sasqwatch

## ohost.sh
host `echo https://pass:user@abracadabra-mms.starbucks.com:2996/utils/|sed "s/.*:\/\///"|cut -d '/' -f 1|cut -d '@' -f 2|cut -d':' -f 1`

function ohost {
  host `echo $1|sed "s/.*:\/\///"|cut -d '/' -f 1|cut -d '@' -f 2|cut -d':' -f 1`
}

function ohosts {
  while read u; do host `echo $u|sed "s/.*:\/\///"|cut -d '/' -f 1|cut -d '@' -f 2|cut -d':' -f 1`; done < $1
}

## olink.sh

while read h; do curl -siL https://$h|sed -n -E "s/.*<.*(href|src|url)[=:]['\"]?([^'\">]+).*/\2/p" ; done < hosts.txt

function olink {
  curl -siL https://$1|sed -n -E "s/.*(href|src|url)[=:]['\"]?([^'\">]+).*/\2/p"
}

function olinks {
  while read h; do curl -siL https://$h|sed -n -E "s/.*<.*(href|src|url)[=:]['\"]?([^'\">]+).*/\2/p" ; done < $1
}

## osub.sh
while read h; do curl -siL https://$h|egrep -io  "[0-9a-z_\-\.]+\.([0-9a-z_\-]+)?`echo $h|awk -F '.' '{print $(NF-1)}'`([0-9a-z_\-\.]+)?\.[a-z]{1,5}"|sort -fu ; done < hosts.txt

function osub {
  curl -siL https://$h1egrep -io "[0-9a-z_\-\.]+\.([0-9a-z_\-]+)?`echo $h|awk -F '.' '{print $(NF-1)}'`([0-9a-z_\-\.]+)?\.[a-z]{1,5}"|sort -fu
}

function osubs {
  while read h; do curl -siL https://$h|egrep -io  "[0-9a-z_\-\.]+\.([0-9a-z_\-]+)?`echo $h|awk -F '.' '{print $(NF-1)}'`([0-9a-z_\-\.]+)?\.[a-z]{1,5}"|sort -fu ; done < $1
}

## oparam.sh
echo "https://www.example.com/?aaa=bbb&ccc=ddd" | tr '?' '&' | awk -F '&' '{for(i=2;i<=NF;i++){split($i,t,"=");print t[1]}}'

while read u; do echo $u | tr '?' '&' | awk -F '&' '{for(i=2;i<=NF;i++){split($i,t,"=");print t[1]}}'; done < plainurls.txt | sort -fu

From wayback json file:
cat waybackurls.json|jq -r '.[]'|grep 'http'|cut -d '"' -f 2 | while read u; do echo $u | tr '?' '&' | awk -F '&' '{for(i=2;i<=NF;i++){split($i,t,"=");print t[1]}}'; done | sort -fu

function oparam {
  echo $1 | tr '?' '&' | awk -F '&' '{for(i=2;i<=NF;i++){split($i,t,"=");print t[1]}}'
}

## ejs.sh
curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu

# using linkfinder
function ejs() {
   URL=$1;
   curl -Lks $URL | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"\n##### %\";wget --no-check-certificate --quiet \"%\"; basename \"%\" | xargs -I \"#\" sh -c 'linkfinder.py -o cli -i #'"
}

# with file download (the new best one):
# but there is a bug if you don't provide a root url

## wordgrab.sh
#using cewl
wordgrab() {
  url=$1
  cewl.rb -u "Mozilla/5.0 (X11; Linux; rv:74.0) Gecko/20100101 Firefox/74.0" -d 0 -m 3 https://www.$1 | tr '[:upper:]' '[:lower:]' |sort -fu | grep -v "robin wood"
}

# added min length 3
wordgrab() {
  url=$1
  tmpfile="$(date "+%s")"

## sslsub.sh
function sslsub() {
  timeout 3 openssl s_client -showcerts -servername $1 -connect $1:443 <<< "Q"  2>/dev/null | openssl x509 -text -noout | grep DNS | tr ',' '\n' | cut -d ':' -f 2 | sort -fu
}

## QueryQNAPUpdate-PS2.ps1
# Ignore self-certs
if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)
{
$certCallback = @"
    using System;
    using System.Net;
    using System.Net.Security;
    using System.Security.Cryptography.X509Certificates;
    public class ServerCertificateValidationCallback
    {

## dump.py
import os
import sys
import time
import winappdbg
import traceback


class MyEventHandler(winappdbg.EventHandler):

    last_alloc_memory = 0

## Sosemanuk.cs
// Adapted from https://www.seanet.com/~bugbee/crypto/sosemanuk/
public class Sosemanuk
{
  public Sosemanuk(byte[] key, byte[] iv)
  {
    BuildAlphas();
    SetKey(key);
    SetIV(iv);
  }
	host `echo https://pass:user@abracadabra-mms.starbucks.com:2996/utils/\|sed "s/.*:\/\///"\|cut -d '/' -f 1\|cut -d '@' -f 2\|cut -d':' -f 1`

	function ohost {
	host `echo $1\|sed "s/.*:\/\///"\|cut -d '/' -f 1\|cut -d '@' -f 2\|cut -d':' -f 1`
	}

