This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| total=$(curl -s "https://api.hunter.io/v2/email-count?domain=$1" | jq -r '.data.total') | |
| echo "Total is $total" | |
| if [ "$total" != "0" ]; then | |
| for (( i=0; i<=$total; i+=100 )) | |
| do | |
| echo "offset $i" | |
| curl -s "https://api.hunter.io/v2/domain-search?domain=$1&api_key=KEYHERE&limit=100&offset=$i" | jq -r '.data.emails[].value' >> hunter_emails.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat /root/aquatone/$1/urls.txt | parallel -j 5 node /usr/lib/node_modules/npm/node_modules/wappalyzer/index.js {} | jq -r '[(.urls | keys[] as $k | "\($k)"),.applications[].name]' -c >> /root/aquatone/$1/wappalyzer.txt |
streaak
/ all.txt
Last active
November 6, 2018 20:31
— forked from jhaddix/all.txt
all wordlists for every dns enumeration tool... ever.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | |
| 00 | |
| 0-0 | |
| 000 | |
| 0000 | |
| 00000 | |
| 000000 | |
| 000005 | |
| 00001 | |
| 00002 |
streaak
/ jetleak.py
Created
April 2, 2018 18:33
Exploit for Jetleak as seen in https://hackerone.com/reports/143935
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import httplib, urllib, ssl, string, sys, getopt | |
| import datetime | |
| from urlparse import urlparse | |
| f = open('jetleak_' + datetime.datetime.now().strftime('%Y%m%d_%H_%M') + '.txt', 'w') | |
| ''' | |
| Author: Gotham Digital Science, modified by molejarka | |
| Purpose: This tool is intended to provide a quick-and-dirty way for organizations to test whether | |
| their Jetty web server versions are vulnerable to JetLeak. Currently, this script does |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| for var in $@ | |
| do | |
| aquatone-discover -d $var --threads 10 && aquatone-scan -d $var --ports huge --threads 10 && aquatone-takeover -d $var --threads 10 && aquatone-gather -d $var --threads 10 | |
| done | |
| # USAGE | |
| # sh aqua2.sh DOMAINNAMES... | |
| # Example - sh aqua2.sh corp.yahoo.com advertising.yahoo.com shopping.yahoo.com |