| Service | SSL | status | Response Type | Allowed methods | Allowed headers |
|---|
m4ll0k
/ all.txt
Created
June 17, 2020 11:19
— forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| . | |
| .. | |
| ........ | |
| @ | |
| * | |
| *.* | |
| *.*.* | |
| 🎠|
m4ll0k
/ gist:c33c3bac057584642c8a63144888e3d1
Created
June 22, 2020 13:16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # replace $mytarget with your target | |
| gau $mytarget|egrep -iv '\.json'|grep -iE '\.js'|antiburl|awk '{print $4}' | xargs -I %% bash -c 'python3 SecretFinder.py -i %% -o cli' | |
| # use -r option for extract anything | |
| gau $mytarget|egrep -iv '\.json'|grep -iE '\.js'|antiburl|awk '{print $4}' | xargs -I %% bash -c 'python3 SecretFinder.py -i %% -o cli -r "$anything"' |
m4ll0k
/ content_discovery_all.txt
Created
June 17, 2020 11:18
— forked from jhaddix/content_discovery_all.txt
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ` | |
| ~/ | |
| ~ | |
| ×™× | |
| ___ | |
| __ | |
| _ |
m4ll0k
/ getpoint.py
Last active
November 26, 2021 16:54
getpoint.py - Take a wordlist and generate the potential injection point for make dns bruteforce
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ----------------------------- | |
| # by m4ll0k (@m4ll0k) | |
| # github.com/m4ll0k | |
| # ------------------------------ | |
| # e.g: | |
| # echo -e "test.example.com\ntest-dev.example.com\nstaging-test.example.com" > targets.txt && python3 getpoint.py targets.txt %FUZZ% | |
| # output: | |
| ''' | |
| %FUZZ%.test.example.com | |
| %FUZZ%.test-dev.example.com |
m4ll0k
/ gist:9cf22d4c76dbe0e1a0cc874f12c04963
Created
January 28, 2021 20:56
— forked from cjaoude/gist:fd9910626629b53c4d25
Test list of Valid and Invalid Email addresses
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Use: for testing against email regex | |
| ref: http://codefool.tumblr.com/post/15288874550/list-of-valid-and-invalid-email-addresses | |
| List of Valid Email Addresses | |
| email@example.com | |
| firstname.lastname@example.com | |
| email@subdomain.example.com | |
| firstname+lastname@example.com |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # github.com/m4ll0k (@m4ll0k2) | |
| ''' | |
| Steps: | |
| 0. Make dir like chaos 'mkdir chaos' | |
| 1. Download this script in choas dir 'wget https://..' | |
| 2. Now: 'python3 choas.py |sort -u > dns_wordlist.txt' | |
| ''' |
m4ll0k
/ nuclei-templates-delete.py
Last active
October 22, 2022 10:54
Delete nuclei shitty templates
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os,sys,yaml,argparse | |
| # example | |
| # python nuclei-templates-delete.py -p <nuclei-templates-dir> -d <id,id1,id2> or <ids.txt file> | |
| ids = [] | |
| nuclei_template_path = '' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # by m4ll0k | |
| # github.com/m4ll0k | |
| # gist.github.com/m4ll0k | |
| # Usage: | |
| #------ python3 tojson.py https://www.example.com | |
| #------ cat targets.txt | python3 tojson.py | |
| import requests as _0x1 | |
| import sys as _0x2 |
m4ll0k
/ firebase_apiKeys_testing.html
Created
March 22, 2023 16:46
— forked from Anon-Exploiter/firebase_apiKeys_testing.html
For testing the Firebase API keys found in Web Applications or in JavaScript Code --
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title></title> | |
| </head> | |
| <body> | |
| <script src="https://www.gstatic.com/firebasejs/7.6.1/firebase-app.js"></script> | |
| <!-- If you enabled Analytics in your project, add the Firebase SDK for Analytics --> |
OlderNewer