Faid Md Amine faidamine
faidamine
/ pentest cheat sheet
Created
March 4, 2021 09:40
— forked from githubfoam/pentest cheat sheet
pentest cheat sheet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ---------------------------------------------------------------------------------------------------- | |
| (netcat or nc or ncat) | |
| #Use Netcat as a Simple Web Server | |
| vi index.html #make a simple HTML file | |
| printf 'HTTP/1.1 200 OK\n\n%s' "$(cat index.html)" | netcat -l 8888 # | |
| http://server_IP:8888 #access the content,serve the page, and then the netcat connection will close | |
| "while true; do printf 'HTTP/1.1 200 OK\n\n%s' "$(cat index.html)" | netcat -l 8888; done" #have netcat serve the page indefinitely by wrapping the last command in an infinite loop | |
| netcat -z -v domain.com 1-1000 #scan all ports up to 1000 |
faidamine
/ setup_bbty.sh
Created
October 27, 2019 01:37
— forked from LuD1161/setup_bbty.sh
Setup Bug Bounty Tools on AWS instance / any VPS for that matter
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Execute as wget -O - gist_url | bash | |
| # | |
| # Couldn't add gist url as, it changes after every update i.e. as soon as I save this, it's url will change :p | |
| # | |
| # It's debian based, so for centos and likewise you have to change apt to yum and similarly | |
| # | |
| InstallationStartTime=$(date +%s) |
faidamine
/ sqlmap tamper scripts
Created
October 16, 2019 18:01
— forked from sapran/sqlmap tamper scripts
sqlmap tamper scripts grouped by DBMS Copied from: https://prakash-khadka.com.np/wp-content/uploads/pdf/www-moonsec-com.pdf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # All scripts | |
| ``` | |
| --tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords | |
| ``` | |
| # General scripts | |
| ``` | |
| --tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes | |
| ``` | |
| # Microsoft access | |
| ``` |
faidamine
/ exploit.py
Created
April 25, 2019 22:59
— forked from ayoubfathi/exploit.py
PoC for shopify vulnerability
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| import requests | |
| import bs4 as bs | |
| from concurrent.futures import ThreadPoolExecutor | |
| from concurrent.futures import ProcessPoolExecutor | |
| try: | |
| import requests.packages.urllib3 | |
| requests.packages.urllib3.disable_warnings() | |
| except Exception: | |
| pass |
faidamine
/ shopify.py
Created
April 25, 2019 22:59
— forked from ayoubfathi/shopify.py
Given a wordlist this will look for revenue data of shopify stores
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| import requests | |
| import bs4 as bs | |
| from concurrent.futures import ThreadPoolExecutor | |
| from concurrent.futures import ProcessPoolExecutor | |
| try: | |
| import requests.packages.urllib3 | |
| requests.packages.urllib3.disable_warnings() | |
| except Exception: | |
| pass |
faidamine
/ revip.py
Created
April 25, 2019 22:58
— forked from ayoubfathi/revip.py
Using YouGetSignal API to get domains hosted on the same IP - Reverse IP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import json | |
| import sys | |
| import argparse | |
| _strip = ['http://', 'https://', 'www'] | |
| G = '\033[92m' | |
| Y = '\033[93m' |
faidamine
/ github-recon
Created
September 24, 2018 08:38
— forked from nikallass/github-recon
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| “Hackme.tld” API_key | |
| “Hackme.tld” secret_key | |
| “Hackme.tld” aws_key | |
| “Hackme.tld” Password | |
| “Hackme.tld” FTP | |
| “Hackme.tld” login | |
| “Hackme.tld” github_token | |
| “Hackme.tld” http:// & https:// | |
| “Hackme.tld” amazonaws | |
| “Hackme.tld” digitaloceanspaces |