Amal Murali amalmurali47

## bucket-disclose.sh
#!/bin/bash

# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"

## converter.sh
#!/bin/bash
# Converter.sh by @xdavidhu
# This is a script inspired by the Bug Hunter's Methodology 3 by @Jhaddix
# With this script, you can convert domain lists to resolved IP lists without duplicates.
# Usage: ./converter.sh [domain-list-file] [output-file]

echo -e "[+] Converter.sh by @xdavidhu\n"
if [ -z "$1" ] || [ -z "$2" ]; then
  echo "[!] Usage: ./converter.sh [domain-list-file] [output-file]"
  exit 1

## gist:52a34ccf3cefcd4c315a7289f0506ba5
./scripts/subbrute.py lists/names_small.txt LASDFALSKJDFLKAJSDLFKJALKSDFJLKAJD.COM | ./massdns -r lists/resolvers.txt -t A -o Snqr -w results.txt
for i in $(grep -Ev 'NXDOMAIN' results.txt | grep -v ' A ' | cut -d':' -f 1 | sort -u); do sed -i -e "/$i/d" lists/resolvers.txt; done

## alert.js
// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:

// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);

## anonymous
Users and their passwords attempts
[0]
      4
      1
      1  -
      2  !
      2  !@
      1  &
      1  0
      3  0000

## github_bugbountyhunting.md

      
              1 file
            
          
              98 forks
            
          
              15 comments
            
          
              532 stars
            
          
                EdOverflow
                / github_bugbountyhunting.md
            
            
              Last active
              May 22, 2024 09:01
            
              
                My tips for finding security issues in GitHub projects.
              
          
    GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.
Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.
$ python githubcloner.py --org organization -o /tmp/output

  
## php-curl-crlf-injection.mkd

      
              1 file
            
          
              8 forks
            
          
              2 comments
            
          
              20 stars
            
          
                tomnomnom
                / php-curl-crlf-injection.mkd
            
            
              Last active
              February 27, 2023 20:19
            
              
                CRLF Injection Into PHP's cURL Options
              
          
    CRLF Injection Into PHP's cURL Options

I spent the weekend meeting hackers in Vegas, and I got talking to one of them about
CRLF Injection. They'd not seen many CRLF Injection vulnerabilities in the wild, so
I thought I'd write up an example that's similar to something I found a few months ago.
If you're looking for bugs legally through a program like hackerone,
or you're a programmer wanting to write secure PHP: this might be useful to you.

  
## bucket-names-deduplicated.txt
graphql
terraform
supportuploads
supportmedia
supportdocs
helpcenter
helpcentre
helpmedia
knowledgebase
kbfiles

## Wannacrypt0r-FACTSHEET.md

      
              1 file
            
          
              158 forks
            
          
              267 comments
            
          
              713 stars
            
          
                rain-1
                / Wannacrypt0r-FACTSHEET.md
            
            
              Last active
              March 10, 2024 11:03
                — forked from Epivalent/Wannacrypt0r-FACTSHEET.md
            
          
    WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm


Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

  
## amazon_review_scraper.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Written as part of https://www.scrapehero.com/how-to-scrape-amazon-product-reviews-using-python/
from lxml import html
import json
import requests
import json,re
from dateutil import parser as dateparser
from time import sleep
	#!/bin/bash

	# Written by Frans Rosén (twitter.com/fransrosen)
	_debug="$2" #turn on debug
	_timeout="20"
	#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
	_aws_key="AKIA..."
	H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
	H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"
	#!/bin/bash
	# Converter.sh by @xdavidhu
	# This is a script inspired by the Bug Hunter's Methodology 3 by @Jhaddix
	# With this script, you can convert domain lists to resolved IP lists without duplicates.
	# Usage: ./converter.sh [domain-list-file] [output-file]

	echo -e "[+] Converter.sh by @xdavidhu\n"
	if [ -z "$1" ] \|\| [ -z "$2" ]; then
	echo "[!] Usage: ./converter.sh [domain-list-file] [output-file]"
	exit 1
	./scripts/subbrute.py lists/names_small.txt LASDFALSKJDFLKAJSDLFKJALKSDFJLKAJD.COM \| ./massdns -r lists/resolvers.txt -t A -o Snqr -w results.txt
	for i in $(grep -Ev 'NXDOMAIN' results.txt \| grep -v ' A ' \| cut -d':' -f 1 \| sort -u); do sed -i -e "/$i/d" lists/resolvers.txt; done
	// How many ways can you alert(document.domain)?
	// Comment with more ways and I'll add them :)
	// I already know about the JSFuck way, but it's too long to add (:

	// Direct invocation
	alert(document.domain);
	(alert)(document.domain);
	al\u0065rt(document.domain);
	al\u{65}rt(document.domain);
	window['alert'](document.domain);
	Users and their passwords attempts
	[0]
	4
	1
	1 -
	2 !
	2 !@
	1 &
	1 0
	3 0000
	graphql
	terraform
	supportuploads
	supportmedia
	supportdocs
	helpcenter
	helpcentre
	helpmedia
	knowledgebase
	kbfiles
	#!/usr/bin/env python
	# -- coding: utf-8 --
	# Written as part of https://www.scrapehero.com/how-to-scrape-amazon-product-reviews-using-python/
	from lxml import html
	import json
	import requests
	import json,re
	from dateutil import parser as dateparser
	from time import sleep