Skip to content

Instantly share code, notes, and snippets.

View nil0x42's full-sized avatar
:octocat:
Writing GHRecon..soon to be published!

nil0x42

:octocat:
Writing GHRecon..soon to be published!
473 followers · 69 following
View GitHub Profile
@nil0x42
nil0x42 / stealth-fast-nmap-scan.sh
Last active January 12, 2022 04:35
"Quickly" scan all ports for a big list of IPs with nmap, while avoiding being banned,
#!/bin/bash
# by @nil0x42
shuf IP-LIST.TXT > /tmp/ips.txt # randomize ip-list
# for each port (in random order):
for i in {1..65535}; do echo $i; done | shuf | while read port; do
# scan single port on every IP from randomized ip-list
nmap -sS -PN -n --max-retries=0 --max-rtt-timeout=1000ms \
--min-rate=10000 --min-hostgroup=4096 -iL /tmp/ips.txt -p $port
done
@nil0x42
nil0x42 / atomicwrite_ifchanged.sh
Created June 21, 2021 12:40
atomicwrite_ifchanged (for bash automation)
# usage: atomicwrite_ifchanged output.txt
# - overwrite atomically (mv)
# - only writes to the file if new content is different
# by @nil0x42
function atomicwrite_ifchanged() {
test "$#" -eq 1 # ARGC == 1
test ! -t 0 # STDIN not a TTY
local file="$1"
local tmp_file="$(mktemp "${file}.XXXXXX.atomicwrite_ifchanged.part")"
cat - >| "$tmp_file"
@nil0x42
nil0x42 / subnetlist.py
Last active June 2, 2021 17:18
Quickly check if an IPv4 is contained in a list of subnets.
import struct
import socket
class SubnetList:
"""Quickly check if an IPv4 is contained in a list of subnets.
- by @nil0x42
- inspired by @nigel222's solution: https://stackoverflow.com/a/44264136
>>> cloudflare_ips = SubnetList("/wordlists/cloudflare-ips.txt")
>>> "103.31.4.12" in cloudflare_ips
True
@nil0x42
nil0x42 / anew_safe.sh
Last active April 5, 2021 06:02
Safe lock-based `anew` wrapper for concurrent usage for bug-bounty automation
# Safe lock-based `anew` wrapper for concurrent usage.
# e.g: gau tesla.com | anew_safe ~/tesla/endpoints.txt
function anew_safe() {
[ -t 0 ] && exit 1 # STDIN not a TTY
[[ "$1" == "-q" ]] && file="$2" || file="$1"
{
flock -x 200
cat - | anew "$@"
} 200>>"$file"
}
@nil0x42
nil0x42 / gist-massdump.py
Last active June 21, 2023 02:43
[OSINT] Dump ALL gists from a list of GitHub users
#!/usr/bin/env python3
#author: @nil0x42
# Usage:
# $ export GITHUB_TOKEN="<YOUR GITHUB TOKEN>"
# $ cat github-users.txt | ./gist-massdump.py
# $ grep -r 'someSecret' gist-massdump.out/
import sys, os, requests, json, pathlib
if sys.stdin.isatty():
@nil0x42
nil0x42 / bit-flipping-attack.py
Created March 2, 2021 08:09
Simple, easy to understand implementation of Bit-Flipping attack on CBC mode
#!/usr/bin/python3 -u
# requirements: PyCryptodome
import base64
import subprocess
from Crypto.Util.strxor import strxor
from Crypto.Util.Padding import pad
### variables to set
PLAINTEXT = b"id=12345678;name=myname;is_admin=false;mail=mymail@mail.com"
@nil0x42
nil0x42 / BugBounty_Recon_Services.md
Last active December 25, 2022 20:14
Bug Bounty Recon Services
@nil0x42
nil0x42 / get-firefox-history-top-subdomains.sh
Created October 21, 2020 15:57
# extract top subdomains from your firefox history
# by @nil0x42
grep -Pao "https://[a-zA-Z0-9.-]+" ~/.mozilla/firefox/*/places.sqlite \
| sort -u | sed 's#.*://\([a-zA-Z0-9-]*\)\..*#\1#' | uniq -c | sort -rn
@nil0x42
nil0x42 / Awesome_Linux_PrivEsc.md
Created September 25, 2020 13:40
Awesome Linux Privesc
@nil0x42
nil0x42 / get-github-stargazers-twitter.py
Created September 23, 2020 14:16
[OSINT] Extract twitter of all stargazers of a Github project
#!/usr/bin/env python3
# author: @nil0x42
# Usage example:
# $ export GITHUB_TOKEN="<YOUR GITHUB TOKEN>"
# $ ./get-githus-stargazers-twitter.py "rapid7/metasploit-framework"
import sys, os, requests, json
OWNER, REPO = sys.argv[1].split("/")
GH_TOKEN = os.environ.get("GITHUB_TOKEN")