This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# if you edit this file, ensure you keep the line endings as CRLF or you'll have a bad time | |
def queueRequests(target, wordlists): | |
# to use Burp's HTTP stack for upstream proxy rules etc, use engine=Engine.BURP | |
engine = RequestEngine(endpoint=target.endpoint, | |
concurrentConnections=5, | |
requestsPerConnection=1, # if you increase this from 1, you may get false positives | |
resumeSSL=False, | |
timeout=10, | |
pipeline=False, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
wget https://gist.githubusercontent.com/nullenc0de/bb16be959686295b3b1caff519cc3e05/raw/2016dc0e692821ec045edd5ae5c0aba5ec9ec3f1/api-linkfinder.yaml | |
echo https://stripe.com/docs/api | hakrawler -t 500 -d 10 |nuclei -t ./linkfinder.yaml -o api.txt | |
cat api.txt |grep url_params |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_params.txt | |
cat api.txt |grep relative_links |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_link_finder.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Three arguments: ROOT_DIR, PATTERN, OPTIONS | |
# Search below $ROOT_DIR for PDF files matching $PATTERN | |
# $OPTIONS is passed to pdfgrep (ex: grep-pdf . 'some words' -h -C5) | |
# ROOT_DIR | |
if [ -z "$1" ]; then | |
echo "! Argument ROOT_DIR is needed!" |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
www,719407 | |
api,69552 | |
eks,67581 | |
svc,67131 | |
cloudapp,65945 | |
vpn,55659 | |
bastion,53840 | |
ax,40676 | |
dev,38756 | |
operations,35663 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"30523382": { | |
"className": "Proxy", | |
"data": { | |
"bypassFPForPAC": true, | |
"color": "#f57575", | |
"configUrl": "", | |
"credentials": "U2FsdGVkX1+tf3lvD5TBClW2UUSZAT4AWsCo/i0kU2M=", | |
"cycle": false, | |
"enabled": true, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#using cewl | |
wordgrab() { | |
url=$1 | |
cewl.rb -u "Mozilla/5.0 (X11; Linux; rv:74.0) Gecko/20100101 Firefox/74.0" -d 0 -m 3 https://www.$1 | tr '[:upper:]' '[:lower:]' |sort -fu | grep -v "robin wood" | |
} | |
# added min length 3 | |
wordgrab() { | |
url=$1 | |
tmpfile="$(date "+%s")" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
0 | |
00 | |
01 | |
02 | |
03 | |
1 | |
1.0 | |
10 | |
100 | |
1000 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# github.com/ndavison | |
import requests | |
import random | |
import string | |
from argparse import ArgumentParser | |
parser = ArgumentParser(description="Attempts to find hop-by-hop header abuse potential against the provided URL.") | |
parser.add_argument("-u", "--url", help="URL to target (without query string)") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
google dork -> site:.co.uk inurl:"responsible disclosure" | |
https://registry.internetnz.nz/about/vulnerability-disclosure-policy/ | |
http://www.123contactform.com/security-acknowledgements.htm | |
https://18f.gsa.gov/vulnerability-disclosure-policy/ | |
https://support.1password.com/security-assessments/ | |
https://www.23andme.com/security-report/ | |
https://www.abnamro.com/en/footer/responsible-disclosure.html | |
https://www.accenture.com/us-en/company-accenture-responsible-disclosure | |
https://www.accredible.com/white_hat/ | |
https://www.acquia.com/how-report-security-issue |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/.s3cfg | |
/phpunit.xml | |
/nginx.conf | |
/.vimrc | |
/LICENSE.md | |
/yarn.lock | |
/Gulpfile | |
/Gulpfile.js | |
/composer.json | |
/.npmignore |
NewerOlder