Skip to content

Instantly share code, notes, and snippets.

View daudmalik06's full-sized avatar
🎯
Focusing

Dawood Ikhlaq daudmalik06

🎯
Focusing
View GitHub Profile
@daudmalik06
daudmalik06 / google-dorks
Created May 13, 2019 11:14 — forked from stevenswafford/google-dorks
Listing of a number of useful Google dorks.
" _ _ "
" _ /|| . . ||\ _ "
" ( } \||D ' ' ' C||/ { % "
" | /\__,=_[_] ' . . ' [_]_=,__/\ |"
" |_\_ |----| |----| _/_|"
" | |/ | | | | \| |"
" | /_ | | | | _\ |"
It is all fun and games until someone gets hacked!
@daudmalik06
daudmalik06 / converter.sh
Created May 28, 2018 07:39 — forked from xdavidhu/converter.sh
Converter.sh, a bash script to convert domain lists to resolved IP lists without duplicates
# Converter.sh by @xdavidhu
# This is a script inspired by the Bug Hunter's Methodology 3 by @Jhaddix
# With this script, you can convert domain lists to resolved IP lists without duplicates.
# Usage: ./converter.sh [domain-list-file] [output-file]
echo -e "[+] Converter.sh by @xdavidhu\n"
if [ -z "$1" ] || [ -z "$2" ]; then
echo "[!] Usage: ./converter.sh [domain-list-file] [output-file]"
exit 1
fi
@daudmalik06
daudmalik06 / content_discovery_all.txt
Created May 27, 2018 21:29 — forked from jhaddix/content_discovery_all.txt
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
`
~/
~
ים
___
__
_
---
<?php
if (! function_exists('validationRules'))
{
/**
* return the validation rules of provided type
* from validation config
* @param string $validationType
* @param string|array|null $ruleKeys , rules to return
@daudmalik06
daudmalik06 / Burp certificate on Android
Created May 1, 2018 09:47 — forked from PaulSec/Burp certificate on Android
Add your Burp certificate on an Android device
To do so:
1. Export your Burp Certificate
Proxy > Options > CA Certificate > Export in DER format
2. Convert it to PEM
openssl x509 -inform der -in cacert.der -out burp.pem
3. Download it on the device
@daudmalik06
daudmalik06 / reddit.sh
Created April 29, 2018 10:39 — forked from EdOverflow/reddit.sh
Use reddit.com for recon purposes.
#!/bin/bash
# Variables
BOLD='\033[1m'
END='\033[0m'
# Queries
site_results=$(curl -Ls "https://www.reddit.com/search?q=site%3A$1" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" | tidy -q 2> /dev/null | grep "search-link")
url_results=$(curl -Ls "https://www.reddit.com/search?q=url%3A$1" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" | tidy -q 2> /dev/null | grep "search-link")
self_results=$(curl -Ls "https://www.reddit.com/search?q=selftext%3A$1" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" | grep "search-title")
@daudmalik06
daudmalik06 / github_bugbountyhunting.md
Created March 20, 2018 09:31 — forked from EdOverflow/github_bugbountyhunting.md
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@daudmalik06
daudmalik06 / all.txt
Created March 7, 2018 08:39 — forked from jhaddix/all.txt
dnsall
This file has been truncated, but you can view the full file.
@
*
0
00
0-0
000
0000
00000
000000
@daudmalik06
daudmalik06 / addAttendee.php
Created July 28, 2017 09:10 — forked from AFelipeTrujillo/addAttendee.php
Use Google Calendar API
<?php
include_once 'google-api-php-client/vendor/autoload.php';
$client = new Google_Client();
$application_creds = 'service-account-credentials.json';
$credentials_file = file_exists($application_creds) ? $application_creds : false;
define("SCOPE",Google_Service_Calendar::CALENDAR);
define("APP_NAME","Google Calendar API PHP");