Skip to content

Instantly share code, notes, and snippets.

View Diaa-Hassan's full-sized avatar
🧙

Diaa Hassan Diaa-Hassan

🧙
58 followers · 267 following
View GitHub Profile
@haccer
haccer / scanio.sh
Last active July 3, 2025 21:27
PoC script to mass-locate vulnerable subdomains using results from Rapid7's Project Sonar
#!/bin/bash
# Usage : ./scanio.sh <save file>
# Example: ./scanio.sh cname_list.txt
# Premium
function ech() {
spinner=( "|" "/" "-" "\\" )
while true; do
for i in ${spinner[@]}; do
echo -ne "\r[$i] $1"
@fransr
fransr / bucket-disclose.sh
Last active October 20, 2025 12:32
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
#!/bin/bash
# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"
@LuD1161
LuD1161 / master_script.sh
Last active December 18, 2023 06:24
Master Script to automate all the recon
#!/bin/bash
if [ -z "$2" ]
then
echo "2nd Argument not supplied"
echo "2nd argument can be basic or advanced,it used for nmap"
echo "Usage : ./master_script.sh domain basic|advanced"
echo "Also do set your expo token export expToken=xxxx to receive push notification when this gets completed"
echo "Get your expo token here : https://play.google.com/store/apps/details?id=com.hackingsimplified.notifyme"
exit 1
@LuD1161
LuD1161 / setup_bbty.sh
Last active September 11, 2025 09:35
Setup Bug Bounty Tools on AWS instance / any VPS for that matter
#!/bin/bash
#
# Execute as wget -O - https://gist.github.com/LuD1161/66f30da6d8b6c1c05b9f6708525ea885/raw | bash
# # Thanks JeffreyShran for the gist url thing
#
#
# It's debian based, so for centos and likewise you have to change apt to yum and similarly
#
InstallationStartTime=$(date +%s)
@nullbind
nullbind / Get-PublicAwsS3BucketList.ps1
Created October 17, 2018 15:16
Get-PublicAwsS3BucketList.ps1
# ---------------------------------
# Get-PublicAwsS3BucketList
# ---------------------------------
# Author: Scott Sutherland (@_nullbind), NetSPI 2018
# Version: 0.5
# Description: This Function can be used to obtain a list of keys (files) stored in AWS s3 buckets.
# it also supports feed guessing s3 buckets based on a list of domains which is can perform permutations on.
# S3 buckets that have been make publically readable.
# Ref: https://docs.aws.amazon.com/AmazonS3/latest/API/v2-RESTBucketGET.html
# Ref: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-buckets
@chrisdlangton
chrisdlangton / waybacksploit.sh
Last active June 16, 2025 21:34
The real dark web - find and exploit forgotten files on servers
#!/usr/bin/env bash
if [ -z $(which retire) ]; then
echo "retire not found. try npm install -g retire"
exit 1
fi
if [ -z $(which parallel) ]; then
echo "parallel not found. try 'apt install -y parallel'"
exit 1
fi
@hateshape
hateshape / wpeprivate-config.sh
Last active October 9, 2025 12:41
#!/bin/bash
# If you find a site with /_wpeprivate/config.json file exposed, run this and get all kinds of fun goodies.
# If it "no worked" (Technical Term) then you probably need to install jq!
TARGET=$1
TARGETDOMAIN=$(echo $TARGET | cut -d/ -f3)
# Pretty Colors
RESET='\033[00m'
GREEN='\033[01;32m'
@duraki
duraki / recon
Created March 25, 2019 20:28
Go the road less travelled, find programs that are not on hackerone or bugcrowd:
https://www.bugcrowd.com/bug-bounty-list/
google: "Responsible Disclosure" or "Vulnerability Disclosure" or "responsible disclosure website list"
google: responsible disclosure "bounty"
Responsible Disclosure seems to give best results.
intext:”Responsible Disclosure Policy”
"responsible disclosure" "private program"
"responsible disclosure" "private" "program"
Google Dork:
@random-robbie
random-robbie / start.sh
Last active July 8, 2022 21:22
cat urls.txt | while read url; do gobuster -u https://"$url" -q -e -k -w content_discovery_all.txt; done > sub_url.txt; cat sub_url.txt| cut -d ' ' -f 1 > /opt/parameth/params.txt;cd /opt/parameth;cat params.txt | while read url; do python /opt/parameth/parameth.py -u http://"$url"; done
@noobh4x
noobh4x / cloudsub.alias
Created April 2, 2019 21:06
Alias to detect possible subdomains subject to takeover.
# This list of subdomains is from haccer/scanio.sh
# Source: https://gist.github.com/haccer/3698ff6927fc00c8fe533fc977f850f8
export SUBOVER_SEARCH='.cloudfront.net|.s3-website|.s3.amazonaws.com|w.amazonaws.com|1.amazonaws.com|2.amazonaws.com|s3-external|s3-accelerate.amazonaws.com|.herokuapp.com|.herokudns.com|.wordpress.com|.pantheonsite.io|domains.tumblr.com|.zendesk.com|.github.io|.global.fastly.net|.helpjuice.com|.helpscoutdocs.com|.ghost.io|cargocollective.com|redirect.feedpress.me|.myshopify.com|.statuspage.io|.uservoice.com|.surge.sh|.bitbucket.io|custom.intercom.help|proxy.webflow.com|landing.subscribepage.com|endpoint.mykajabi.com|.teamwork.com|.thinkific.com|clientaccess.tave.com|wishpond.com|.aftership.com|ideas.aha.io|domains.tictail.com|cname.mendix.net|.bcvp0rtal.com|.brightcovegallery.com|.gallery.video|.bigcartel.com|.activehosted.com|.createsend.com|.acquia-test.co|.proposify.biz|simplebooklet.com|.gr8.com|.vendecommerce.com|.azurewebsites.net|.cloudapp.net|.trafficmanager.net|.blob.core.wind