Skip to content

Instantly share code, notes, and snippets.

View amalmurali47's full-sized avatar

Amal Murali amalmurali47

201 followers · 172 following
View GitHub Profile
@LuD1161
LuD1161 / master_script.sh
Last active December 18, 2023 06:24
Master Script to automate all the recon
#!/bin/bash
if [ -z "$2" ]
then
echo "2nd Argument not supplied"
echo "2nd argument can be basic or advanced,it used for nmap"
echo "Usage : ./master_script.sh domain basic|advanced"
echo "Also do set your expo token export expToken=xxxx to receive push notification when this gets completed"
echo "Get your expo token here : https://play.google.com/store/apps/details?id=com.hackingsimplified.notifyme"
exit 1
@fransr
fransr / bucket-disclose.sh
Last active February 16, 2025 14:38
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
#!/bin/bash
# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"
@xdavidhu
xdavidhu / converter.sh
Last active September 1, 2024 10:56
Converter.sh, a bash script to convert domain lists to resolved IP lists without duplicates
#!/bin/bash
# Converter.sh by @xdavidhu
# This is a script inspired by the Bug Hunter's Methodology 3 by @Jhaddix
# With this script, you can convert domain lists to resolved IP lists without duplicates.
# Usage: ./converter.sh [domain-list-file] [output-file]
echo -e "[+] Converter.sh by @xdavidhu\n"
if [ -z "$1" ] || [ -z "$2" ]; then
echo "[!] Usage: ./converter.sh [domain-list-file] [output-file]"
exit 1
@virtualminds
virtualminds / gist:52a34ccf3cefcd4c315a7289f0506ba5
Created March 7, 2018 18:31
Clean "fake" resolvers from massdns resolver list
./scripts/subbrute.py lists/names_small.txt LASDFALSKJDFLKAJSDLFKJALKSDFJLKAJD.COM | ./massdns -r lists/resolvers.txt -t A -o Snqr -w results.txt
for i in $(grep -Ev 'NXDOMAIN' results.txt | grep -v ' A ' | cut -d':' -f 1 | sort -u); do sed -i -e "/$i/d" lists/resolvers.txt; done
@tomnomnom
tomnomnom / alert.js
Last active March 12, 2025 15:14
Ways to alert(document.domain)
// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:
// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);
anonymous
anonymous / default.txt
Created December 3, 2017 12:33
Users and their passwords attempts
[0]
4
1
1 -
2 !
2 !@
1 &
1 0
3 0000
@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active January 30, 2025 22:58
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@tomnomnom
tomnomnom / php-curl-crlf-injection.mkd
Last active October 11, 2024 16:43
CRLF Injection Into PHP's cURL Options

CRLF Injection Into PHP's cURL Options

I spent the weekend meeting hackers in Vegas, and I got talking to one of them about CRLF Injection. They'd not seen many CRLF Injection vulnerabilities in the wild, so I thought I'd write up an example that's similar to something I found a few months ago.

If you're looking for bugs legally through a program like hackerone, or you're a programmer wanting to write secure PHP: this might be useful to you.

@yasinS
yasinS / bucket-names-deduplicated.txt
Last active September 23, 2018 15:40
De-duplicated bucket name prefix list (from Sandcastle, now at EOL)
graphql
terraform
supportuploads
supportmedia
supportdocs
helpcenter
helpcentre
helpmedia
knowledgebase
kbfiles
@rain-1
rain-1 / Wannacrypt0r-FACTSHEET.md
Last active March 30, 2025 17:12 — forked from Epivalent/Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru