-
Notifications
You must be signed in to change notification settings - Fork 19
/
EnDeFile.txt
107 lines (95 loc) · 6.9 KB
/
EnDeFile.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
# =========================================================================== #
# vi: ts=8:
# vim: ts=8:
#?
#? NAME
#? EnDeFile.txt - list of files with test attack pattern
#?
#? DESCRIPTION
#? List of files for EnDe.GUI.menu.
#? Each file line describes one file as follows:
#? file key target prefix function text description
#?
#? key - file name
#? text - descriptive name used in SELECT->OPTION menu
#? description - descriptive text used in title= attribute
#? target - HTML tag id where menu should be created
#? default, if missing: EnDeDOM.f.EN
#? function- function to be called by SELECT menu
#? prefix - prefix (label) prepended to generated SELECT menu
#? default, if missing: :
#? This string may start with <br> to force a line break
# # TODO: (known to work in Gecko, but not Chrome).
#?
# HACKER's INFO
# This File cannot contain / reference to EnDeUser.xml. This is a bug
# in the GUI where EnDeUser.xml is already used elsewhere.
#?
#? SEE ALSO
#? EnDeMenu.txt
#?
#? VERSION
#? @(#) EnDeFile.txt 3.15 14/11/09 18:47:08
#?
#? AUTHOR
#? 27-dez-07 Achim Hoffmann, mailto: EnDe (at) my (dash) stp (dot) net
#?
# -----------------------------------------------------------------------------
# =========================================================================== #
# menu for files with attack pattern #
# =========================================================================== #
makeID auto
#------+---------------+-------------------------------+-----------------------------------------------+---------------+-------------------------------+--------------+
#head key text description target function prefix
#------+---------------+-------------------------------+-----------------------------------------------+---------------+-------------------------------+--------------+
group File.XSS.extern XSS (external file) load external file with XSS pattern
file http://ha.ckers.org/xssAttacks.xml XSS Attacks (ha.ckers.org) add XSS Attack Pattern to Encoding textarea EnDeDOM.EN.Edit EnDeGUI.dispatch(this,'EN') <br>XSS Cheat Seat:
file http://mario.heideri.ch/xss.xml XSS Attacks (mario.heidri.ch) add XSS Attack Pattern to Encoding textarea EnDeDOM.EN.Edit EnDeGUI.dispatch(this,'EN') <br>XSS Cheat Seat:
group File.XSS.local XSS (local file) load local file with XSS pattern
file xssAttacks.xml XSS Attacks (ha.ckers.org) add XSS Attack Pattern to Encoding textarea EnDeDOM.EN.Edit EnDeGUI.dispatch(this,'EN') <br>XSS Cheat Seat:
file xss.mario.xml XSS Attacks (mario.heidri.ch) add XSS Attack Pattern to Encoding textarea EnDeDOM.EN.Edit EnDeGUI.dispatch(this,'EN') <br>XSS Cheat Seat:
file xss.h4k.xml XSS Attacks (h4k.in) add XSS Attack Pattern to Encoding textarea EnDeDOM.EN.Edit EnDeGUI.dispatch(this,'EN') <br>XSS Cheat Seat:
group File.SQL.local SQL (local file) load local file with SQL pattern
file sqlPattern.xml SQL Pattern add SQL Injection Pattern to Encoding textarea EnDeDOM.EN.Edit EnDeGUI.dispatch(this,'EN') <br>SQL Cheat Seat:
group File.Checksum Checksum (local file) load local file with Checksum functions
file EnDeCheck.txt Digit Checksum Functions functions to test checksum of a number EnDeDOM.DE.Edit EnDeGUI.dispatch(this,'Check') <br>Checksum:
# 'Check' is special, see EnDeGUI.js
group File.RegEx RegEx (local file) load local file with RegEx pattern
