POST /bin/groovyconsole/post.servlet?.Cic.ico HTTP/1.1
Host: host
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:63.0) Gecko/20100101 Firefox/63.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Referer: https://test.com
Upgrade-Insecure-Requests: 1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import sys | |
from http.server import HTTPServer, BaseHTTPRequestHandler | |
if len(sys.argv)-1 != 2: | |
print(""" | |
Usage: {} <port_number> <url> | |
""".format(sys.argv[0])) | |
sys.exit() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gau $1 | sort -u | grep -v oembed | grep -v .css | grep -v .jpg | grep -v .svg | grep -v .png | grep -v .gif | grep -v .ico | grep -v .mp4 | grep -v .eot | grep -v .webm | grep = | sed s/http\:/https\:/g | sed s/\:80//g |sort -u | tee leads.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import json | |
from requests.packages.urllib3.exceptions import InsecureRequestWarning | |
requests.packages.urllib3.disable_warnings(InsecureRequestWarning) | |
session = requests.Session() | |
http_proxy = "http://192.168.1.130:8085" | |
proxyDict = { | |
"http" : http_proxy, | |
"https" : http_proxy, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
export GOROOT=/snap/bin/go | |
export GOPATH=$HOME/go | |
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4k-icon-fonts-for-visual-composer | |
6scan-protection | |
a-wechat | |
abdul-wp-plugin | |
accelerated-mobile-pages | |
access-watch | |
accessibility-toolbar | |
ace-edit | |
ace-editor-for-wp | |
aceide |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
10web-manager | |
4k-icon-fonts-for-visual-composer | |
accelerated-mobile-pages | |
accept-payments-wp | |
accu-auto-backup | |
ace-edit | |
ace-editor-for-wp | |
aceide | |
acelerator | |
acf-code-field |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1-click-migration | |
1-click-retweetsharelike | |
1-flash-gallery | |
10centmail-subscription-management-and-analytics | |
123contactform-for-wordpress | |
123formular-fur-wp | |
123formulier-wordpress-contactformulier | |
17track | |
18-age-gateway | |
2d-barcodes |
http_proxy = "http://127.0.0.1:8080"
https_proxy = "http://127.0.0.1:8080"
ftp_proxy = "http://127.0.0.1:8080"
proxyDict = {
"http" : http_proxy,
"https" : https_proxy,
"ftp" : ftp_proxy
}
wget https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt
sudo docker run -v $(pwd):/wordlists/ -it --rm wpscanteam/wpscan --url https://website.com --rua -e u --users-detection mixed --password-attack wp-login -P /wordlists/rockyou.txt --disable-tls-checks