Web Application Hacker's Handbook Task checklist as a Github-Flavored Markdown file
kjigs
/ subdomain.rb
Created
July 23, 2019 03:23
— forked from ehsahil/subdomain.rb
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Tools based on a resolver.rb by @melvinsh | |
| #Repository: https://github.com/melvinsh/subresolve | |
| #Modified by @ehsahil for Personal Use. | |
| require 'socket' | |
| require 'colorize' | |
| begin | |
| domain = ARGV[0] | |
| rescue | |
| puts "Usage: ruby subdomain.rb domain" | |
| exit |
kjigs
/ recon.rb
Created
July 23, 2019 03:23
— forked from ehsahil/recon.rb
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Tool based on a resolver.rb by @melvinsh | |
| #Original Repository: https://github.com/melvinsh/subresolve | |
| #Modified by @ehsahil for Personal Use. | |
| require 'socket' | |
| require 'colorize' | |
| begin | |
| file = File.open(ARGV[0], "r") | |
| rescue | |
| puts "Usage: ruby recon.rb wordlist" |
kjigs
/ WAHH_Task_Checklist.md
Created
February 13, 2020 04:15
— forked from amotmot/WAHH_Task_Checklist.md
The Web Application Hacker's Handbook - Task Checklist - Github-Flavored Markdown
kjigs
/ cloud_metadata.txt
Created
February 13, 2020 04:16
— forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## AWS | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
kjigs
/ get-shodan-favicon-hash.py
Created
July 4, 2020 00:25
— forked from yehgdotnet/get-shodan-favicon-hash.py
Get Shodan FAVICON Hash
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://twitter.com/brsn76945860/status/1171233054951501824 | |
| pip install mmh3 | |
| ----------------------------- | |
| # python 2 | |
| import mmh3 | |
| import requests | |
| response = requests.get('https://cybersecurity.wtf/favicon.ico') | |
| favicon = response.content.encode('base64') |
kjigs
/ secrets.yara
Created
November 7, 2020 07:51
— forked from dustyfresh/secrets.yara
yara signatures converted from trufflehog regexes for identifying secrets in text files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Yara signatures for identifying secrets in text files. Requires libmagic! | |
| Mostly all stolen from Trufflehog regexes: | |
| - https://github.com/dxa4481/truffleHogRegexes/blob/master/truffleHogRegexes/regexes.json | |
| */ | |
| import "magic" |