Skip to content

Instantly share code, notes, and snippets.

View ihebski's full-sized avatar
🔥

Ihebski ihebski

🔥
819 followers · 891 following
View GitHub Profile
@ihebski
ihebski / rev.3.2.1.in-addr.arpa
Created April 26, 2020 17:01
@ IN SOA takengo.com. host.takengo.com. (
2010081401;
28800;
604800;
604800;
86400 );
IN NS ns1.takengo.com.
4 IN PTR takengo.com.
@ihebski
ihebski / logstash-nginx-es.conf
Created April 30, 2020 23:13
logstash-7.4 config file for ngnix access.log/ error.log
input {
file {
path => ["/var/log/nginx/access.log", "/var/log/nginx/error.log"]
type => "nginx"
}
}
filter {
if [path] =~ "access.log" {
@ihebski
ihebski / squid as a transparent proxy - port 80
Created July 9, 2020 14:04
http_port 80
http_access allow all
@ihebski
ihebski / BIG-IPF5_CVE-2020-5902.sh
Created August 2, 2020 12:21
Check for BIG-IP F5 CVE-2020-5902 over the network
#!/bin/bash
#
# BIG-IPF5(CVE-2020-5902)
#
# Usage :
# $ echo "host1 host2 host3" | ./scanner
# $ cat myservers | ./scanner
#
servers="$(cat)"
@ihebski
ihebski / scan_cisco_asa_CVE-2020-3452.sh
Created August 2, 2020 12:22
Scan CISCO ASA path traversal for several servers
#!/bin/bash
#
# CISCO ASA path traversal and Firepower Threat Defense - CVE-2020-3452
# Payload : @aboul3la
#
# Usage :
# $ echo "host1 host2 host3" | ./scanner
# $ cat myservers | ./scanner
#
servers="$(cat)"
@ihebski
ihebski / resolve-domains.sh
Created August 2, 2020 13:13
resolve DNS for list of subdomains (BB)
#!/bin/bash
#
# Usage :
# $ echo "host1 host2 host3" | ./scanner
# $ cat myservers | ./scanner
#
servers="$(cat)"
for servers in $servers; do
host $servers | host $servers | cut -d ' ' -f1,4
@ihebski
ihebski / netcat.sh
Last active August 4, 2020 22:19
nc port scan for several hosts
cat hosts.txt | parallel -j255 'netcat -znv -w 1 {} 80 443 8080 25' &> nc-scan.txt
@ihebski
ihebski / nslookup.sh
Last active August 6, 2020 01:41
nslookup domains + parallel
cat subdomains.txt | parallel -j250 'host {} | grep "has address" | cut -d " " -f1,4' | sort -u
@ihebski
ihebski / port.sh
Created August 6, 2020 01:20
fast port scan nmap + parallel
cat domains.txt | parallel -j250 'nmap -Pn --top-ports 100 -T4 -vv --open -oN results.txt {}'
@ihebski
ihebski / Reflected xss
Last active August 18, 2020 00:23
catch reflected xss -> check if FUZZ is reflected
echo subdomains | grep '=' | qsreplace FUZZ\" -a | while read url;do target=$(curl -s -l $url | egrep -o '(FUZZ"|FUZZ\\")'); echo -e "Target:\e[1;33m $url\e[0m" "$target" "\n-------"; done | sed 's/FUZZ"/[Xss Possible] Reflection Found/g'