nullenc0de

## git_query
BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=
CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=
CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=
CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=
CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=
-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=
ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFICATION= OR ENCRYPTION_PASSWORD= OR END_USER_PASSWORD=
FBTOOLS_TARGET_PROJECT= OR FDfLgJkS3bKAdAU24AS5X8lmHUJB94= OR FEEDBACK_EMAIL_RECIPIENT= OR FEEDBACK_EMAIL_SENDER=
FIREBASE_PROJECT_DEVELOP= OR FIREBASE_PROJECT_ID= OR FIREBASE_PROJECT= OR FIREBASE_SERVICE_ACCOUNT= OR FIREBASE_TOKEN=
GH_NAME= OR GH_NEXT_OAUTH_CLI

## dns_resolver.txt
8.8.8.8
9.9.9.9
208.67.222.222
1.1.1.1
185.228.168.9
64.6.64.6
198.101.242.72
176.103.130.130
8.8.4.4
149.112.112.112

## resolvers.txt
1.1.1.1
8.8.8.8
64.6.64.6
74.82.42.42
1.0.0.1
8.8.4.4
64.6.65.6
77.88.8.1

## whey-cewler.py
'''
Based on the initial work of Digininja at https://github.com/digininja/CeWL. While CeWL is a script written
in Ruby that requires an independent crawl of a website in order to build a custom wordlist, Whey CeWLer
runs within Portswigger's Burp Suite and parses an already crawled sitemap to build a custom wordlist. It
does not have the meta data parsing capabilities that CeWL does, but it more than makes up for it in
convenience.

The name gets its origins from the CeWLer portion of the CO2 Burp extension by Jason Gillam, which is written
in Java and does something similar, but Whey CeWLer is a completely reimagined extension written in Python,
making it "way cooler".

## go2bbrf.go
package main

import (
	"encoding/json"
	"fmt"
	"os"
	"os/exec"
)

func main() {

## dir2bbrf.go
package main

import (
	"encoding/json"
	"fmt"
	"os"
	"os/exec"
)

func main() {

## resolve.sh
bbrf domains --view unresolved | \
dnsx -silent -a -resp | tr -d '[]' | tee \
      >(awk '{print $1":"$2}' | bbrf domain update - -s dnsx) \
      >(awk '{print $1":"$2}' | bbrf domain add - -s dnsx) \
      >(awk '{print $2":"$1}' | bbrf ip add - -s dnsx) \
      >(awk '{print $2":"$1}' | bbrf ip update - -s dnsx)

## apk-recon.yaml
id: apk-recon

info:
  name: APK Recon
  author: nullenc0de
  severity: info
  tags: android,file

file:
  - extensions:

## service2bbrf.go
package main

import (
	"encoding/json"
	"fmt"
	"os"
	"os/exec"
)

func main() {

## apk_params.txt
MD
TermUrl
a
adjust_campaign
alternatives
amount
app
app_id
appname
avoid
	BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=
	CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=
	CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=
	CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=
	CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=
	-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=
	ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFICATION= OR ENCRYPTION_PASSWORD= OR END_USER_PASSWORD=
	FBTOOLS_TARGET_PROJECT= OR FDfLgJkS3bKAdAU24AS5X8lmHUJB94= OR FEEDBACK_EMAIL_RECIPIENT= OR FEEDBACK_EMAIL_SENDER=
	FIREBASE_PROJECT_DEVELOP= OR FIREBASE_PROJECT_ID= OR FIREBASE_PROJECT= OR FIREBASE_SERVICE_ACCOUNT= OR FIREBASE_TOKEN=
	GH_NAME= OR GH_NEXT_OAUTH_CLI
	8.8.8.8
	9.9.9.9
	208.67.222.222
	1.1.1.1
	185.228.168.9
	64.6.64.6
	198.101.242.72
	176.103.130.130
	8.8.4.4
	149.112.112.112
	'''
	Based on the initial work of Digininja at https://github.com/digininja/CeWL. While CeWL is a script written
	in Ruby that requires an independent crawl of a website in order to build a custom wordlist, Whey CeWLer
	runs within Portswigger's Burp Suite and parses an already crawled sitemap to build a custom wordlist. It
	does not have the meta data parsing capabilities that CeWL does, but it more than makes up for it in
	convenience.

	The name gets its origins from the CeWLer portion of the CO2 Burp extension by Jason Gillam, which is written
	in Java and does something similar, but Whey CeWLer is a completely reimagined extension written in Python,
	making it "way cooler".
	package main

	import (
	"encoding/json"
	"fmt"
	"os"
	"os/exec"
	)

	func main() {
	bbrf domains --view unresolved \| \
	dnsx -silent -a -resp \| tr -d '[]' \| tee \
	>(awk '{print $1":"$2}' \| bbrf domain update - -s dnsx) \
	>(awk '{print $1":"$2}' \| bbrf domain add - -s dnsx) \
	>(awk '{print $2":"$1}' \| bbrf ip add - -s dnsx) \
	>(awk '{print $2":"$1}' \| bbrf ip update - -s dnsx)
	id: apk-recon

	info:
	name: APK Recon
	author: nullenc0de
	severity: info
	tags: android,file

	file:
	- extensions:
	MD
	TermUrl
	a
	adjust_campaign
	alternatives
	amount
	app
	app_id
	appname
	avoid