man3kin3ko

## showUnusualGlobals.js
let standardWindowProps = [
        "Array", "Boolean", "Date", "decodeURI", "decodeURIComponent", "encodeURI",
        "encodeURIComponent", "Error", "eval", "EvalError", "Float32Array", "Float64Array",
        "Function", "Infinity", "Int16Array", "Int32Array", "Int8Array", "isFinite",
        "isNaN", "JSON", "Map", "Math", "NaN", "Number", "Object", "parseFloat",
        "parseInt", "Promise", "Proxy", "RangeError", "ReferenceError", "Reflect",
        "RegExp", "Set", "String", "Symbol", "SyntaxError", "TypeError", "Uint16Array",
        "Uint32Array", "Uint8Array", "Uint8ClampedArray", "undefined", "URIError",
        "WeakMap", "WeakSet", "Atomics", "SharedArrayBuffer", "BigInt", "BigInt64Array",
        "BigUint64Array", "globalThis", "console", "window", "document", "navigator",

## subdomains_web_recon.sh
sed -e 's/^/https:\/\//' subdomains > subdomains.schema
ffuf -t 10 -w "/path/to/dict:FUZZ" -w "subdomains.schema:HOST" -u HOST/FUZZ -mc all -rate 100 -o fuzz-subdomains.json -c -H "User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Googlebot/2.1; +http://www.google.com/bot.html) Chrome/W.X.Y.Z Safari/537.36" -fc 404

## jq.txt
# filter ffuf output

cat output.json | jq '.results[] | select(.status==200) | .url'
cat output.json | jq -S '.results | sort_by(.url) | .[] | select(.status==200) | {url: .url,len: .length}'

# filter bbot output

cat output.json | jq 'select(.type=="DNS_NAME") | .data' | tr -d '"' | sort | uniq > subdomains.txt

## dig.sh
DOMAIN=domain.com
NS=ns.domain.com
dig -t AXFR $DOMAIN @$NS
dig +noall +answer +multiline $DOMAIN any @$NS
	let standardWindowProps = [
	"Array", "Boolean", "Date", "decodeURI", "decodeURIComponent", "encodeURI",
	"encodeURIComponent", "Error", "eval", "EvalError", "Float32Array", "Float64Array",
	"Function", "Infinity", "Int16Array", "Int32Array", "Int8Array", "isFinite",
	"isNaN", "JSON", "Map", "Math", "NaN", "Number", "Object", "parseFloat",
	"parseInt", "Promise", "Proxy", "RangeError", "ReferenceError", "Reflect",
	"RegExp", "Set", "String", "Symbol", "SyntaxError", "TypeError", "Uint16Array",
	"Uint32Array", "Uint8Array", "Uint8ClampedArray", "undefined", "URIError",
	"WeakMap", "WeakSet", "Atomics", "SharedArrayBuffer", "BigInt", "BigInt64Array",
	"BigUint64Array", "globalThis", "console", "window", "document", "navigator",
	sed -e 's/^/https:\/\//' subdomains > subdomains.schema
	ffuf -t 10 -w "/path/to/dict:FUZZ" -w "subdomains.schema:HOST" -u HOST/FUZZ -mc all -rate 100 -o fuzz-subdomains.json -c -H "User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Googlebot/2.1; +http://www.google.com/bot.html) Chrome/W.X.Y.Z Safari/537.36" -fc 404
	# filter ffuf output

	cat output.json \| jq '.results[] \| select(.status==200) \| .url'
	cat output.json \| jq -S '.results \| sort_by(.url) \| .[] \| select(.status==200) \| {url: .url,len: .length}'

	# filter bbot output

	cat output.json \| jq 'select(.type=="DNS_NAME") \| .data' \| tr -d '"' \| sort \| uniq > subdomains.txt
	DOMAIN=domain.com
	NS=ns.domain.com
	dig -t AXFR $DOMAIN @$NS
	dig +noall +answer +multiline $DOMAIN any @$NS