Skip to content

Instantly share code, notes, and snippets.

View RogueSMG's full-sized avatar

Satyam Gothi RogueSMG

View GitHub Profile
(?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k
@R0X4R
R0X4R / tweets.txt
Created February 12, 2022 15:30
tweets collection
subfinder -d target.com -all -silent -t 10 | naabu -p "21,22,80,81,280,300,443,583,591,593,832,981,1010,1099,1311,2082,2087,2095,2096,2480,3000,3128,3333,4243,4444,4445,4567,4711,4712,4993,5000,5104,5108,5280,5281,5601,5800,6543,7000,7001,7002,7396,7474,8000,8001,8008,8009,8014,8042,8060,8069,8080,8081,8083,8088,8090,8091,8095,8118,8123,8172,8181,8222,8243,8280,8281,8333,8337,8443,8500,8530,8531,8834,8880,8887,8888,8983,9000,9001,9043,9060,9080,9090,9091,9092,9200,9443,9502,9800,9981,10000,10250,10443,11371,12043,12046,12443,15672,16080,17778,18091,18092,20720,28017,32000,55440,55672" -silent -nc | httprobe -prefer-https | xargs -P 10 -I @ bash -c "echo @ | gau" 2> /dev/null | grep -E "password|password\-reset|reset\-token|token\=" | anew -q urls.txt
xargs -a urls.txt -P 5 -I @ bash -c "curl -ks -L \"@\" -H \"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36\" | grep -iE \"enter password|new password|new\-password|confirm password|co
@rosehgal
rosehgal / BurpTurboIntruderBasicFileWriteMultiParam.py
Created May 10, 2021 03:49
Burp Suite Turbo Intruder Example
################### This section will mostly remain as it is ###################
def queueRequests(target, wordlists):
engine = RequestEngine(endpoint=target.endpoint,
concurrentConnections=5,
requestsPerConnection=100,
pipeline=False
)
################### ---------------------------------------- ###################
'''
Based on the initial work of Digininja at https://github.com/digininja/CeWL. While CeWL is a script written
in Ruby that requires an independent crawl of a website in order to build a custom wordlist, Whey CeWLer
runs within Portswigger's Burp Suite and parses an already crawled sitemap to build a custom wordlist. It
does not have the meta data parsing capabilities that CeWL does, but it more than makes up for it in
convenience.
The name gets its origins from the CeWLer portion of the CO2 Burp extension by Jason Gillam, which is written
in Java and does something similar, but Whey CeWLer is a completely reimagined extension written in Python,
making it "way cooler".
@kafkaesqu3
kafkaesqu3 / exploitable_webpaths.md
Last active May 7, 2024 09:38
easy wins - exploitable/leaky web paths
Exploit/description Path
Microsoft Office Online Server SSRF (relay) /op/view.aspx
CVE-2017-11317 CVE-2019-18935 /Telerik.Web.Ui.WebResource.axd?type=rau
CVE-2017-11317 CVE-2019-18935 /Telerik.Web.UI.DialogHandler.aspx
CVE-2020-17519 /jobmanager/logs/
CVE-2017-7615 /verify.php?id=1&confirm_hash=
CVE-2018-1000130 /jolokia
CVE-2018-1000130 /actuator/jolokia
leak /actuator/env
This file has been truncated, but you can view the full file.
*
0
0-search
0-www
00
000
00000
000000
000999888
@defparam
defparam / cluster.py
Last active December 15, 2023 10:19
Gist of the Day: Turbo Intruder Cluster Bomb with SmartFiltering
# Gist of the Day: Turbo Intruder Cluster Bomb with SmartFiltering
# Author: Evan Custodio (@defparam)
#
# MIT License
# Copyright 2021 Evan Custodio
#
# Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
#
import xml.etree.ElementTree as ET
import urllib
import base64
import math
import sys
import re
# usage: Open Burp, navigate to proxy history, ctrl-a to select all records, right click and "Save Items" as an .xml file.
# python burplist.py burprequests.xml
# output is saved to wordlist.txt
@fuckup1337
fuckup1337 / JavascriptRecon.md
Created January 18, 2021 20:02
My Javascript Recon Process - BugBounty

Description

This is a simple guide to perform javascript recon in the bugbounty

Steps

  • The first step is to collect possibly several javascript files (more files = more paths,parameters -> more vulns)
#!/usr/bin/env bash
#httpx
tabhttpx0=$(httpx -h 2>&1 | grep " -" | awk -F " " '{print $1}' | sed -z 's/\n/ /g')
tabhttpx='echo -e "$tabhttpx0"'
complete -W "\$($tabhttpx)" httpx
#subfinder
tabsub0=$(subfinder -h 2>&1 | grep " -" | awk -F " " '{print $1}' | sed -z 's/\n/ /g')
tabsub='echo -e "$tabsub0"'
complete -W "\$($tabsub)" subfinder
#naabu