Eshan Singh R0X4R

## tweets.txt
subfinder -d target.com -all -silent -t 10 | naabu -p "21,22,80,81,280,300,443,583,591,593,832,981,1010,1099,1311,2082,2087,2095,2096,2480,3000,3128,3333,4243,4444,4445,4567,4711,4712,4993,5000,5104,5108,5280,5281,5601,5800,6543,7000,7001,7002,7396,7474,8000,8001,8008,8009,8014,8042,8060,8069,8080,8081,8083,8088,8090,8091,8095,8118,8123,8172,8181,8222,8243,8280,8281,8333,8337,8443,8500,8530,8531,8834,8880,8887,8888,8983,9000,9001,9043,9060,9080,9090,9091,9092,9200,9443,9502,9800,9981,10000,10250,10443,11371,12043,12046,12443,15672,16080,17778,18091,18092,20720,28017,32000,55440,55672" -silent -nc | httprobe -prefer-https | xargs -P 10 -I @ bash -c "echo @ | gau" 2> /dev/null | grep -E "password|password\-reset|reset\-token|token\=" | anew -q urls.txt
xargs -a urls.txt -P 5 -I @ bash -c "curl -ks -L \"@\" -H \"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36\" | grep -iE \"enter password|new password|new\-password|confirm password|co

## crawler.py
# Import modules that'll be needed to run this tool
import requests
from bs4 import BeautifulSoup
from re import search
from sys import stdin, exit, stdout
from time import sleep
# Hide insecure request warning error
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

## goinstaller.sh
#!/usr/bin/env bash
go_version=$(curl -ks https://golang.org/VERSION?m=text)
red_color="\e[31m"
green_color="\e[32m"
no_color="\e[0m"
type -P go &> /dev/null && echo -e "Current go version is ${green_color}$(go version | awk '{print $3}')${no_color}" || echo -e "${red_color}Go is not installed on your system${no_color}"
echo -e "Downloading latest go into your system - version ${green_color}${go_version}${no_color}"
sudo apt purge --auto-remove golang-go 2> /dev/null &> /dev/null
sudo apt clean &> /dev/null
wget https://dl.google.com/go/${go_version}.linux-amd64.tar.gz -q --no-check-certificate 2> /dev/null

## all-dutch-government.md

      
              3 files
            
          
              18 forks
            
          
              5 comments
            
          
              66 stars
            
          
                R0X4R
                / all-dutch-government.md
            
            
              Last active
              April 29, 2024 09:33
            
              
                Dutch government bug bounty scope. Updates will pushed every month
              
          
    Dutch Government Bug Bounty Scope

The National Cyber Security Centre (NCSC) contributes to jointly enhancing the resilience of the Dutch society in the digital domain and, in doing so, realizes a safe, open and stable information society by providing insight and offering a perspective for action. Therefore it is essential that the ICT systems of the NCSC are safe. The NCSC strives towards providing a high level of security for its system. However, it can occur that one of these systems has a vulnerability.
For more information about reporting the bugs go to https://english.ncsc.nl/contact/reporting-a-vulnerability-cvd
Source
https://gist.github.com/random-robbie/f985ad14fede2c04ac82dd89653f52ad 

https://www.communicatierijk.nl/vakkennis/r/rijkswebsites/verplichte-richtlijnen/websiteregister-rijksoverheid

  
## inxss.sh
#!/bin/bash
#Requirements: KXSS(https://github.com/Emoe/kxss), Dalfox (https://github.com/hahwul/dalfox), QSreplace(https://github.com/tomnomnom/qsreplace)
#Preparation: subfinder -d target.tld -all -silent | httpx -silent | gauplus --random-agent -b eot,jpg,jpeg,gif,css,tif,tiff,png,ttf,otf,woff,woff2,ico,pdf,svg,txt -t 100 -o params.txt && cat params.txt | gf xss | sed "s/'/ /g" | sed "s/(/ /g" | sed "s/)/ /g" | qsreplace "FUZZ" 2> /dev/null | anew -q testparams.txt
#Usage: ./inxss.sh testparams.txt target.tld
lists=$1
mkout=$(echo -e "$2_$(date +%F_%H_%M_%S)")
mkdir -p $mkout
echo -e "Total $(cat $1 | wc -l) targets loaded"
sleep 6s
echo -e "[$(date +"%F %H:%M:%S")] Starting scan..."

