| Exploit/description | Path |
|---|---|
| Microsoft Office Online Server SSRF (relay) | /op/view.aspx |
| CVE-2017-11317 CVE-2019-18935 | /Telerik.Web.Ui.WebResource.axd?type=rau |
| CVE-2017-11317 CVE-2019-18935 | /Telerik.Web.UI.DialogHandler.aspx |
| CVE-2020-17519 | /jobmanager/logs/ |
| CVE-2017-7615 | /verify.php?id=1&confirm_hash= |
| CVE-2018-1000130 | /jolokia |
| CVE-2018-1000130 | /actuator/jolokia |
| leak | /actuator/env |
Satyam Gothi RogueSMG
h4x0r-dz
/ Generic keys
Created
May 5, 2022 09:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| subfinder -d target.com -all -silent -t 10 | naabu -p "21,22,80,81,280,300,443,583,591,593,832,981,1010,1099,1311,2082,2087,2095,2096,2480,3000,3128,3333,4243,4444,4445,4567,4711,4712,4993,5000,5104,5108,5280,5281,5601,5800,6543,7000,7001,7002,7396,7474,8000,8001,8008,8009,8014,8042,8060,8069,8080,8081,8083,8088,8090,8091,8095,8118,8123,8172,8181,8222,8243,8280,8281,8333,8337,8443,8500,8530,8531,8834,8880,8887,8888,8983,9000,9001,9043,9060,9080,9090,9091,9092,9200,9443,9502,9800,9981,10000,10250,10443,11371,12043,12046,12443,15672,16080,17778,18091,18092,20720,28017,32000,55440,55672" -silent -nc | httprobe -prefer-https | xargs -P 10 -I @ bash -c "echo @ | gau" 2> /dev/null | grep -E "password|password\-reset|reset\-token|token\=" | anew -q urls.txt | |
| xargs -a urls.txt -P 5 -I @ bash -c "curl -ks -L \"@\" -H \"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36\" | grep -iE \"enter password|new password|new\-password|confirm password|co |
rosehgal
/ BurpTurboIntruderBasicFileWriteMultiParam.py
Created
May 10, 2021 03:49
Burp Suite Turbo Intruder Example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################### This section will mostly remain as it is ################### | |
| def queueRequests(target, wordlists): | |
| engine = RequestEngine(endpoint=target.endpoint, | |
| concurrentConnections=5, | |
| requestsPerConnection=100, | |
| pipeline=False | |
| ) | |
| ################### ---------------------------------------- ################### |
lanmaster53
/ whey-cewler.py
Last active
January 9, 2024 18:49
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| Based on the initial work of Digininja at https://github.com/digininja/CeWL. While CeWL is a script written | |
| in Ruby that requires an independent crawl of a website in order to build a custom wordlist, Whey CeWLer | |
| runs within Portswigger's Burp Suite and parses an already crawled sitemap to build a custom wordlist. It | |
| does not have the meta data parsing capabilities that CeWL does, but it more than makes up for it in | |
| convenience. | |
| The name gets its origins from the CeWLer portion of the CO2 Burp extension by Jason Gillam, which is written | |
| in Java and does something similar, but Whey CeWLer is a completely reimagined extension written in Python, | |
| making it "way cooler". |
kafkaesqu3
/ exploitable_webpaths.md
Last active
May 7, 2024 09:38
easy wins - exploitable/leaky web paths
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| * | |
| 0 | |
| 0-search | |
| 0-www | |
| 00 | |
| 000 | |
| 00000 | |
| 000000 | |
| 000999888 |
defparam
/ cluster.py
Last active
December 15, 2023 10:19
Gist of the Day: Turbo Intruder Cluster Bomb with SmartFiltering
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Gist of the Day: Turbo Intruder Cluster Bomb with SmartFiltering | |
| # Author: Evan Custodio (@defparam) | |
| # | |
| # MIT License | |
| # Copyright 2021 Evan Custodio | |
| # | |
| # Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: | |
| # | |
| # The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. | |
| # |
bendtheory
/ burplist.py
Created
January 21, 2021 05:24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import xml.etree.ElementTree as ET | |
| import urllib | |
| import base64 | |
| import math | |
| import sys | |
| import re | |
| # usage: Open Burp, navigate to proxy history, ctrl-a to select all records, right click and "Save Items" as an .xml file. | |
| # python burplist.py burprequests.xml | |
| # output is saved to wordlist.txt |
fuckup1337
/ JavascriptRecon.md
Created
January 18, 2021 20:02
My Javascript Recon Process - BugBounty
parthmalhotra
/ tabcompl.sh
Created
August 20, 2020 09:44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| #httpx | |
| tabhttpx0=$(httpx -h 2>&1 | grep " -" | awk -F " " '{print $1}' | sed -z 's/\n/ /g') | |
| tabhttpx='echo -e "$tabhttpx0"' | |
| complete -W "\$($tabhttpx)" httpx | |
| #subfinder | |
| tabsub0=$(subfinder -h 2>&1 | grep " -" | awk -F " " '{print $1}' | sed -z 's/\n/ /g') | |
| tabsub='echo -e "$tabsub0"' | |
| complete -W "\$($tabsub)" subfinder | |
| #naabu |
NewerOlder