Shazzer - Shared online fuzzing

- Home
- Blog
  - Blog home
  - RSS
- Login
- Vectors
- Unicode table
- Help
- Home
- Blog
  - Blog home
  - RSS
- Login
- Vectors
- Unicode table
- Help

Shazzer
Shared online fuzzer

Fuzzing browsers since 2012

Made by Gareth Heyes
Follow me on Twitter: @garethheyes

If you liked this, you may also like Hackvertor, The Spanner

New users

meme-lord junan-98 winterisland0710 6b6f6c6a61 DanielSchmerber qySec mrvcoder colfax0483 thisisatestaccdontusethesourcecodes rafi123123 backy2222 thehlopster Mpty-slk electro0nes wunna1x DIBO0 randomh4ck J1W0N-1209 sealldeveloper c2a

Popular users

hackvertor (33)renniepak (7)albinowax (5)joaxcar (5)0x999-x (4)masatokinugawa (3)d0ge (2)JorianWoltjer (2)freddyb (1)hansmach1ne (1)ThomasOrlita (1)DreyAnd (1)sqjor (1)securaji (1)InsertScript (1)B-i-t-K (1)koto (1)vitorfhc (1)K4r1it0 (1)weizman (1)

Recently updated vectors

Window properties All events on window Malformed HTML comments Escape inline double quote Characters that starts element name CSS inline property definition Fuzzing for Max sanitized input (simplified)Chars that can be used as opening bracket in innerHTML Characters allowed in the protocol that still resolve host name URL scheme separator alternatives copyh Unicode characters with a decomposition of 2+ ASCII characters and are registerable domains Characters that end unencapsulated HTML attribute values

New vectors

Characters that end unencapsulated HTML attribute values Unicode characters with a decomposition of 2+ ASCII characters and are registerable domains URL scheme separator alternatives copyh Characters allowed in the protocol that still resolve host name Chars that can be used as opening bracket in innerHTML Fuzzing for Max sanitized input (simplified)test-id CSS inline property definition Characters that starts element name Escape inline double quote Characters allowed before the JavaScript protocol colon Chars allowed between src and = in img tag Characters Allowed Between Protocol // and localhost Where Host Still Equals localhost Url parsing diff b/w window.open and new URL Characters ending XML Processing Instructions (WIP)Tags that DO NOT support HTML comments Tags that support HTML comments Tags that get moved out of parent Characters that can be inside the javascript protocol Tags that get reordered in the DOM

Most popular

URL domain dot alternatives (3949)DOM element relationships (3761)Characters allowed between hostname and / but don't change the hostname (3710)Characters between < and element name (3706)JavaScript Scheme starting with https:// (3589)Characters that can precede the javascript protocol (3435)Characters allowed javascript and colon copy2 (3239)Characters allowed javascript and colon (2997)< removal bypass (2986)characters allowed between exclamation mark and greater then (2806)Characters that close or encapsulate HTML attribute values (2694)Entities that cause an external URL before @ (2560)HTML entities that create ASCII characters inside a JavaScript URL (2437)Character that closes HTML tag (2434)Includes Validation Chars Allowed (2307)XSS vectors that consume tag (2171)Characters allowed between multiple HTML attributes (2060)Characters allowed after hostname but don't change the hostname (2037)All properties on navigator (two levels of nesting deep) (1942)Characters that cause an external URL before @ (1796)

Most liked

URL domain dot alternatives (5)Entities that cause an external URL before @ (4)HTML entities that create ASCII characters inside a JavaScript URL (4)JavaScript Scheme starting with https:// (4)Characters allowed between hostname and / but don't change the hostname (4)Characters that cause an external URL before @ (3)Characters allowed javascript and colon (3)Characters that can precede the javascript protocol (3)Characters allowed after hostname but don't change the hostname (2)Characters that cause exceptions when URL encoded (2)Characters allowed between multiple HTML attributes (2)Properties that contain URLs (2)Unicode characters that get normalized into path traversal characters (2)Characters that can start an HTML comment (2)HTML elements that are self closing or different text content (2)Characters appended at the end of TLD within URL, which yield in the same Origin (2)Characters allowed in-between operators (2)Characters that can be used as valid labels in JavaScript (2)Characters allowed after optional chaining (2)All events on window (1)