This is a simple guide to perform javascript recon in the bugbounty
- The first step is to collect possibly several javascript files (more files=more paths,parameters->more vulns)
| ## AWS | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key | 
Program Name: 0x Project
Policy URL: https://blog.0xproject.com/announcing-the-0x-protocol-bug-bounty-b0559d2738c
Submission URL: [email protected]
Program Name: 1Password Game
| Filter | Description | Example | 
|---|---|---|
| allintext | Searches for occurrences of all the keywords given. | allintext:"keyword" | 
| intext | Searches for the occurrences of keywords all at once or one at a time. | intext:"keyword" | 
| inurl | Searches for a URL matching one of the keywords. | inurl:"keyword" | 
| allinurl | Searches for a URL matching all the keywords in the query. | allinurl:"keyword" | 
| intitle | Searches for occurrences of keywords in title all or one. | intitle:"keyword" | 
| ''' | |
| usage :- | |
| python <url> <wordlist> <extension> | |
| for example : | |
| python http://www.google.com/ common.txt .php | |
| it supports all extensions & wordlists. | |
| if you just want subdirectories write "/" in place of extension it will find it for you. | |
| ''' | |
| import requests | 
Web Application Hacker's Handbook Task checklist as a Github-Flavored Markdown file
Web Application Hacker's Handbook Task checklist as a Github-Flavored Markdown file
| abuse | |
| admin | |
| administrator | |
| ftp | |
| hostmaster | |
| info | |
| is | |
| it | |
| list | |
| list-request | 
| if [[ "$(dig @1.1.1.1 A,CNAME {test321123,testingforwildcard,plsdontgimmearesult}.$domain +short | wc -l)" -gt "1" ]]; then | |
| echo "[!] Possible wildcard detected." | |
| fi | 
| ### | |
| # ▶ go get -u github.com/lc/gau | |
| # ▶ go get -u github.com/tomnomnom/qsreplace | |
| # ▶ go get -u github.com/tomnomnom/hacks/kxss | |
| # ▶ go get -u github.com/hahwul/dalfox | |
| # ▶ git clone https://github.com/dwisiswant0/DSSS | |
| ### | |
| gauq() { |