## taskkiller.sh
#!/bin/bash
# Task Killer
# Helps you to kill unnecessary tasks running on linux and ubuntu.
echo -e "$1 - Killing task..."
totaltask=$(ps aux | grep "$1" | sed '/grep/d' | wc -l)
echo -e "Total $totaltask tasks found"
sleep 3s
ps aux | grep "$1" | sed '/grep/d' | awk '{print $2}' | while read -r line; do kill $line; done &> /dev/null
exit 1

## protpscan.sh
#!/bin/bash
targets=$1
mkdir -p protpscan
# requirements: https://github.com/detectify/page-fetch, https://github.com/tomnomnom/waybackurls, https://github.com/bp0lr/gauplus, https://github.com/R0X4R/Fuzzy, https://github.com/jaeles-project/gospider, https://snapcraft.io/chromium
# usage: subfinder -d target.com -all -silent | httpx -silent | anew -q /home/targets.txt && ./protpscan.sh /home/targets.txt
cd protpscan 2> /dev/null
echo -e "Total $(cat $targets | wc -l) domains loaded to scan"
echo -e "Increasing scope..."
xargs -a $targets -P 50 -I % bash -c "echo % | waybackurls" 2> /dev/null | anew -q wayback.txt
cat $targets | gauplus --random-agent -b eot,jpg,jpeg,gif,css,tif,tiff,png,ttf,otf,woff,woff2,ico,pdf,svg,txt -t 300 -o gauplus.txt &> /dev/null

## cudns.txt
alpblog
www
%20%20%20%20s3
%20%20www
%20.
%20675-ybi-674
%20assets
%20b92
%20connect
%20databank

## chakshu.sh
#!/bin/bash
# requirements: chromium or chrome browser (sudo apt update && sudo apt install snapd && sudo systemctl start snapd.service && sudo snap install chromium)
# usage: subfinder -d target.com -all -silent | httpx -silent | xargs -P 50 -I % bash -c "./chakshu.sh %"
echo -e "[CHAKSHU] - Taking screenshot of $1"
domain=$1
output=$(echo $1 | awk -F// '{print $NF}' | sed -E 's/[\.\|:]+/_/g')
mkdir -p screenshots
# all the screenshots will be saved in screenshots folder
/snap/bin/chromium --no-sandbox --headless --disable-gpu --window-size=1280,720 --screenshot $domain --screenshot=screenshots/$output.jpg > /dev/null 2>&1
exit 1

