debian@pikpikcu~$ cat subdo.txt | hakrawler | grep 'http' | cut -d '' -f 2 > crawler.txt
debian@pikpikcu~$ gau -subs domain.com >> crawler.txt
debian@pikpikcu~$ waybackurls domain.com >> crawler.txt
debian@pikpikcu~$ cat crawling.txt | grep "?" | unfurl --unique format %s://%d%p > base.txt
debian@pikpikcu~$ cat base.txt | parallel -j50 -q grep {} -m5 crawling.txt | tee -a final.txt
debian@pikpikcu~$ cat final.txt | egrep -iv ".(jpg|jpeg|gif|css|tif|tiff|woff|woff2|ico|pdf|svg|txt|js)" > final_bos.txt
debian@pikpikcu~$ rm -rf base.txt final.txt
shelu shelu16
shelu16
/ Ssrf
Created
August 28, 2020 08:53
— forked from pikpikcu/Ssrf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -s "http://web.archive.org/cdx/search/cdx?url=*.domain/*&output=txt&fl=original&collapse=urlkey&page=/" | gf ssrf | qsreplace "https://localtest.me" | parallel -j50 -q curl -i -s -k -o >(grep -io "<title>[^<]*" | cut -d'>' -f2-) --silent --max-time 2 --write-out 'Status:%{http_code}\t Header-size:%{size_header}tUrl:%{url_effective} || ' |
shelu16
/ crawling.md
Created
August 28, 2020 08:52
— forked from pikpikcu/crawling.md
shelu16
/ params.txt
Created
August 28, 2020 08:52
— forked from pikpikcu/params.txt
List of parameters for content discovery
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | |
| 1 | |
| 11 | |
| 12 | |
| 13 | |
| 14 | |
| 15 | |
| 16 | |
| 17 | |
| 2 |
shelu16
/ google-dorks
Created
August 28, 2020 08:52
— forked from pikpikcu/google-dorks
Listing of a number of useful Google dorks.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| " _ _ " | |
| " _ /|| . . ||\ _ " | |
| " ( } \||D ' ' ' C||/ { % " | |
| " | /\__,=_[_] ' . . ' [_]_=,__/\ |" | |
| " |_\_ |----| |----| _/_|" | |
| " | |/ | | | | \| |" | |
| " | /_ | | | | _\ |" | |
| It is all fun and games until someone gets hacked! |
shelu16
/ bountyscan_setup.sh
Created
June 19, 2020 09:46
— forked from jhaddix/bountyscan_setup.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| export DEBIAN_FRONTEND=noninteractive; | |
| echo "[*] Starting Install... [*]" | |
| echo "[*] Upgrade installed packages to latest [*]" | |
| echo -e "\nRunning a package upgrade...\n" | |
| apt-get -qq update && apt-get -qq dist-upgrade -y | |
| apt full-upgrade -y | |
| apt-get autoclean | |
| echo "[*] Install stuff I use all the time [*]" |
shelu16
/ content_discovery_all.txt
Created
June 19, 2020 09:44
— forked from jhaddix/content_discovery_all.txt
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ` | |
| ~/ | |
| ~ | |
| ×™× | |
| ___ | |
| __ | |
| _ | |
| --- |