$ cat dirtyfile.txt | awk '{gsub(/[[:punct:]]/,"")}1' | tr A-Z a-z | sed 's/[0-9]*//g' | sed -e 's/ //g' | strings | tr -cs '[:alpha:]' '\ ' | sed -e 's/ /\n/g' | tr A-Z a-z | sort -u > cleanfile.txt
awk '!(count[$0]++)' old.txt > new.txt
name = "assetfinder" | |
type = "ext" | |
function vertical(ctx, domain) | |
print("in asset finder") | |
local cmd = outputdir(ctx) .. "assetfinder --subs-only " .. domain | |
local data = assert(io.popen(cmd)) | |
for line in data:lines() do |
# https://twitter.com/brsn76945860/status/1171233054951501824 | |
pip install mmh3 | |
----------------------------- | |
# python 2 | |
import mmh3 | |
import requests | |
response = requests.get('https://cybersecurity.wtf/favicon.ico') | |
favicon = response.content.encode('base64') |
curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu | |
# using linkfinder | |
function ejs() { | |
URL=$1; | |
curl -Lks $URL | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"\n##### %\";wget --no-check-certificate --quiet \"%\"; basename \"%\" | xargs -I \"#\" sh -c 'linkfinder.py -o cli -i #'" | |
} | |
# with file download (the new best one): | |
# but there is a bug if you don't provide a root url |
#!/usr/bin/python3 | |
import requests,sys | |
import urllib3,queue,threading | |
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) | |
headers = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36'} | |
proxies = {'http':'http://127.0.0.1:8080','https':'http://127.0.0.1:8080'} | |
urls_inp = sys.argv[1] |
0 | |
00 | |
01 | |
02 | |
03 | |
1 | |
1.0 | |
10 | |
100 | |
1000 |
$ cat dirtyfile.txt | awk '{gsub(/[[:punct:]]/,"")}1' | tr A-Z a-z | sed 's/[0-9]*//g' | sed -e 's/ //g' | strings | tr -cs '[:alpha:]' '\ ' | sed -e 's/ /\n/g' | tr A-Z a-z | sort -u > cleanfile.txt
awk '!(count[$0]++)' old.txt > new.txt
0 | |
1 | |
11 | |
12 | |
13 | |
14 | |
15 | |
16 | |
17 | |
2 |
#!/bin/bash | |
# Written by Frans Rosén (twitter.com/fransrosen) | |
_debug="$2" #turn on debug | |
_timeout="20" | |
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key | |
_aws_key="AKIA..." | |
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3" | |
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36" |
#!/bin/bash | |
echo "*** Running..." | |
keywords=( | |
"password" | |
"key" | |
"passwd" | |
"secret" | |
) |
## AWS | |
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
http://169.254.169.254/latest/user-data | |
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
http://169.254.169.254/latest/meta-data/ami-id | |
http://169.254.169.254/latest/meta-data/reservation-id | |
http://169.254.169.254/latest/meta-data/hostname | |
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |