This is a simple guide to perform javascript recon in the bugbounty
- The first step is to collect possibly several javascript files (
more files=more paths,parameters->more vulns)
zerokeeper
/ fpm.py
Created
April 29, 2018 07:37
— forked from phith0n/fpm.py
Fastcgi PHP-FPM Client && Code Execution
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket | |
| import random | |
| import argparse | |
| import sys | |
| from io import BytesIO | |
| # Referrer: https://github.com/wuyunfeng/Python-FastCGI-Client | |
| PY2 = True if sys.version_info.major == 2 else False |
zerokeeper
/ fofa_rule.sql
Created
June 13, 2018 02:37
— forked from Tr3jer/fofa_rule.sql
fofa_rule.sql
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Navicat Premium Data Transfer | |
| Source Server : localhost | |
| Source Server Type : MySQL | |
| Source Server Version : 50542 | |
| Source Host : localhost | |
| Source Database : rule | |
| Target Server Type : MySQL |
zerokeeper
/ 360 not with get or post.list
Created
October 16, 2018 08:44
— forked from anonymous/360 not with get or post.list
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /robots.txt | |
| /index.php?a=1%3Cscript%3Ealert(abc)%3C/script%3E | |
| /nevercouldexistfilenosec | |
| /nevercouldexistfilewebsec | |
| /nevercouldexistfilenosec.aspx | |
| /nevercouldexistfilewebsec.aspx | |
| /nevercouldexistfilenosec.shtml | |
| /nevercouldexistfilewebsec.shtml | |
| /nevercouldexistfilenosec/ | |
| /nevercouldexistfilewebsec/ |
zerokeeper
/ xss1.txt
Created
December 6, 2018 08:45
— forked from mrsinguyen/xss1.txt
XSS paypload by.JohannesHoppe
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 88888 88888 | |
| 88 ad8888ba, ad8888ba, ad8888ba, 88 | |
| 88 8P' "Y8 8P' "Y8 8P' "Y8 88 | |
| 88 d8 d8 d8 88 | |
| 88 88,dd888bb, 88,dd888bb, 88,dd888bb, 88 | |
| 88 88P' `8b aaaaaaaa 88P' `8b aaaaaaaa 88P' `8b 88 | |
| 88 88 d8 """""""" 88 d8 """""""" 88 d8 88 | |
| 88 88a a8P 88a a8P 88a a8P 88 | |
| 88 "Y88888P" "Y88888P" "Y88888P" 88 |
zerokeeper
/ xss2.txt
Created
December 6, 2018 08:45
— forked from mrsinguyen/xss2.txt
XSS payload by RedBirdTeam
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| __ __ _____ _____ | |
| \ \ / // ____/ ____| | |
| \ V /| (___| (___ | |
| > < \___ \\___ \ [RedBirdTeam] | |
| / . \ ____) |___) | | |
| _____ __ / / \_\_____/_____/ _____ _____ | |
| | __ \ /\\ \ / / | / _ \ /\ | __ \ / ____| <script>alert(/Payloads XSS Filter Bypass List/)</script> | |
| | |__) / \\ \_/ /| | | | | | / \ | | | | (___ | |
| | ___/ /\ \\ / | | | | | |/ /\ \ | | | |\___ \ |
zerokeeper
/ # php@5.6 - 2019-09-30_00-58-45.txt
Created
September 29, 2019 17:00
php@5.6 (exolnet/deprecated/php@5.6) on macOS 10.13.4 - Homebrew build logs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Homebrew build logs for exolnet/deprecated/php@5.6 on macOS 10.13.4 | |
| Build date: 2019-09-30 00:58:45 |
zerokeeper
/ LICENCE SUBLIME TEXT
Created
April 15, 2021 08:20
— forked from ityouknow/LICENCE SUBLIME TEXT
Sublime Text 3 Serial key build is 3176
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Sublime Text 3 Serial key build is 3176 | |
| > * Added these lines into /etc/hosts | |
| 127.0.0.1 www.sublimetext.com | |
| 127.0.0.1 license.sublimehq.com | |
| > * Used the license key | |
| ----- BEGIN LICENSE ----- |
zerokeeper
/ JavascriptRecon.md
Created
March 13, 2022 09:43
My Javascript Recon Process - BugBounty
zerokeeper
/ server.py
Created
August 5, 2022 14:03
— forked from mdonkers/server.py
Simple Python 3 HTTP server for logging all GET and POST requests
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Very simple HTTP server in python for logging requests | |
| Usage:: | |
| ./server.py [<port>] | |
| """ | |
| from http.server import BaseHTTPRequestHandler, HTTPServer | |
| import logging | |
| class S(BaseHTTPRequestHandler): |