Web Application Hacker's Handbook Task checklist as a Github-Flavored Markdown file
Aseem Shrey LuD1161
π
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var token = null; | |
| Promise.all([ | |
| fetch('/api/movies').then(r=>r.json()), | |
| fetch(`//3fad5c9a76928974bc36ef08fb1dfa2c98e98740.hm.vulnerable.services/cdn/main.mst`).then(r=>r.text()), | |
| new Promise((resolve) => { | |
| if (window.loaded_recapcha === true) | |
| return resolve(); | |
| window.loaded_recapcha = resolve; | |
| }), |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from time import sleep | |
| import requests | |
| import webbrowser | |
| X_Forwarded_Host = 'my_server' | |
| while True: | |
| resp = requests.get("http://3fad5c9a76928974bc36ef08fb1dfa2c98e98740.hm.vulnerable.services/cdn/app.js", headers={'X-Forwarded-Host': X_Forwarded_Host}) | |
| print resp.headers | |
| sleep(0.5) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #========================================================= | |
| #Terminal Color Codes | |
| #========================================================= | |
| WHITE='\[\033[1;37m\]' | |
| LIGHTGRAY='\[\033[0;37m\]' | |
| GRAY='\[\033[1;30m\]' | |
| BLACK='\[\033[0;30m\]' | |
| RED='\[\033[0;31m\]' |
LuD1161
/ findFile.py
Created
August 24, 2018 16:35
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| A horrible script, however gets things done ;) | |
| USE CASE : If file encrypted with simple xor | |
| Enter expected key, can be file format's hex | |
| It will automatically find the key based on that header | |
| And write out a new file out of it | |
| """ |
LuD1161
/ cors_and_clickjacking_checker.html
Created
July 24, 2018 12:24
cors_and_clickjacking_checker
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <meta charset="utf-8"/> | |
| <title>CORS and Clickjacking checker</title> | |
| <style> | |
| body { | |
| font-family: Arial; | |
| color: white; | |
| } |
LuD1161
/ WAHH_Task_Checklist.md
Created
July 19, 2018 16:12
— forked from jhaddix/Testing_Checklist.md
The Web Application Hacker's Handbook - Task Checklist - Github-Flavored Markdown
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| import sys | |
| import csv | |
| from itertools import groupby | |
| # | |
| # Layout of initial file that is sent | |
| # 104.16.199.134,8080 | |
| # 104.16.199.134,8443 | |
| # 104.16.199.134,8880 | |
| # 162.159.0.102,53 |
LuD1161
/ setup_bbty.sh
Last active
September 11, 2025 09:35
Setup Bug Bounty Tools on AWS instance / any VPS for that matter
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Execute as wget -O - https://gist.github.com/LuD1161/66f30da6d8b6c1c05b9f6708525ea885/raw | bash | |
| # # Thanks JeffreyShran for the gist url thing | |
| # | |
| # | |
| # It's debian based, so for centos and likewise you have to change apt to yum and similarly | |
| # | |
| InstallationStartTime=$(date +%s) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| domain=$1 | |
| resultDir=$2 | |
| resultfile=$resultDir/$domain.amass.txt | |
| touch $resultfile | |
| echo "" >> $resultDir/log.txt | |
| echo "AMASS Logs Now" >> $resultDir/log.txt | |
| echo "" >> $resultDir/log.txt |
LuD1161
/ master_script.sh
Last active
December 18, 2023 06:24
Master Script to automate all the recon
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ -z "$2" ] | |
| then | |
| echo "2nd Argument not supplied" | |
| echo "2nd argument can be basic or advanced,it used for nmap" | |
| echo "Usage : ./master_script.sh domain basic|advanced" | |
| echo "Also do set your expo token export expToken=xxxx to receive push notification when this gets completed" | |
| echo "Get your expo token here : https://play.google.com/store/apps/details?id=com.hackingsimplified.notifyme" | |
| exit 1 |