This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head></head> | |
<body> | |
<a href="javascript: alert('clicked xss link')" id="link">click me</a> | |
<img src="xx" onerror="alert('xss')" /> | |
</body> | |
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
google dork -> site:.co.uk inurl:"responsible disclosure" | |
https://registry.internetnz.nz/about/vulnerability-disclosure-policy/ | |
http://www.123contactform.com/security-acknowledgements.htm | |
https://18f.gsa.gov/vulnerability-disclosure-policy/ | |
https://support.1password.com/security-assessments/ | |
https://www.23andme.com/security-report/ | |
https://www.abnamro.com/en/footer/responsible-disclosure.html | |
https://www.accenture.com/us-en/company-accenture-responsible-disclosure | |
https://www.accredible.com/white_hat/ | |
https://www.acquia.com/how-report-security-issue |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python3 | |
import requests,sys | |
import urllib3,queue,threading | |
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) | |
headers = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36'} | |
proxies = {'http':'http://127.0.0.1:8080','https':'http://127.0.0.1:8080'} | |
urls_inp = sys.argv[1] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
curl -s "http://web.archive.org/cdx/search/cdx?url=*.bugcrowd.com/*&output=text&fl=original&collapse=urlkey" | grep -P "=" | sed "/\b\(jpg\|png\|js\|svg\|css\|gif\|jpeg\|woff\|woff2\)\b/d" > Output.txt ; for i in $(cat Output.txt);do URL="${i}"; LIST=(${URL//[=&]/=FUZZ&}); echo ${LIST} | awk -F'=' -vOFS='=' '{$NF="FUZZ"}1;' >> Passive_Collecting_URLParamter.txt ; done ; rm Output.txt ; sort -u Passive_Collecting_URLParamter.txt > Passive_Collecting_URLParamter_Uniq.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"30523382": { | |
"className": "Proxy", | |
"data": { | |
"bypassFPForPAC": true, | |
"color": "#f57575", | |
"configUrl": "", | |
"credentials": "U2FsdGVkX1+tf3lvD5TBClW2UUSZAT4AWsCo/i0kU2M=", | |
"cycle": false, | |
"enabled": true, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"84kr3q1592995213323": { | |
"type": 1, | |
"color": "#cc883a", | |
"title": "Burp", | |
"active": true, | |
"address": "127.0.0.1", | |
"port": 8080, | |
"proxyDNS": false, | |
"username": "", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import boto3,sys,time,requests | |
import botocore.exceptions | |
from urllib3.exceptions import InsecureRequestWarning | |
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) | |
import datetime,os | |
os.environ['AWS_DEFAULT_REGION'] = 'us-east-1' | |
s3 = boto3.resource('s3') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import sys | |
import re | |
import urllib,bs4 | |
response = requests.get('%s/console' % (sys.argv[1])) | |
if "Werkzeug powered traceback interpreter" not in response.text: | |
print("[-] Debug is not enabled") | |
sys.exit(-1) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import numpy as np | |
import pandas as pd | |
from binance.helpers import * | |
from binance.client import Client | |
from binance.websockets import BinanceSocketManager | |
client = Client('API','SECRET') | |
bm = BinanceSocketManager(client) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
wget https://gist.githubusercontent.com/nullenc0de/bb16be959686295b3b1caff519cc3e05/raw/2016dc0e692821ec045edd5ae5c0aba5ec9ec3f1/api-linkfinder.yaml | |
echo https://stripe.com/docs/api | hakrawler -t 500 -d 10 |nuclei -t ./linkfinder.yaml -o api.txt | |
cat api.txt |grep url_params |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_params.txt | |
cat api.txt |grep relative_links |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_link_finder.txt |