Skip to content

Instantly share code, notes, and snippets.

View AlishahMughal123's full-sized avatar
🎯
NooB On Its Way

aly_Inj3ctor AlishahMughal123

🎯
NooB On Its Way
12 followers · 41 following
View GitHub Profile
@nkentaro
nkentaro / urlcodec.py
Created January 16, 2017 10:27
url encode and decode in python3
import urllib.parse
def urlencode(str):
return urllib.parse.quote(str)
def urldecode(str):
return urllib.parse.unquote(str)
str = '{"name": "Kinkin"}'
@mhmdiaa
mhmdiaa / waybackurls.py
Last active July 11, 2024 07:32
import requests
import sys
import json
def waybackurls(host, with_subs):
if with_subs:
url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host
else:
url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host
@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active June 23, 2024 20:29
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@fransr
fransr / bucket-disclose.sh
Last active July 7, 2024 01:51
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
#!/bin/bash
# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"
@LuD1161
LuD1161 / setup_bbty.sh
Last active February 15, 2024 21:30
Setup Bug Bounty Tools on AWS instance / any VPS for that matter
#!/bin/bash
#
# Execute as wget -O - https://gist.github.com/LuD1161/66f30da6d8b6c1c05b9f6708525ea885/raw | bash
# # Thanks JeffreyShran for the gist url thing
#
#
# It's debian based, so for centos and likewise you have to change apt to yum and similarly
#
InstallationStartTime=$(date +%s)
@arbazkiraak
arbazkiraak / bbprograms.txt
Created November 7, 2019 13:54 — forked from haxcited/bbprograms.txt
google dork -> site:.co.uk inurl:"responsible disclosure"
https://registry.internetnz.nz/about/vulnerability-disclosure-policy/
http://www.123contactform.com/security-acknowledgements.htm
https://18f.gsa.gov/vulnerability-disclosure-policy/
https://support.1password.com/security-assessments/
https://www.23andme.com/security-report/
https://www.abnamro.com/en/footer/responsible-disclosure.html
https://www.accenture.com/us-en/company-accenture-responsible-disclosure
https://www.accredible.com/white_hat/
https://www.acquia.com/how-report-security-issue
@jhaddix
jhaddix / Github bash generated search links (from hunter.sh)
Created January 12, 2020 19:55
Github bash generated search links (from hunter.sh)
@dwisiswant0
dwisiswant0 / st8out.sh
Last active February 17, 2024 16:48
St8out - Extra one-liner for reconnaissance
#!/bin/bash
#####
#
# St8out - Extra one-liner for reconnaissance
#
# Usage: ./st8out.sh target.com
#
# Resources:
# - https://github.com/j3ssie/metabigor
@gwen001
gwen001 / ejs.sh
Last active July 7, 2024 07:33
onliner to extract endpoints from JS files of a given host
curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu
# using linkfinder
function ejs() {
URL=$1;
curl -Lks $URL | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"\n##### %\";wget --no-check-certificate --quiet \"%\"; basename \"%\" | xargs -I \"#\" sh -c 'linkfinder.py -o cli -i #'"
}
# with file download (the new best one):
# but there is a bug if you don't provide a root url
@hussein98d
hussein98d / ssrf.sh
Created May 7, 2020 02:09
This script takes a domain name and a callback server, parses links , appends SSRF parameters and fire the requests.
echo "Blind SSRF testing - append to parameters and add new parameters @hussein98d"
echo "Usage: bash script.sh domain.com http://server-callbak"
echo "This script uses https://github.com/ffuf/ffuf, https://github.com/lc/gau, https://github.com/tomnomnom/waybackurls"
if [ -z "$1" ]; then
echo >&2 "ERROR: Domain not set"
exit 2
fi
if [ -z "$2" ]; then
echo >&2 "ERROR: Sever link not set"
exit 2