file core-rules.xml ModSecurity Core Rule Set 1.6.1 ModSecurity Core Rule Set 1.6.1 EnDeDOM.RE.Edit EnDeGUI.dispatch(this,'RE') <br>Core Rule Set 1.6.1:
file core-rules-2.0.xml ModSecurity Core Rule Set 2.0 ModSecurity Core Rule Set 2.0 EnDeDOM.RE.Edit EnDeGUI.dispatch(this,'RE') <br>Core Rule Set 2.0:
file core-rules-2.2.8.0-part1.xml ModSecurity Core Rule Set 2.2.8.0 part-1 ModSecurity Core Rule Set 2.2.8.0 part-1 EnDeDOM.RE.Edit EnDeGUI.dispatch(this,'RE') <br>Core Rule Set 2.2.8.0 (1):
file core-rules-2.2.8.0-part2.xml ModSecurity Core Rule Set 2.2.8.0 part-2 ModSecurity Core Rule Set 2.2.8.0 part-2 EnDeDOM.RE.Edit EnDeGUI.dispatch(this,'RE') <br>Core Rule Set 2.2.8.0 (2):
file core-rules-2.2.8.0-part2.xml ModSecurity Core Rule Set 2.2.8.0 part-3 ModSecurity Core Rule Set 2.2.8.0 part-3 EnDeDOM.RE.Edit EnDeGUI.dispatch(this,'RE') <br>Core Rule Set 2.2.8.0 (2):
file default_filter.xml PHPIDS Rules PHPIDS Rules EnDeDOM.RE.Edit EnDeGUI.dispatch(this,'RE') <br>PHPIDS Rules:
file OWASP-regex.xml OWASP Validation Regex Repository OWASP Validation Regex Repository EnDeDOM.RE.Edit EnDeGUI.dispatch(this,'RE') <br>OWASP Regex:
group File.Test Test load local file with test pattern for EnDe itself
file EnDeTest.txt Test pattern for all functions Test pattern for all EnDe functions (heureca!) EnDeDOM.f.TST EnDeGUI.dispatch(this,'EN') Test pattern:
file EnDeTest-Base.txt Test pattern for Base-N functions Test pattern for base-N functions EnDeDOM.f.TST EnDeGUI.dispatch(this,'EN') Test pattern:
file EnDeTest-Euro.txt Test pattern for all functions Test pattern for all EnDe functions (Euro) EnDeDOM.f.TST EnDeGUI.dispatch(this,'EN') Test pattern:
file EnDeTest-UCS2.txt Some test pattern (file in UCS2 format) Some test pattern (file in UCS2 format) EnDeDOM.f.TST EnDeGUI.dispatch(this,'EN') Test pattern:
file EnDeTest-UTF8.txt Some test pattern (file in UTF8 format) Some test pattern (file in UTF8 format) EnDeDOM.f.TST EnDeGUI.dispatch(this,'EN') Test pattern:
file EnDeTest-UTF8-UCS2.txt Some test pattern to explain UCS2/UTF8 problems Some test pattern to explain UCS2/UTF8 problems EnDeDOM.f.TST EnDeGUI.dispatch(this,'EN') Test pattern:
file EnDeTest-JSReg.xml Test pattern for JSReg (debug) Test pattern for JSReg (debug) EnDeDOM.EN.Edit EnDeGUI.dispatch(this,'EN') <br>JSreg test pattern:
group File.Misc Payloads files with test pattern, not used in EnDe itself
# values in target and function column below are dummies, must use [show payloads] button instead
file xss-evation.txt XSS pattern various XSS test pattern EnDeDOM.EN.Edit EnDeGUI.makelist(this.value) <br>none:
### cannaot use this file here, however the group definition would be fine
### but use File.User in the menu definition below will cause strange results
#group File.User EnDe User Files load local file with menus
#file EnDeUser.xml EnDes User Menu menu with user defined functions EnDeDOM.EN.Edit EnDeGUI.dispatch(this,'EN') <br>User Functons:
#------+---------------+-----------------------+------------------------------+
#head key text description
#------+---------------+-----------------------+------------------------------+
menu Files File for Menu build menu from this file
html SELECT
inside EnDeDOM.GUI.menu
id EnDeDOM.GUI.menu.s
size 1
onClick return EnDeGUI.dispatch(this,'FT')
use File.XSS.local
use File.SQL.local
use File.RegEx
use File.Checksum
use File.Test
use File.Misc
use File.XSS.extern