| #!/bin/bash | |
| aquatone-discover -d $1 --threads 10 | |
| aquatone-scan -d $1 --ports huge --threads 10 | |
| DEBUG=nightmare xvfb-run -a aquatone-gather -d $1 --threads 10 | |
| aquatone-takeover -d $1 --threads 10 |
Broken Link Hijacking (BLH) exists whenever a target links to an expired domain or page. Broken Link Hijacking comes in two forms, reflected and stored. This issue has been exploited in the wild numerous times, but surprisingly few researchers actively look for broken links in bug bounty programs.
This post aims to give you a basic overview of the different issues that could possibly arise if a target links to an expired endpoint.
| # | |
| # https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet | |
| # based on the RSnake original http://ha.ckers.org/xss.html | |
| # Retrieved on 2013-11-20 | |
| # Much of this wildly obsolete | |
| # | |
| # XSS Locator 2 | |
| '';!--"<XSS>=&{()} |
| https://forum.bugcrowd.com/ | |
| https://docs.google.com/presentation/d/1PCnjzCeklOeGMoWiE2IUzlRGOBxNp8K5hLQuvBNzrFY/edit#slide=id.g129ec7274d_1_32 | |
| https://leanpub.com/web-hacking-101 | |
| https://bugbountyforum.com/getting-started/intro/ |
| import requests | |
| import sys | |
| import json | |
| def waybackurls(host, with_subs): | |
| if with_subs: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host | |
| else: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host |
| import requests | |
| import re | |
| import sys | |
| from multiprocessing.dummy import Pool | |
| def robots(host): | |
| r = requests.get( | |
| 'https://web.archive.org/cdx/search/cdx\ | |
| ?url=%s/robots.txt&output=json&fl=timestamp,original&filter=statuscode:200&collapse=digest' % host) |
| http://www.123contactform.com/ | |
| http://99designs.com/ | |
| https://www.abacus.com/ | |
| https://www.acquia.com/ | |
| http://www.activecampaign.com/ | |
| http://activeprospect.com/ | |
| http://www.adobe.com/ | |
| https://www.aerofs.com/ | |
| https://www.airbnb.com/ | |
| http://en.altervista.org/ |
| 1375421247 | So, you want to work in security? – Free Code Camp | https://medium.freecodecamp.com/so-you-want-to-work-in-security-bc6c10157d23?gi=3319f2f9d171 | |
| 1392467994 | HackedThat: Breaking in to a hardened server via the back door | http://polynome.co/infosec/inversoft/elasticsearch/linode/penetration-testing/2016/08/16/hack-that-inversoft.html | |
| 1394166342 | So you want to work in security (but are too lazy to read Parisa's excellent essay) | https://lcamtuf.blogspot.ch/2016/08/so-you-want-to-work-in-security-but-are.html?m=1 | |
| 1386106165 | Reverse Engineering x86 101 | http://howto.hackallthethings.com/2016/08/reverse-engineering-x86-101.html | |
| 1387765922 | | http://darksim905.com/~sim/reverse-engineering-notes.txt | |
| 1390056017 | | https://theitgeekchronicles.files.wordpress.com/2012/05/scapyguide1.pdf | |
| 112767402 | Security News | http://www.morningstarsecurity.com/news | |
| 1390252630 | "A small summary about the @SpamAndHex @defcon CTF adventure. Man vs. machine in security. https | https://twitter.com/defcon/sta |
| #!/bin/bash | |
| # | |
| # -- @_bl4de https://twitter/_bl4de | |
| # | |
| # -- This script checks how many programs are listed on | |
| # -- https://bugcrowd.com/list-of-bug-bounty-programs | |
| # | |
| echo "[+] get list of bugbounty programs from Bugcrowd..." | |
| curl --silent -o tmp.list https://bugcrowd.com/list-of-bug-bounty-programs |