Skip to content

Instantly share code, notes, and snippets.

View haccer's full-sized avatar
🔥
We are so back

Cody Zacharias haccer

🔥
We are so back
View GitHub Profile
@haccer
haccer / scanio.sh
Last active November 9, 2024 03:49
PoC script to mass-locate vulnerable subdomains using results from Rapid7's Project Sonar
#!/bin/bash
# Usage : ./scanio.sh <save file>
# Example: ./scanio.sh cname_list.txt
# Premium
function ech() {
spinner=( "|" "/" "-" "\\" )
while true; do
for i in ${spinner[@]}; do
echo -ne "\r[$i] $1"
@haccer
haccer / install_go.sh
Created August 29, 2018 06:10
Bash script to install the latest version of Go (For linux)
#!/bin/bash
# Bash script to install the latest version of Go (For linux)
# Get current version of Go for 64-bit Linux
CUR=$(curl -s https://golang.org/dl/ | grep linux-amd64 | grep 'download downloadBox' | cut -d'"' -f4)
# Download Go
wget $CUR
# Get filename
@haccer
haccer / encode.py
Created September 8, 2018 23:45
An overkill directory traversal fuzzing-wordlist generator.
#!/usr/bin/env python3
# An overkill directory traversal fuzzing wordlist generator.
# Creates approx. 931 items.
import base64
import sys
import urllib.parse
string = sys.argv[1]
# Encodings taken dotdotpwn
aaa
aaas
about
acap
acct
acr
adiumxtra
afp
afs
aim
@haccer
haccer / account_checker.sh
Created January 31, 2018 12:37
PoC Email Account Checker - Checks for emails that don't exist so they can be (re)created
#!/bin/bash
# PoC Email Account Checker - Checks for emails that don't exist so they can be (re)created
# Use Chrome's Network tab to view the URL that makes these type of requests.
# This is just a PoC, you can add in other email services along with other domains the current ones provide.
# URLs have been working all night, but might need to be updated in the future.
#
# Usage: ./account_checker.sh <email_list>
function google() {
# Post data
@haccer
haccer / alexa.sh
Created April 18, 2018 07:26
Gather domains in the Alexa top 1 million
#!/bin/bash
# This script will fetch the Alexa top 1 million domains and prepare them how I like it.
# Check if unzip is installed
[ -f /usr/bin/unzip ] || sudo apt-get install unzip
# Get Alexa Top 1 mil
wget -q --show-progress http://s3.amazonaws.com/alexa-static/top-1m.csv.zip
# Unzip
#!/usr/bin/env python3
# Google Groups v1
# python3 ggroup.py domains.txt
import requests
import re
import sys
with open(sys.argv[1]) as f:
sites = f.read().splitlines()
@haccer
haccer / keybase.py
Created July 13, 2018 21:13
Extract emails from PGP keys
#!/usr/bin/env python
import requests, base64, re, sys
r = requests.get("https://keybase.io/" + sys.argv[1] + "/key.asc")
body = r.text.split("\n\n")
key = body[1].split("-----")
for email in re.findall(r' <(.*?)>', str(base64.b64decode(key[0]))):
print(email)
@haccer
haccer / chromeExtDL.sh
Created September 8, 2018 23:51
Download Chrome Extension Source Code
#!/bin/bash
# ./chromeExtDL.sh <extension id> <path to save location>
curl -s -L -o "/tmp/$1.zip" "https://clients2.google.com/service/update2/crx?response=redirect&os=mac&arch=x86-64&nacl_arch=x86-64&prod=chromecrx&prodchannel=stable&prodversion=44.0.2403.130&x=id%3D$1%26uc"
unzip -d $2 /tmp/$1.zip
rm /tmp/$1.zip
@haccer
haccer / all.txt
Last active June 29, 2018 00:08 — forked from jhaddix/all.txt
all wordlists for every dns enumeration tool... ever.
This file has been truncated, but you can view the full file.
0
00
0-0
000
0000
00000
000000
000005
00001
00002