Sean Adams zer0trip
momenbasel
/ headersPentest
Last active
July 1, 2023 14:28
HTTP headers is the language that all web servers speaks, it can be golden gem for security researcher.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| X-Forwarded-Host | |
| X-Forwarded-Port | |
| X-Forwarded-Scheme | |
| Origin: null | |
| Origin: [siteDomain].attacker.com | |
| X-Frame-Options: Allow | |
| X-Forwarded-For: 127.0.0.1 | |
| X-Client-IP: 127.0.0.1 | |
| Client-IP: 127.0.0.1 | |
| ---For injecting BXSS(blind XSS) || SQLI payloads--- |
xdavidhu
/ converter.sh
Last active
September 1, 2024 10:56
Converter.sh, a bash script to convert domain lists to resolved IP lists without duplicates
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Converter.sh by @xdavidhu | |
| # This is a script inspired by the Bug Hunter's Methodology 3 by @Jhaddix | |
| # With this script, you can convert domain lists to resolved IP lists without duplicates. | |
| # Usage: ./converter.sh [domain-list-file] [output-file] | |
| echo -e "[+] Converter.sh by @xdavidhu\n" | |
| if [ -z "$1" ] || [ -z "$2" ]; then | |
| echo "[!] Usage: ./converter.sh [domain-list-file] [output-file]" | |
| exit 1 |
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| . | |
| .. | |
| ........ | |
| @ | |
| * | |
| *.* | |
| *.*.* | |
| 🎠|