Diaa-Hassan

Description

This is a simple guide to perform javascript recon in the bugbounty

Steps

• The first step is to collect possibly several javascript files (more files = more paths,parameters -> more vulns)

Diaa-Hassan

#!/bin/bash

# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"

Diaa-Hassan

import requests
import sys
import json


def waybackurls(host, with_subs):
    if with_subs:
        url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host
    else:
        url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host

Diaa-Hassan

#!/bin/bash
export DEBIAN_FRONTEND=noninteractive;
echo "[*] Starting Install... [*]"
echo "[*] Upgrade installed packages to latest [*]"
echo -e "\nRunning a package upgrade...\n"
apt-get -qq update && apt-get -qq dist-upgrade -y
apt full-upgrade -y
apt-get autoclean

echo "[*] Install stuff I use all the time [*]"

Diaa-Hassan

Mysql Bruteforce

nmap --script=mysql-brute

MS SQL Bruteforce

nmap -p 1433 --script ms-sql-brute

pgsql Bruteforce

nmap -p 5432 --script pgsql-brute

snmp Bruteforce

Diaa-Hassan

/$USER_wrdp1.sql
/$USER_wpdb.sql
/home/$USER/mail/dovecot-uidlist
/var/spool/exim/input/i/1lE8Ii-0006Gf-LV-D
/var/log/cpanel-install.log
/var/log/exim_mainlog
/var/log/mysqld.log
/var/log/cron
/var/log/maillog
/var/log/exim_mainlog-20210221.gz

Diaa-Hassan

██████╗ ███████╗ ██████╗ ██████╗ ███╗   ██╗
██╔══██╗██╔════╝██╔════╝██╔═══██╗████╗  ██║
██████╔╝█████╗  ██║     ██║   ██║██╔██╗ ██║
██╔══██╗██╔══╝  ██║     ██║   ██║██║╚██╗██║
██║  ██║███████╗╚██████╗╚██████╔╝██║ ╚████║
╚═╝  ╚═╝╚══════╝ ╚═════╝ ╚═════╝ ╚═╝  ╚═══╝
                                           
           @intx0x80                              

Diaa-Hassan

# https://twitter.com/brsn76945860/status/1171233054951501824
pip install mmh3

-----------------------------
# python 2
import mmh3
import requests
 
response = requests.get('https://cybersecurity.wtf/favicon.ico')
favicon = response.content.encode('base64')

Diaa-Hassan

//https://golangcode.com/headless-chrome-screenshot/

package main

import (
	"context"
	"io/ioutil"
	"log"

	"github.com/chromedp/cdproto/page"

Diaa-Hassan

#!/bin/bash

echo +++++++++++++++++++++++++++++++++++++++++
echo Randomize Hostname and Renew IP
echo by Aung Khant, http://yehg.net
echo +++++++++++++++++++++++++++++++++++++++++
echo

########################################################
sleep 1