Skip to content

Instantly share code, notes, and snippets.

View whey-cewler.py
'''
Based on the initial work of Digininja at https://github.com/digininja/CeWL. While CeWL is a script written
in Ruby that requires an independent crawl of a website in order to build a custom wordlist, Whey CeWLer
runs within Portswigger's Burp Suite and parses an already crawled sitemap to build a custom wordlist. It
does not have the meta data parsing capabilities that CeWL does, but it more than makes up for it in
convenience.
The name gets its origins from the CeWLer portion of the CO2 Burp extension by Jason Gillam, which is written
in Java and does something similar, but Whey CeWLer is a completely reimagined extension written in Python,
making it "way cooler".
View resolvers.txt
1.1.1.1
8.8.8.8
64.6.64.6
74.82.42.42
1.0.0.1
8.8.4.4
64.6.65.6
77.88.8.1
@nullenc0de
nullenc0de / breach.sh
Created Jan 27, 2021
Script will look up company assets and search them on greynoise.
View breach.sh
cat cust.txt |assetfinder -subs-only | filter-resolved -c 100 | while read resolved; do host -t A "$resolved" | awk '{print $NF}' | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; done |sort -u |while read ip; do greynoise quick $ip ; done |grep -v "NOT" |cut -d ' ' -f1 |greynoise ip |sed -e '/malicious/,/rDNS/!d'
View interesting_dirsearch.txt
uploads/affwp-debug.log
certs/server.key
server.key
.CSV
.PDF
.README.md.bud
.action
.actionScriptProperties
.angular-cli.json
.apport-ignore.xml
View interesting_content.txt
This file has been truncated, but you can view the full file.
!CREDITS.TXT
!INSTALL.TXT
!LICENSE.TXT
!ReadMe.txt
# directory-list-1.0.txt
# directory-list-2.3-big.txt
# directory-list-2.3-medium.txt
# directory-list-2.3-small.txt
# directory-list-lowercase-2.3-big.txt
View qualys_wordlist.txt
/
/.
/.*
/../../../../../../../../../../../
/../../../../../../../../../../../../boot.ini
/../../../../../../../../../../../../etc/passwd
/../../../../../../../winnt/system32/cmd.exe
/../../..//index.html
/../index.html
/.bzr/
View secrets.sh
strings -f -e s * | grep -i 'BROWSER_STACK_ACCESS_KEY=\|BROWSER_STACK_USERNAME=\|browserConnectionEnabled=\|BROWSERSTACK_ACCESS_KEY=\|CHROME_CLIENT_SECRET=\|CHROME_EXTENSION_ID=\|CHROME_REFRESH_TOKEN=\|CI_DEPLOY_PASSWORD=\|CI_DEPLOY_USER=\|CLOUDAMQP_URL=\|CLOUDANT_APPLIANCE_DATABASE=\|CLOUDANT_ARCHIVED_DATABASE=\|CLOUDANT_AUDITED_DATABASE=\|CLOUDANT_ORDER_DATABASE=\|CLOUDANT_PARSED_DATABASE=\|CLOUDANT_PASSWORD=\|CLOUDANT_PROCESSED_DATABASE=\|CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN=\|CONTENTFUL_TEST_ORG_CMA_TOKEN=\|CONTENTFUL_V2_ACCESS_TOKEN=\|-DSELION_BROWSER_RUN_HEADLESS=\|-DSELION_DOWNLOAD_DEPENDENCIES=\|-DSELION_SELENIUM_RUN_LOCALLY=\|ELASTICSEARCH_PASSWORD=\|ELASTICSEARCH_USERNAME=\|EMAIL_NOTIFICATION=\|ENCRYPTION_PASSWORD=\|END_USER_PASSWORD=\|FBTOOLS_TARGET_PROJECT=\|FDfLgJkS3bKAdAU24AS5X8lmHUJB94=\|FEEDBACK_EMAIL_RECIPIENT=\|FEEDBACK_EMAIL_SENDER=\|FIREBASE_PROJECT_DEVELOP=\|FIREBASE_PROJECT_ID=\|FIREBASE_PROJECT=\|FIREBASE_SERVICE_ACCOUNT=\|FIREBASE_TOKEN=\|GH_NAME=\|GH_NEXT_OAUTH_CLIENT_ID=\|GH_NEXT_OAU
View dns_resolver.txt
8.8.8.8
9.9.9.9
208.67.222.222
1.1.1.1
185.228.168.9
64.6.64.6
198.101.242.72
176.103.130.130
8.8.4.4
149.112.112.112
View auto_git_query_fav
https://github.com/search?q=\?AccessKeyId= OR _02ddd67d5586_key= OR 0HB_CODESIGN_GPG_PASS= OR 0HB_CODESIGN_KEY_PASS=&s=indexed&type=Code
https://github.com/search?q=0VIRUSTOTAL_APIKEY= OR ACCESS KEY ID = OR ACCESS_KEY_ID= OR ACCESS_KEY_SECRET= OR ACCESS_KEY=&s=indexed&type=Code
https://github.com/search?q=ACCESS_SECRET= OR ACCESSKEY= OR ACCESSKEYID= OR ADZERK_API_KEY= OR ALGOLIA_ADMIN_KEY_1=&s=indexed&type=Code
https://github.com/search?q=ALGOLIA_ADMIN_KEY_2= OR ALGOLIA_ADMIN_KEY_MCM= OR ALGOLIA_API_KEY_MCM= OR ALGOLIA_API_KEY_SEARCH=&s=indexed&type=Code
https://github.com/search?q=ALGOLIA_API_KEY= OR ALGOLIA_SEARCH_API_KEY= OR ALGOLIA_SEARCH_KEY_1= OR ALGOLIA_SEARCH_KEY=&s=indexed&type=Code
https://github.com/search?q=ALIAS_PASS= OR ALICLOUD_ACCESS_KEY= OR ALICLOUD_SECRET_KEY= OR AMAZON_SECRET_ACCESS_KEY=&s=indexed&type=Code
https://github.com/search?q=ANSIBLE_VAULT_PASSWORD= OR aos_key= OR API_KEY_MCM= OR API_KEY_SECRET= OR API_KEY_SID= OR API_KEY=&s=indexed&type=Code
https://github.com/search?q=API_SECRE
@nullenc0de
nullenc0de / auto_git_query
Last active Oct 4, 2021
Automated Github Queries (Can open 29 tabs at a time)
View auto_git_query
https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code
https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code
https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code
https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code
https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI