Skip to content

Instantly share code, notes, and snippets.

View jhaddix's full-sized avatar

Jason Haddix jhaddix

View GitHub Profile
javascript:(function(){var scripts=document.getElementsByTagName("script"),regex=/(?<=(\"|\%27|\`))\/[a-zA-Z0-9_?&=\/\-\#\.]*(?=(\"|\'|\%60))/g,jsRegex=/(?<=(\"|\'|\%60))(?:\/|https?:\/\/)[a-zA-Z0-9_?&=\/\-\#\.]+\.js(?:\?[^"'%60]*)?(?=(\"|\'|\%60))/g;const results=new Set;const paramMap=new Map();const jsFiles=new Set();function processContent(t,src){var e=t.matchAll(regex);for(let r of e){results.add(r[0]);var params=r[0].split('?')[1];if(params){params.split('&').forEach(param=>{var [key,]=param.split('=');if(key){if(!paramMap.has(key)){paramMap.set(key,[]);}paramMap.get(key).push(src||'Inline script or HTML');}});}}var j=t.matchAll(jsRegex);for(let r of j){jsFiles.add(r[0]);}}for(var i=0;i<scripts.length;i++){var t=scripts[i].src;if(t){jsFiles.add(t);fetch(t).then(function(t){return t.text()}).then(text=>processContent(text,t)).catch(function(t){console.log("An error occurred: ",t)});}else{processContent(scripts[i].textContent);}}var pageContent=document.documentElement.outerHTML;processContent(pageContent
@jhaddix
jhaddix / d4dorks.txt
Last active September 2, 2024 21:19
Diablo 4 Dorks
Search groups explained:
Group 1 "exploit, farm, glitch, cheese, AFK, multibox, dupe, grind" - This search will keep you up to date on "clever use of game mechanics" should you want to be on the bleeding edge.
Group 2 "build OR guide OR nerf" - This wil keep you up to date with classes and builds coming out and ones that are over powered.
Group 3: "unique OR set OR legendary OR gold OR murmuring OR veiled" - will keep you up to date on the currency and gear grind meta.
SEARCH LINKS:
@jhaddix
jhaddix / ffufone.json
Created March 8, 2023 20:48
Axiom ffuf module to scan one host vertically
[{
"command":"/home/op/go/bin/ffuf -w input -rate 8 -of csv -o _output_/_cleantarget_ -ac -u ",
"ext":"csv",
"threads":"10"
}]
@jhaddix
jhaddix / reconftw.cfg
Last active September 2, 2024 21:28
reconFTW config file: NO google/osint, wordlist creation, nuclei js analysis
#################################################################
# reconFTW config file #
#################################################################
# General values
tools=~/Tools # Path installed tools
SCRIPTPATH="$( cd "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" # Get current script's path
profile_shell=".$(basename $(echo $SHELL))rc" # Get current shell profile
reconftw_version=$(git rev-parse --abbrev-ref HEAD)-$(git describe --tags) # Fetch current reconftw version
generate_resolvers=false # Generate custom resolvers with dnsvalidator
echo ""
echo "************ Github Dork Links (must be logged in) *******************"
echo ""
echo " password"
echo "https://github.com/search?q="hackertarget.site"+password&type=Code"
echo "https://github.com/search?q=""hackertarget""+password&type=Code"
echo ""
echo " npmrc _auth"
@jhaddix
jhaddix / bucket-disclose.sh
Created July 22, 2020 17:49 — forked from fransr/bucket-disclose.sh
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
#!/bin/bash
# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"
@jhaddix
jhaddix / Github bash generated search links (from hunter.sh)
Created January 12, 2020 19:55
Github bash generated search links (from hunter.sh)
@jhaddix
jhaddix / amass_intel_for_loop
Created November 21, 2019 05:29
Foir loop to run amass intel for easy killing of single thread
for i in $(cat yahoobgp); do echo""; echo "ASN $i";echo ""; amass.netdomains -asn $i;echo ""; done
@jhaddix
jhaddix / bgp.sh
Created November 21, 2019 05:27
copy in bghp.he.net to this script and get amass command
#!/bin/bash
expand $1 |cut -d " " -f1|sed 's/AS//g'
echo ""
echo ""
lined=`expand $1 |cut -d " " -f1|sed 's/AS//g'| tr '\n' ','`
#!/bin/bash
export DEBIAN_FRONTEND=noninteractive;
echo "[*] Starting Install... [*]"
echo "[*] Upgrade installed packages to latest [*]"
echo -e "\nRunning a package upgrade...\n"
apt-get -qq update && apt-get -qq dist-upgrade -y
apt full-upgrade -y
apt-get autoclean
echo "[*] Install stuff I use all the time [*]"