encoderama is a simple tool for encoding input strings or wordlists then using the output to, primarily, fuzz web applications.
Assuming you have golang installed...
git clone and go build
To see the usuage run ./encodarama without any arguments.
The default encoding types are:
- Output plain (p)
- URL encode key characters (u)
- HTML encode key characters (h)
URL encode and double URL encode key characters (also plaintext):
./encoderama -f /tmp/input.txt -e p,u,du
Hello World
% is a key char
So is +
Hello World
% is a key char
So is +
Hello+World
%25+is+a+key+char
So+is+%2B
Hello%2BWorld
%2525%2Bis%2Ba%2Bkey%2Bchar
So%2Bis%2B%252BURL encode an injection test string but build up the string one char at a time:
./encoderama -i -e u '">;!--\"<xss>=&{()}'
%22
%22%3E
%22%3E%3B
%22%3E%3B%21
%22%3E%3B%21-
%22%3E%3B%21--
%22%3E%3B%21--%5C
%22%3E%3B%21--%5C%22
%22%3E%3B%21--%5C%22%3C
%22%3E%3B%21--%5C%22%3Cx
%22%3E%3B%21--%5C%22%3Cxs
%22%3E%3B%21--%5C%22%3Cxss
%22%3E%3B%21--%5C%22%3Cxss%3E
%22%3E%3B%21--%5C%22%3Cxss%3E%3D
%22%3E%3B%21--%5C%22%3Cxss%3E%3D%26
%22%3E%3B%21--%5C%22%3Cxss%3E%3D%26%7B
%22%3E%3B%21--%5C%22%3Cxss%3E%3D%26%7B%28
%22%3E%3B%21--%5C%22%3Cxss%3E%3D%26%7B%28%29
%22%3E%3B%21--%5C%22%3Cxss%3E%3D%26%7B%28%29%7D
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent