This is a simple guide to perform javascript recon in the bugbounty
- The first step is to collect possibly several javascript files (
more files=more paths,parameters->more vulns)
abdulsec abdulsec
abdulsec
/ JavascriptRecon.md
Created
January 21, 2021 04:51
My Javascript Recon Process - BugBounty
abdulsec
/ cloud_metadata.txt
Created
January 21, 2021 03:35
— forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## AWS | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
abdulsec
/ paying.md
Created
January 5, 2021 17:00
— forked from random-robbie/paying.md
paying bug bounty companys taken from https://github.com/disclose/disclose
Program Name: 0x Project
Policy URL: https://blog.0xproject.com/announcing-the-0x-protocol-bug-bounty-b0559d2738c
Submission URL: [email protected]
Program Name: 1Password Game
abdulsec
/ GoogleDorking.md
Created
December 2, 2020 02:47
— forked from sundowndev/GoogleDorking.md
Google dork cheatsheet
| Filter | Description | Example |
|---|---|---|
| allintext | Searches for occurrences of all the keywords given. | allintext:"keyword" |
| intext | Searches for the occurrences of keywords all at once or one at a time. | intext:"keyword" |
| inurl | Searches for a URL matching one of the keywords. | inurl:"keyword" |
| allinurl | Searches for a URL matching all the keywords in the query. | allinurl:"keyword" |
| intitle | Searches for occurrences of keywords in title all or one. | intitle:"keyword" |
abdulsec
/ simple_dir_bruteforce.py
Created
November 23, 2020 04:45
— forked from p5yph3r/simple_dir_bruteforce.py
This is a simple script that bruteforces the web directory with a dictionary or wordlist, it is very simple and fast and does it works properly. You are free to modify the code according to your need.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| usage :- | |
| python <url> <wordlist> <extension> | |
| for example : | |
| python http://www.google.com/ common.txt .php | |
| it supports all extensions & wordlists. | |
| if you just want subdirectories write "/" in place of extension it will find it for you. | |
| ''' | |
| import requests |
abdulsec
/ WAHH_Task_Checklist.md
Created
August 30, 2020 01:34
— forked from amotmot/WAHH_Task_Checklist.md
The Web Application Hacker's Handbook - Task Checklist - Github-Flavored Markdown
Web Application Hacker's Handbook Task checklist as a Github-Flavored Markdown file
abdulsec
/ WAHH_Task_Checklist.md
Created
June 20, 2020 03:33
— forked from jhaddix/Testing_Checklist.md
The Web Application Hacker's Handbook - Task Checklist - Github-Flavored Markdown
Web Application Hacker's Handbook Task checklist as a Github-Flavored Markdown file
abdulsec
/ gist:0bbfa85bba4a53bcd7efc06f42cda71c
Created
June 19, 2020 22:15
— forked from yassineaboukir/gist:726992bd1f0a4eb637d150b7b5c66079
List of reserved names to blacklist from registration/username claim for security reasons and RFC compliance
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| abuse | |
| admin | |
| administrator | |
| ftp | |
| hostmaster | |
| info | |
| is | |
| it | |
| list | |
| list-request |
abdulsec
/ subdomains wildcard detection example
Created
June 18, 2020 05:10
— forked from 003random/subdomains wildcard detection example
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if [[ "$(dig @1.1.1.1 A,CNAME {test321123,testingforwildcard,plsdontgimmearesult}.$domain +short | wc -l)" -gt "1" ]]; then | |
| echo "[!] Possible wildcard detected." | |
| fi |
abdulsec
/ .bash_profile
Created
May 28, 2020 04:52
— forked from dwisiswant0/.bash_profile
SQLi & XSS Vulnerability Scanner
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### | |
| # ▶ go get -u github.com/lc/gau | |
| # ▶ go get -u github.com/tomnomnom/qsreplace | |
| # ▶ go get -u github.com/tomnomnom/hacks/kxss | |
| # ▶ go get -u github.com/hahwul/dalfox | |
| # ▶ git clone https://github.com/dwisiswant0/DSSS | |
| ### | |
| gauq() { |