Skip to content

Instantly share code, notes, and snippets.

View xyzkab's full-sized avatar

xyzkab

6 followers · 1 following
View GitHub Profile
@xyzkab
xyzkab / npdiff.sh
Created September 5, 2020 10:05
Compare nmap two different scan file
#!/bin/bash
#
# (N)map(P)ort diff -- yeah there is `ndiff` command already but it fail to compare between `-sC` and `-p-` output format
# intended just for comparing between initial scan: `-sC -sV target-ipaddr` with allport scan `-p- target-ipaddr`
# use option `-n` to remove newline
# then run `-sC -sV -p{copy-and-paste-new-ports}`
#
# requirements: `pip install yq`
#
@xyzkab
xyzkab / nvi.sh
Created September 5, 2020 10:03
Extract nmap services info
#!/bin/bash
#
# (N)mapSer(V)ices(I)nfo -- yeah it's lame, can't think of anything, dont want to confused with (N)(S)cripting(E)ngine
# our eyes are playing tricks sometimes when the `.nmap` output is huge from `-sC -sV target-ip`
# just need to extract `name, product+version, port` into markdown style on each open ports
# then writing the rest of `-sC` output to more simplified note and continue thought process. for example;
# - **ftp** service open
# - port: 21
# - version: vsftpd 3.0.3
# - anonymous login allowed
@xyzkab
xyzkab / whatmeth.sh
Created August 10, 2020 04:18
Just a quick check for what methods allowed in http directory when hunting for webdav
#!/bin/bash
function help() {
echo "Usage: $0 [target-url|target-url-file]"
echo "Example: $0 http://example.com/test/"
echo " $0 enumeration/gobuster/port_80_initial.txt"
}
[ ! -f /usr/share/seclists/Discovery/Web-Content/web-extensions.txt ] && echo "Error: We need https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/web-extensions.txt" && exit 0
[ -z "$1" ] || [ ! -f "$1" ] && help && exit 0
@xyzkab
xyzkab / ssh_keygen_bruteforce.sh
Created August 9, 2020 07:39
SSH Keygen Bruteforce
while read line; do
ssh-keygen -p -P "$line" -N "$line" -f .ssh/id_rsa &>/dev/null
if [ "$?" == "0" ]; then
echo -e "\n-> Decrypted: $line" && break
else
echo -ne "\r-> $line "
fi
done < /usr/share/wordlists/rockyou.txt
@xyzkab
xyzkab / fix_damaged_pdf_file.md
Created July 23, 2020 12:50
Fix damaged PDF file 
gs \
  -o repaired.pdf \
  -sDEVICE=pdfwrite \
  -dPDFSETTINGS=/prepress \
   corrupted.pdf
@xyzkab
xyzkab / wfuzz.md
Created June 28, 2020 16:54
wfuzz 
wfuzz -u "http://192.168.59.102/index.php?FUZZ" -w payloads.txt -b "PHPSESSID=cookie" -p 127.0.0.1:8080:HTTP --hh 12345,4321 --oF wfuzz

wfuzz -z wfuzzp,wfuzz -p 127.0.0.1:8080:HTTP --script errors --no-cache --prev FUZZ
@xyzkab
xyzkab / gnmap.md
Created June 28, 2020 03:55
gnmap 
grep -oP '(?<=Ports: ).*(?=Ignored)' | sed 's/\,\s/\n/g' | awk '/open/{print $1}'
@xyzkab
xyzkab / gb_masscan.nasl
Created February 3, 2020 08:48
Patched masscan plugin
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_masscan.nasl 10411 2018-07-05 10:15:10Z cfischer $
#
# masscan (NASL wrapper)
#
# Authors:
# Christian Kuersteiner <christian.kuersteiner@greenbone.net>
#
# Copyright:
@xyzkab
xyzkab / ssl_domain_scrape
Created January 10, 2020 15:48
Extract domains from ip address using nmap ssl-cert script
#!/bin/bash
target_ip=$1
[[ -z "$target_ip" ]] && echo "We need target ip" && exit 1
results=$(nmap -p 443 --script ssl-cert $target_ip | grep -oP '(?<=Subject: |Name: ).*')
domains=$(for name in `echo $results`; do
name=$(echo $name | sed -E 's/:|=/ /g' | awk '{print $NF}') # replace (:) or (=) to space and get last element($NF)
name=$(echo $name | sed -E 's/\*\.|\,//g') # remove .*(wildcard) and last comma(,)
@xyzkab
xyzkab / youtube-api-v3.md
Created September 25, 2019 21:08
YouTube API V3

GET video title by video ID

curl "https://www.googleapis.com/youtube/v3/videos?part=snippet&amp;id=VIDEO_ID&amp;fields=items%2Fsnippet%2Ftitle&amp;key=API_KEY