## sstipayloads.txt
check-ssti{{7*7}}[[1*1]]
check-ssti{{7*7}}
check-ssti{{7*'7'}}
check-ssti<%= 7 * 7 %>
check-ssti${7*7}
check-ssti${{7*7}}
check-ssti@(7*7)
check-ssti#{7*7}
check-ssti#{ 7 * 7 }
	# Import modules that'll be needed to run this tool
	import requests
	from bs4 import BeautifulSoup
	from re import search
	from sys import stdin, exit, stdout
	from time import sleep
	# Hide insecure request warning error
	from requests.packages.urllib3.exceptions import InsecureRequestWarning
	requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
	#!/usr/bin/env bash
	go_version=$(curl -ks https://golang.org/VERSION?m=text)
	red_color="\e[31m"
	green_color="\e[32m"
	no_color="\e[0m"
	type -P go &> /dev/null && echo -e "Current go version is ${green_color}$(go version \| awk '{print $3}')${no_color}" \|\| echo -e "${red_color}Go is not installed on your system${no_color}"
	echo -e "Downloading latest go into your system - version ${green_color}${go_version}${no_color}"
	sudo apt purge --auto-remove golang-go 2> /dev/null &> /dev/null
	sudo apt clean &> /dev/null
	wget https://dl.google.com/go/${go_version}.linux-amd64.tar.gz -q --no-check-certificate 2> /dev/null
	#!/bin/bash
	#Requirements: KXSS(https://github.com/Emoe/kxss), Dalfox (https://github.com/hahwul/dalfox), QSreplace(https://github.com/tomnomnom/qsreplace)
	#Preparation: subfinder -d target.tld -all -silent \| httpx -silent \| gauplus --random-agent -b eot,jpg,jpeg,gif,css,tif,tiff,png,ttf,otf,woff,woff2,ico,pdf,svg,txt -t 100 -o params.txt && cat params.txt \| gf xss \| sed "s/'/ /g" \| sed "s/(/ /g" \| sed "s/)/ /g" \| qsreplace "FUZZ" 2> /dev/null \| anew -q testparams.txt
	#Usage: ./inxss.sh testparams.txt target.tld
	lists=$1
	mkout=$(echo -e "$2_$(date +%F_%H_%M_%S)")
	mkdir -p $mkout
	echo -e "Total $(cat $1 \| wc -l) targets loaded"
	sleep 6s
	echo -e "[$(date +"%F %H:%M:%S")] Starting scan..."
	#!/bin/bash
	# Task Killer
	# Helps you to kill unnecessary tasks running on linux and ubuntu.
	echo -e "$1 - Killing task..."
	totaltask=$(ps aux \| grep "$1" \| sed '/grep/d' \| wc -l)
	echo -e "Total $totaltask tasks found"
	sleep 3s
	ps aux \| grep "$1" \| sed '/grep/d' \| awk '{print $2}' \| while read -r line; do kill $line; done &> /dev/null
	exit 1
	#!/bin/bash
	targets=$1
	mkdir -p protpscan
	# requirements: https://github.com/detectify/page-fetch, https://github.com/tomnomnom/waybackurls, https://github.com/bp0lr/gauplus, https://github.com/R0X4R/Fuzzy, https://github.com/jaeles-project/gospider, https://snapcraft.io/chromium
	# usage: subfinder -d target.com -all -silent \| httpx -silent \| anew -q /home/targets.txt && ./protpscan.sh /home/targets.txt
	cd protpscan 2> /dev/null
	echo -e "Total $(cat $targets \| wc -l) domains loaded to scan"
	echo -e "Increasing scope..."
	xargs -a $targets -P 50 -I % bash -c "echo % \| waybackurls" 2> /dev/null \| anew -q wayback.txt
	cat $targets \| gauplus --random-agent -b eot,jpg,jpeg,gif,css,tif,tiff,png,ttf,otf,woff,woff2,ico,pdf,svg,txt -t 300 -o gauplus.txt &> /dev/null
	alpblog
	www
	%20%20%20%20s3
	%20%20www
	%20.
	%20675-ybi-674
	%20assets
	%20b92
	%20connect
	%20databank
	#!/bin/bash
	# requirements: chromium or chrome browser (sudo apt update && sudo apt install snapd && sudo systemctl start snapd.service && sudo snap install chromium)
	# usage: subfinder -d target.com -all -silent \| httpx -silent \| xargs -P 50 -I % bash -c "./chakshu.sh %"
	echo -e "[CHAKSHU] - Taking screenshot of $1"
	domain=$1
	output=$(echo $1 \| awk -F// '{print $NF}' \| sed -E 's/[\.\\|:]+/_/g')
	mkdir -p screenshots
	# all the screenshots will be saved in screenshots folder
	/snap/bin/chromium --no-sandbox --headless --disable-gpu --window-size=1280,720 --screenshot $domain --screenshot=screenshots/$output.jpg > /dev/null 2>&1
	exit 1
	check-ssti{{77}}[[11]]
	check-ssti{{7*7}}
	check-ssti{{7*'7'}}
	check-ssti<%= 7 * 7 %>
	check-ssti${7*7}
	check-ssti${{7*7}}
	check-ssti@(7*7)
	check-ssti#{7*7}
	check-ssti#{ 7 * 7 }