Shazzer - Shared online fuzzing

- Home
- Blog
  - Blog home
  - RSS
- Login
- Vectors
- Unicode table
- Help
- Home
- Blog
  - Blog home
  - RSS
- Login
- Vectors
- Unicode table
- Help

Shazzer
Shared online fuzzer

Fuzzing browsers since 2012

Made by Gareth Heyes
Follow me on Twitter: @garethheyes

New users

trace37labs Giardi77 HazemHussien11 bbcoms3 fleazy IIlllIlIIl trongphuc12 Swaildeaf TitifelBro47 crinkytreadmill 180masudrana alirezakhoshsohbat Pentestteamfood TS0NW0RK jejex0 lulzash adonisKahila alt3337 0xbartmoss logag1

Popular users

hackvertor (37)renniepak (9)JorianWoltjer (6)joaxcar (5)albinowax (5)RenwaX23 (4)0x999-x (4)masatokinugawa (3)d0ge (2)hansmach1ne (2)DreyAnd (1)securaji (1)jonathann403 (1)B-i-t-K (1)koto (1)ThomasOrlita (1)weizman (1)InsertScript (1)K4r1it0 (1)sqjor (1)

Recently updated vectors

Characters that change length on .toLowerCase()Characters allowed instead of equal sign Characters that are valid JS variables Characters that can break out of an inline style with double quotes Characters allowed either side of a variable assignment Characters matching RegEx /\w/ui Unicode "Latin" characters using \p{scx=Latin} RegEx

New vectors

Unicode "Latin" characters using \p{scx=Latin} RegEx Characters matching RegEx /\w/ui Characters allowed in between // in absolute URL characters between function name and parentheses Characters allowed begin from a forward slash character in javascript protocol Characters allowed while closing script tag Characters after https URI scheme which prevent URL parsing of href chars before img tags Chars allowed before style attribute...Characters allowed before after onerror events Electron XSS TEST Characters allowed in between @import dsqd Closing title tag name separators masato - braves parsing finding entity test masato - braves parsing finding valid characters masato - braves parsing finding valid attributes masato - braves parsing finding Named HTML entities that can be closed with !Characters cause self closing tag

Most popular

URL domain dot alternatives (5.6k)Characters allowed javascript and colon (5.5k)JavaScript Scheme starting with https:// (5.5k)Characters between < and element name (5.2k)DOM element relationships (4.9k)Characters that can precede the javascript protocol (4.9k)Characters allowed between hostname and / but don't change the hostname (4.9k)Characters allowed javascript and colon copy2 (4.4k)< removal bypass (4.1k)characters allowed between exclamation mark and greater then (3.9k)HTML entities that create ASCII characters inside a JavaScript URL (3.8k)Character that closes HTML tag (3.5k)Characters that close or encapsulate HTML attribute values (3.5k)Entities that cause an external URL before @ (3.4k)Includes Validation Chars Allowed (3.3k)Characters that cause exceptions when URL encoded (3.3k)Characters allowed between multiple HTML attributes (3.2k)Characters allowed in-between operators (3.2k)HTML elements that are self closing or different text content (3.2k)XSS vectors that consume tag (3.1k)

Most liked

URL domain dot alternatives (5)Characters allowed between multiple HTML attributes (4)HTML entities that create ASCII characters inside a JavaScript URL (4)Characters allowed between hostname and / but don't change the hostname (4)JavaScript Scheme starting with https:// (4)Entities that cause an external URL before @ (4)Characters allowed javascript and colon (3)Characters that can precede the javascript protocol (3)Characters allowed inside javascript protocol and still returns the hostname (3)Characters that cause an external URL before @ (3)HTML elements that are self closing or different text content (2)Characters allowed after hostname but don't change the hostname (2)Characters allowed after optional chaining (2)Unicode characters that get normalized into path traversal characters (2)Characters that can be used as valid labels in JavaScript (2)Characters that cause exceptions when URL encoded (2)Characters that can start an HTML comment (2)Characters appended at the end of TLD within URL, which yield in the same Origin (2)Characters allowed in-between operators (2)Properties that contain URLs (2)