VIPIN BIHARI vipinbihari

## turbointruder-404.py
# if you edit this file, ensure you keep the line endings as CRLF or you'll have a bad time
def queueRequests(target, wordlists):

    # to use Burp's HTTP stack for upstream proxy rules etc, use engine=Engine.BURP
    engine = RequestEngine(endpoint=target.endpoint,
                           concurrentConnections=5,
                           requestsPerConnection=1, # if you increase this from 1, you may get false positives
                           resumeSSL=False,
                           timeout=10,
                           pipeline=False,

## api-linkfinder.sh
wget https://gist.githubusercontent.com/nullenc0de/bb16be959686295b3b1caff519cc3e05/raw/2016dc0e692821ec045edd5ae5c0aba5ec9ec3f1/api-linkfinder.yaml
echo https://stripe.com/docs/api | hakrawler -t 500 -d 10 |nuclei -t ./linkfinder.yaml -o api.txt
cat api.txt |grep url_params |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_params.txt
cat api.txt |grep relative_links |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_link_finder.txt

## pdf-grep
#!/bin/bash

# Three arguments: ROOT_DIR, PATTERN, OPTIONS
# Search below $ROOT_DIR for PDF files matching $PATTERN
# $OPTIONS is passed to pdfgrep (ex: grep-pdf . 'some words' -h -C5)

# ROOT_DIR

if [ -z "$1" ]; then
    echo "! Argument ROOT_DIR is needed!"

## 1stleveldomainsbycount
www,719407
api,69552
eks,67581
svc,67131
cloudapp,65945
vpn,55659
bastion,53840
ax,40676
dev,38756
operations,35663

## bb-foxyproxy-pattern.json
{
	"30523382": {
		"className": "Proxy",
		"data": {
			"bypassFPForPAC": true,
			"color": "#f57575",
			"configUrl": "",
			"credentials": "U2FsdGVkX1+tf3lvD5TBClW2UUSZAT4AWsCo/i0kU2M=",
			"cycle": false,
			"enabled": true,

## wordgrab.sh
#using cewl
wordgrab() {
  url=$1
  cewl.rb -u "Mozilla/5.0 (X11; Linux; rv:74.0) Gecko/20100101 Firefox/74.0" -d 0 -m 3 https://www.$1 | tr '[:upper:]' '[:lower:]' |sort -fu | grep -v "robin wood"
}

# added min length 3
wordgrab() {
  url=$1
  tmpfile="$(date "+%s")"

## List of API endpoints & objects
0
00
01
02
03
1
1.0
10
100
1000

## hbh-header-abuse-test.py
# github.com/ndavison

import requests
import random
import string
from argparse import ArgumentParser


parser = ArgumentParser(description="Attempts to find hop-by-hop header abuse potential against the provided URL.")
parser.add_argument("-u", "--url", help="URL to target (without query string)")

## bbprograms.txt
google dork -> site:.co.uk inurl:"responsible disclosure"
https://registry.internetnz.nz/about/vulnerability-disclosure-policy/
http://www.123contactform.com/security-acknowledgements.htm
https://18f.gsa.gov/vulnerability-disclosure-policy/
https://support.1password.com/security-assessments/
https://www.23andme.com/security-report/
https://www.abnamro.com/en/footer/responsible-disclosure.html
https://www.accenture.com/us-en/company-accenture-responsible-disclosure
https://www.accredible.com/white_hat/
https://www.acquia.com/how-report-security-issue

## short-wordlist.txt
/.s3cfg
/phpunit.xml
/nginx.conf
/.vimrc
/LICENSE.md
/yarn.lock
/Gulpfile
/Gulpfile.js
/composer.json
/.npmignore
	# if you edit this file, ensure you keep the line endings as CRLF or you'll have a bad time
	def queueRequests(target, wordlists):

	# to use Burp's HTTP stack for upstream proxy rules etc, use engine=Engine.BURP
	engine = RequestEngine(endpoint=target.endpoint,
	concurrentConnections=5,
	requestsPerConnection=1, # if you increase this from 1, you may get false positives
	resumeSSL=False,
	timeout=10,
	pipeline=False,
	wget https://gist.githubusercontent.com/nullenc0de/bb16be959686295b3b1caff519cc3e05/raw/2016dc0e692821ec045edd5ae5c0aba5ec9ec3f1/api-linkfinder.yaml
	echo https://stripe.com/docs/api \| hakrawler -t 500 -d 10 \|nuclei -t ./linkfinder.yaml -o api.txt
	cat api.txt \|grep url_params \|cut -d ' ' -f 7 \|tr , '\n' \| tr ] '\n' \| tr [ '\n' \|tr -d '"' \|tr -d "'" \|sort -u > api_params.txt
	cat api.txt \|grep relative_links \|cut -d ' ' -f 7 \|tr , '\n' \| tr ] '\n' \| tr [ '\n' \|tr -d '"' \|tr -d "'" \|sort -u > api_link_finder.txt
	#!/bin/bash

	# Three arguments: ROOT_DIR, PATTERN, OPTIONS
	# Search below $ROOT_DIR for PDF files matching $PATTERN
	# $OPTIONS is passed to pdfgrep (ex: grep-pdf . 'some words' -h -C5)

	# ROOT_DIR

	if [ -z "$1" ]; then
	echo "! Argument ROOT_DIR is needed!"
	www,719407
	api,69552
	eks,67581
	svc,67131
	cloudapp,65945
	vpn,55659
	bastion,53840
	ax,40676
	dev,38756
	operations,35663
	{
	"30523382": {
	"className": "Proxy",
	"data": {
	"bypassFPForPAC": true,
	"color": "#f57575",
	"configUrl": "",
	"credentials": "U2FsdGVkX1+tf3lvD5TBClW2UUSZAT4AWsCo/i0kU2M=",
	"cycle": false,
	"enabled": true,
	#using cewl
	wordgrab() {
	url=$1
	cewl.rb -u "Mozilla/5.0 (X11; Linux; rv:74.0) Gecko/20100101 Firefox/74.0" -d 0 -m 3 https://www.$1 \| tr '[:upper:]' '[:lower:]' \|sort -fu \| grep -v "robin wood"
	}

	# added min length 3
	wordgrab() {
	url=$1
	tmpfile="$(date "+%s")"
	google dork -> site:.co.uk inurl:"responsible disclosure"
	https://registry.internetnz.nz/about/vulnerability-disclosure-policy/
	http://www.123contactform.com/security-acknowledgements.htm
	https://18f.gsa.gov/vulnerability-disclosure-policy/
	https://support.1password.com/security-assessments/
	https://www.23andme.com/security-report/
	https://www.abnamro.com/en/footer/responsible-disclosure.html
	https://www.accenture.com/us-en/company-accenture-responsible-disclosure
	https://www.accredible.com/white_hat/
	https://www.acquia.com/how-report-security-issue
	/.s3cfg
	/phpunit.xml
	/nginx.conf
	/.vimrc
	/LICENSE.md
	/yarn.lock
	/Gulpfile
	/Gulpfile.js
	/composer.json
	/.npmignore