' or '1' ='1' --
Nomad nomadh7
nomadh7
/ OSCP_notes_brakertech.md
Created
June 13, 2021 14:29
— forked from ssstonebraker/OSCP_notes_brakertech.md
OSCP Notes #oscp
nomadh7
/ a-recon-services-list-for-liveoverflow.md
Created
May 10, 2019 11:57
— forked from EdOverflow/a-recon-services-list-for-liveoverflow.md
- https://scans.io/
- https://commoncrawl.org/
- https://web.archive.org/ (For JS snippets this can be extremely handy. See killbox.sh below that was written for a HackerOne event.)
- https://www.shodan.io/
- https://opendata.rapid7.com/
- https://www.virustotal.com/en/documentation/public-api/ (You can fetch previously-scanned URLs via the API.)
- https://securitytrails.com/
- https://threatcrowd.org/
- https://dnsdumpster.com/
- https://crt.sh/
nomadh7
/ github_onplatform.md
Created
May 10, 2019 08:24
— forked from EdOverflow/github_onplatform.md
My basic workflow when using GitHub for recon purposes.
Note: Please keep in mind, that all of this does not work if you are not signed in to GitHub.
When searching for issues related to a target I often like to quickly look up their GitHub organization on Google.
So let's say Gratipay says nothing about being open source. A quick Google "Gratipay GitHub" should return Gratipay's org page on GitHub.
Then from there I am going to check what repos actually belong to the org and which are forked. You can do this by selecting the Type: dropdown on the right hand side of the page.
nomadh7
/ all.txt
Created
March 4, 2019 11:51
— forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| . | |
| .. | |
| ........ | |
| @ | |
| * | |
| *.* | |
| *.*.* | |
| 🎠|
nomadh7
/ WAHH_Task_Checklist.md
Created
February 28, 2019 11:49
— forked from jhaddix/Testing_Checklist.md
The Web Application Hacker's Handbook - Task Checklist - Github-Flavored Markdown
Web Application Hacker's Handbook Task checklist as a Github-Flavored Markdown file
nomadh7
/ cloud_metadata.txt
Created
February 28, 2019 11:49
— forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## AWS | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
nomadh7
/ content_discovery_all.txt
Created
February 28, 2019 11:49
— forked from jhaddix/content_discovery_all.txt
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ` | |
| ~/ | |
| ~ | |
| ×™× | |
| ___ | |
| __ | |
| _ |
nomadh7
/ all.txt
Created
February 28, 2019 11:45
— forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| . | |
| .. | |
| ........ | |
| @ | |
| * | |
| *.* | |
| *.*.* | |
| 🎠|
nomadh7
/ bountyscan_setup.sh
Created
February 28, 2019 11:45
— forked from jhaddix/bountyscan_setup.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| export DEBIAN_FRONTEND=noninteractive; | |
| echo "[*] Starting Install... [*]" | |
| echo "[*] Upgrade installed packages to latest [*]" | |
| echo -e "\nRunning a package upgrade...\n" | |
| apt-get -qq update && apt-get -qq dist-upgrade -y | |
| apt full-upgrade -y | |
| apt-get autoclean | |
| echo "[*] Install stuff I use all the time [*]" |