marz-hunter

"""

***** Auto-finder by dorks tool with Google API & Bing API *****

@author: z0rtecx
@release date: dec-2014
@version: 1.0.12122014
@poc: good dork for find web pages whit SQLi vulnerability in ID parameter, e.g. "inurl:details.php?id="
@description: This tool is for save time for you. It is gathering dorks of a txt file, and search potential web pages with SQLi vulnerability. ONLY FOR MySQL errors.
@features: 

marz-hunter

org: org_name
kibana content-length:217
org:”Amazon” ssl:”target”
ssl:”target”
html:”Dashboard Jenkins” http.component:”jenkins”
http.title:”302 Found”
http.component%3A”java”
https://www.shodan.io/host/ip#9200
https://www.shodan.io/host/ip
X-Redirect-By: WordPress ssl:”name”

marz-hunter

# !/usr/bin/env python
# sslChainDeetz.py
#
# Dependencies:
# - shodan
# - pyOpenSSL
#
# Installation:
# sudo easy_install shodan
#

marz-hunter

# Get all the F5 IPs from Shodan | Get script here : https://gist.github.com/LuD1161/2087aea80e8771a4af069c33b4078570
python3 shodan_query.py "http.favicon.hash:-335242539" results_f5.txt | tee -a output.txt

cat output.txt | grep -i "host :" | cut -d":" -f2 | cut -d" " -f2 | httpx -threads 400 -ports 80,443,8443,4443 -silent | nuclei -t cves/CVE-2020-5902.yaml -o results.txt

cut -d" " -f3 results.txt > targets.txt
sed -i -e "s/\.\;/\.\\\;/g" targets.txt # escape semicolon to pass to interlace

interlace -tL ./targets.txt -threads 100 -c "echo _target_; curl --insecure -v _target_ 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }'" -v | tee -a all_certs.txt

marz-hunter

{
    "proxy":{
        "ssl_pass_through":{
            "automatically_add_entries_on_client_ssl_negotiation_failure":false,
            "rules":[
                {
                    "enabled":true,
                    "host":".*\\.google\\.com",
                    "protocol":"any"
                },

marz-hunter

import httplib
import urllib

http = httplib.HTTPSConnection('example.com', 443)

cookie = 'your=cookies';

http.request("GET", "/api/v1/csrf", "", {
    'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.146 Safari/537.36',
    'referer': 'https://example.com/',

marz-hunter

from pydriller import RepositoryMining
import re
import base64

foundSet = set()
for commit in RepositoryMining('./').traverse_commits():
  for mod in commit.modifications:
    if mod.source_code_before != None:
      regex = re.findall(r"<text encoding=\"base64\">[^>]+</text>", mod.source_code_before)
      for result in regex:

marz-hunter

https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code
https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code
https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code
https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code
https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI