by Proofpoint
by Austin Hudson
Chase Jensen ruevaughn
ruevaughn
/ find forgotten database dumps
Created
August 10, 2023 18:30
— forked from rohan-cce/find forgotten database dumps
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Here’s a quick tip to find forgotten database dumps using this small but quick fuzz list: | |
| /back.sql | |
| /backup.sql | |
| /accounts.sql | |
| /backups.sql | |
| /clients.sql | |
| /customers.sql | |
| /data.sql | |
| /database.sql | |
| /database.sqlite |
ruevaughn
/ redirect dorks
Created
August 10, 2023 18:30
— forked from rohan-cce/redirect dorks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Redirect dorks | |
| /{payload} | |
| ?next={payload} | |
| ?url={payload} | |
| ?target={payload} | |
| ?rurl={payload} | |
| ?dest={payload} | |
| ?destination={payload} | |
| ?redir={payload} |
ruevaughn
/ Recommended extensions for burpsuite
Created
August 10, 2023 18:30
— forked from rohan-cce/Recommended extensions for burpsuite
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Recommended extentions for BurpSuite | |
| JSON Beautifier | |
| Param Miner | |
| HTTP Request Smuggler | |
| Backslash Powered Scanner | |
| Reflected Parameters | |
| Software Vulnerability Scanner | |
| Java Deserialization Scanner | |
| . Net Beautifier | |
| Copy As Python-Request |
ruevaughn
/ 50 free tools and resources part 1
Created
August 10, 2023 18:30
— forked from rohan-cce/50 free tools and resources part 1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Free stuff is always exciting. But, what if it is free and awesome? Free tools and resources you’re gonna love. | |
| Let's start! | |
| 1. UI Garage | |
| Daily UI inspiration & patterns for designers, developers to find inspiration, tools and the best resources for your project. | |
| Link: https://uigarage.net/ | |
| 2. Remove bg |
ruevaughn
/ 50 free tools and resources part 2
Created
August 10, 2023 18:30
— forked from rohan-cce/50 free tools and resources part 2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Free stuff is always exciting. But, what if it is free and awesome? Free tools and resources you're gonna love. Part 2. | |
| Let's start! | |
| 1. Caniuse.com | |
| "Can I use" provides up-to-date browser support tables for support of front-end web technologies on desktop and mobile web browsers. | |
| Link: https://caniuse.com/ | |
| 2. Javascript.info | |
| Modern JavaScript Tutorial: simple, but detailed explanations with examples and tasks, including: closures, document and events, object oriented programming and more. |
ruevaughn
/ Recon Check List
Created
August 10, 2023 18:29
— forked from rohan-cce/Recon Check List
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ❌❌ :RECON CHECKLIST:❌❌ | |
| 1. Subdomain Enumeration: subfinder-amass-altdns-sublister-assetfinder-findomain | |
| 2.Resolving Subdomains: HTTPX/HTTPROBE | |
| 3. Screenshotting: HTTPX/AQUATONE/EYEWITNESS/GOWITNESS | |
| 4. Port Scan: Nmap/Zenmap/Aquatone/Amass | |
| 5. Directory Bruteforce: FFUF/Dirsearch/Dirbuster | |
| 6. Crawling: waybackurls/gau | |
| 7. Finding endpoints from JS: relative-url-extracter | |
| 8. Manual Recon: Burp Suite |
ruevaughn
/ URL Parsing
Created
August 9, 2023 19:54
— forked from joshisa/URL Parsing
Parsing of URLs using bash sh scripting
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Referenced and tweaked from http://stackoverflow.com/questions/6174220/parse-url-in-shell-script#6174447 | |
| proto="$(echo $1 | grep :// | sed -e's,^\(.*://\).*,\1,g')" | |
| # remove the protocol | |
| url="$(echo ${1/$proto/})" | |
| # extract the user (if any) | |
| userpass="$(echo $url | grep @ | cut -d@ -f1)" | |
| pass="$(echo $userpass | grep : | cut -d: -f2)" | |
| if [ -n "$pass" ]; then |
ruevaughn
/ nmap-http-url.py
Created
August 9, 2023 18:49
— forked from tothi/nmap-http-url.py
Generate HTTP URLs from Nmap XML (and optionally use VirtualHosts)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # | |
| # inputs: nmap.xml (nmap scan xml output), subdomains.csv (optional virtualhost info, hostname + ip address csv file) | |
| # output: url listing (useful for tools like EyeWitness) | |
| # | |
| # sample usage: ./nmap-http-url.py nmap.xml subdomains.csv | sort -u | gowitness file -f - | |
| # | |
| description = ''' | |
| Generate HTTP URLs from Nmap XML (and optionally additional VirtualHost listing, taken from e.g. subdomain enumeration). |
ruevaughn
/ gist:361ad41f42152c13379fd253c515e1d2
Created
July 31, 2023 22:07
— forked from 0xtavian/gist:2ab3a3c48b64d1fff22ba23721e49ae1
nmap-recon-scan.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| nmap -p- -v -T4 --open -sV -O --script=banner --script=http-headers --script=hostmap-crtsh --script http-cross-domain-policy --script http-cors --script=asn-query --script http-vhosts --script fingerprint-strings --script http-open-proxy.nse --script http-ls --script=http-git --script=http-php-version --script=http-apache-server-status --script=http-webdav-scan --script=http-aspnet-debug --script="couchdb-databases.nse" --script=mongodb-info --script=hadoop-datanode-info.nse --script=membase-http-info --script=dns-srv-enum --script ftp-anon --script http-bigip-cookie --script http-svn-info -PE -PS80,53,22,21,8000,8080,8443,445,22,80,139,389,443,445,623,636,999,1080,1880,1098,1099,2379,2443,3128,3389-3398,3443,3632,4001,4443,4848,5001,5002,5443,5800,5836,5900-5910,5985,5986,6002,6379,6782-6784,6739,6443,7001,7002,7071,7443,8000-8010,8080,8081,8118,8443,8444,8500,8888,9001,9060,9090,9093,9099,9100,9901,9999,10000,10250,10255,10256,11211,38801,53281 | |
| PA80,53,22,21,8000,8080,8443,445,22,80,139,389,443,445,623,636, |
ruevaughn
/ nighthawk-blog-posts.md
Created
July 30, 2023 12:29
— forked from Neo23x0/nighthawk-blog-posts.md
Collection of Deleted Articles on MDSec's Nighthawk