njmulsqb

Awesome-Security-Repos

Here's a list of github repos and tools that I believe are awesome and should be promoted and used.

Source Code Analysis

1. Semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
2. RegexPassive - Collection of regexp pattern for security passive scanning
3. Secure Codebox - secureCodeBox (SCB) - continuous secure delivery out of the box

Wordlist and Payloads

scumdestroy

#!/bin/sh

echo "\nTIME TO DROP OSBOMBS ON YOU, BOYEEEEEE\n»»————-　☠　————-««\n""

echo "HERE COME DA ASSETS\n»»————-　☠　————-««\n"
assets
cat "/root/.osmedeus/storages/$1/assets/*" | tee ~/opps/osmedeus-$1

echo "\n\n HTTP OK THEN \n»»————-　☠　————-««\n"
cat "/root/.osmedeus/storages/$1/http/*" | tee -a  ~/opps/osmedeus-$1

nullenc0de

curl https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json |jq -r '.vulnerabilities[].cveID' > cves.txt

subfinder -d tesla.com -silent |dnsx -silent -a -resp-only |sort -u |xargs -n1 -P 1500 -I% curl -s http://networktools.nl/whois/$url% |grep "CIDR" |cut -d : -f2 |tr , "\n"| awk '{$1=$1};1' |sort -u |egrep -v "/8|/9|/10|/11|/12|/13|/14|/15|/16" |while read ip ;do whois -h whois.cymru.com " -v $ip" ;done |grep -v "BGP Prefix" |cut -d '|' -f3  |awk '{$1=$1};1' |sort -u |cidr2ip |sort -u |nrich - |grep -B4 -f cves.txt | tee shodan.txt; slackcat --channel bugbounty --filename shodan.txt

drgreenthumb93

Forked from various GitHub-repos

(There might be some duplicates...)

Scripts that need to be installed

To run the project, you will need to install the following programs:

• Amass
• Anew
• Anti-burl

ruevaughn

https://github.com/digitalocean/droplet-1-clicks



https://www.kali.org/docs/cloud/digitalocean/
https://fai-project.org/FAIme/#

https://www.geeksforgeeks.org/top-5-digital-ocean-alternatives/

ruevaughn

https://medium.com/cyberverse/bug-bounty-with-bash-438596ff72f5
while read sub; do if host “$sub.example.com” &> /dev/null; then echo “$sub.example.com”; fi; done < subdomains_wordlist.txt

[Alterenative one-lizers[(https://www.gnu.org/software/datamash/alternatives/)

https://kathan19.gitbook.io/howtohunt/subdomain-takeover/easy_methods

https://twitter.com/bashoneliners
https://www.rexegg.com/regex-perl-one-liners.html

KathanP19

#!/bin/bash

function first(){
echo "First Function";
}

function second(){
echo "Second Function";
}

ruevaughn

                         ╔╦╗╦ ╦  ╔╗ ┬ ┬┌─┐  ╔╗ ┌─┐┬ ┬┌┐┌┬┐┬ ┬  ╦═╗┌─┐┌─┐┌─┐┬ ┬┬─┐┌─┐┌─┐┌─┐
                         ║║║╚╦╝  ╠╩╗│ ││ ┬  ╠╩╗│ ││ │││││ └┬┘  ╠╦╝├┤ └─┐│ ││ │├┬┘│  ├┤ └─┐
                         ╩ ╩ ╩   ╚═╝└─┘└─┘  ╚═╝└─┘└─┘┘└┘┴  ┴   ╩╚═└─┘└─┘└─┘└─┘┴└─└─┘└─┘└─┘
                                          
                                           //
                              ()==========>>======================================--
                                           \\


2FA Bypass

bugbountynights

${ctx:loginId}
${map:type}
${filename}
${date:MM-dd-yyyy}
${docker:containerId}
${docker:containerName}
${docker:imageName}
${env:USER}
${event:Marker}
${mdc:UserId}

tedmdelacruz

# Download all URLs from a text file
while read line; do; wget $line; done<urls.txt

# Quick probe of an asset
function probe(){
        TARGET=$1
        whatweb $TARGET
        gau $TARGET
        echo $TARGET | waybackurls
        ffuf -v -mc 200,401,500 -c -w ~/wordlists/configfiles -u $TARGET/FUZZ