4)Characters allowed between multiple HTML attributes (4)Characters allowed between hostname and / but don't change the hostname (4)JavaScript Scheme starting with https:// (4)HTML entities that create ASCII characters inside a JavaScript URL (4)Characters allowed javascript and colon (3)Characters that can precede the javascript protocol (3)Characters allowed while closing script tag (3)Characters allowed inside javascript protocol and still returns the hostname (3)Characters that cause an external URL before @ (3)Characters allowed after optional chaining (2)HTML elements that are self closing or different text content (2)Characters allowed after hostname but don't change the hostname (2)Unicode characters that get normalized into path traversal characters (2)Characters that can be used as valid labels in JavaScript (2)Characters that cause exceptions when URL encoded (2)Characters that can start an HTML comment (2)Characters appended at the end of TLD within URL, which yield in the same Origin (2)Characters allowed in-between operators (2)

disconnected

Distributed Fuzzing

Enabled:

Status:disconnected

Your browser automatically contributes to distributed fuzzing when idle.