	function ohosts {
	while read u; do host `echo $u\|sed "s/.*:\/\///"\|cut -d '/' -f 1\|cut -d '@' -f 2\|cut -d':' -f 1`; done < $1
	}

	while read h; do curl -siL https://$h\|sed -n -E "s/.<.(href\|src\|url)[=:]['\"]?([^'\">]+).*/\2/p" ; done < hosts.txt

	function olink {
	curl -siL https://$1\|sed -n -E "s/.(href\|src\|url)[=:]['\"]?([^'\">]+)./\2/p"
	}

	function olinks {
	while read h; do curl -siL https://$h\|sed -n -E "s/.<.(href\|src\|url)[=:]['\"]?([^'\">]+).*/\2/p" ; done < $1
	}
	while read h; do curl -siL https://$h\|egrep -io "[0-9a-z_\-\.]+\.([0-9a-z_\-]+)?`echo $h\|awk -F '.' '{print $(NF-1)}'`([0-9a-z_\-\.]+)?\.[a-z]{1,5}"\|sort -fu ; done < hosts.txt

	function osub {
	curl -siL https://$h1egrep -io "[0-9a-z_\-\.]+\.([0-9a-z_\-]+)?`echo $h\|awk -F '.' '{print $(NF-1)}'`([0-9a-z_\-\.]+)?\.[a-z]{1,5}"\|sort -fu
	}

	function osubs {
	while read h; do curl -siL https://$h\|egrep -io "[0-9a-z_\-\.]+\.([0-9a-z_\-]+)?`echo $h\|awk -F '.' '{print $(NF-1)}'`([0-9a-z_\-\.]+)?\.[a-z]{1,5}"\|sort -fu ; done < $1
	}
	echo "https://www.example.com/?aaa=bbb&ccc=ddd" \| tr '?' '&' \| awk -F '&' '{for(i=2;i<=NF;i++){split($i,t,"=");print t[1]}}'

	while read u; do echo $u \| tr '?' '&' \| awk -F '&' '{for(i=2;i<=NF;i++){split($i,t,"=");print t[1]}}'; done < plainurls.txt \| sort -fu

	From wayback json file:
	cat waybackurls.json\|jq -r '.[]'\|grep 'http'\|cut -d '"' -f 2 \| while read u; do echo $u \| tr '?' '&' \| awk -F '&' '{for(i=2;i<=NF;i++){split($i,t,"=");print t[1]}}'; done \| sort -fu

	function oparam {
	echo $1 \| tr '?' '&' \| awk -F '&' '{for(i=2;i<=NF;i++){split($i,t,"=");print t[1]}}'
	}
	curl -L -k -s https://www.example.com \| tac \| sed "s#\\\/#\/#g" \| egrep -o "src['\"]?\s[=:]\s['\"]?[^'\"]+.js[^'\"> ]" \| awk -F '//' '{if(length($2))print "https://"$2}' \| sort -fu \| xargs -I '%' sh -c "curl -k -s \"%\" \| sed \"s/[;}\)>]/\n/g\" \| grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\|(\.(get\|post\|ajax\|load)\s\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" \| awk -F "['\"]" '{print $2}' \| sort -fu

	# using linkfinder
	function ejs() {
	URL=$1;
	curl -Lks $URL \| tac \| sed "s#\\\/#\/#g" \| egrep -o "src['\"]?\s[=:]\s['\"]?[^'\"]+.js[^'\"> ]*" \| sed -r "s/^src['\"]?[=:]['\"]//g" \| awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' \| sort -fu \| xargs -I '%' sh -c "echo \"\n##### %\";wget --no-check-certificate --quiet \"%\"; basename \"%\" \| xargs -I \"#\" sh -c 'linkfinder.py -o cli -i #'"
	}

	# with file download (the new best one):
	# but there is a bug if you don't provide a root url
	#using cewl
	wordgrab() {
	url=$1
	cewl.rb -u "Mozilla/5.0 (X11; Linux; rv:74.0) Gecko/20100101 Firefox/74.0" -d 0 -m 3 https://www.$1 \| tr '[:upper:]' '[:lower:]' \|sort -fu \| grep -v "robin wood"
	}

	# added min length 3
	wordgrab() {
	url=$1
	tmpfile="$(date "+%s")"
	function sslsub() {
	timeout 3 openssl s_client -showcerts -servername $1 -connect $1:443 <<< "Q" 2>/dev/null \| openssl x509 -text -noout \| grep DNS \| tr ',' '\n' \| cut -d ':' -f 2 \| sort -fu
	}
	# Ignore self-certs
	if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)
	{
	$certCallback = @"
	using System;
	using System.Net;
	using System.Net.Security;
	using System.Security.Cryptography.X509Certificates;
	public class ServerCertificateValidationCallback
	{
	import os
	import sys
	import time
	import winappdbg
	import traceback


	class MyEventHandler(winappdbg.EventHandler):

	last_alloc_memory = 0
	// Adapted from https://www.seanet.com/~bugbee/crypto/sosemanuk/
	public class Sosemanuk
	{
	public Sosemanuk(byte[] key, byte[] iv)
	{
	BuildAlphas();
	SetKey(key);
	SetIV(iv);
	}