Skip to content

Instantly share code, notes, and snippets.

View cihanmehmet's full-sized avatar
🔍
just do good searching

Cihan Mehmet DOĞAN (CMD) cihanmehmet

🔍
just do good searching
View GitHub Profile
@cihanmehmet
cihanmehmet / ports.md
Last active October 1, 2024 22:04
TCP PORTS List

Most Popular TCP/UDP Ports

https://nmap.org/book/port-scanning.html#most-popular-ports

20,21,22,23,25,53,67,68,69,80,110,111,123,135,137,138,139,143,161,162,443,445,500,514,520,631,993,995,1434,1723,1900,3306,3389,4500,5900,8080,49152

20 21 22 23 25 53 67 68 69 80 110 111 123 135 137 138 139 143 161 162 443 445 500 514 520 631 993 995 1434 1723 1900 3306 3389 4500 5900 8080 49152
@cihanmehmet
cihanmehmet / android-burp-cert.sh
Last active June 17, 2024 21:54
Andorid 7-10 Burpsuite Certificate İnstall
#!/usr/bin/env bash
wget -e use_proxy=yes -e http_proxy=127.0.0.1:8080 http://burp/cert -O cacert.der #open burp suite | Proxy > Options > CA Certificate > Export in DER format
#openssl x509 -inform DER -in cacert.der -out cacert.pem
cp cacert.pem $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem | head -1)".0" #9a5ba575.0
#--------------------------------------------------------------------------------------------------------
adb root
adb remount
adb push 9a5ba575.0 /sdcard/
#--------------------------------------------------------------------------------------------------------
adb shell cp /sdcard/9a5ba575.0 /system/etc/security/cacerts/
@cihanmehmet
cihanmehmet / password-wordlist.txt
Created November 19, 2020 11:34
Password Wordlist(235k)
This file has been truncated, but you can view the full file.
password
princess
123456
sunshine
princess1
abc123
jordan23
blessed1
Password1
password1
@cihanmehmet
cihanmehmet / CVE-2020-5902.md
Last active July 27, 2024 03:07
BIGIP CVE-2020-5902 Exploit POC

🚨BIGIP CVE-2020-5902 Exploit POC 🔥🧱🔨👀


Shodan Seaarch

title:"Big-IP®" org:"Organization Name"
http.title:"BIG-IP®- Redirect" org:"Organization Name"
http.favicon.hash:-335242539 "3992" org:"Organization Name"

🔸LFI

@cihanmehmet
cihanmehmet / subdomain_wordlist.md
Last active September 18, 2024 19:26
Subdomain Wordlist
@cihanmehmet
cihanmehmet / xss_one_liner.md
Last active July 27, 2024 03:17
xss_one_liner.md
#cat targets_urls.txt                
http://public-firing-range.appspot.com

Command Line

gospider -S targets_urls.txt -c 10 -d 5 --blacklist ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)" --other-source | grep -e "code-200" | awk '{print $5}'| grep "=" | qsreplace -a | dalfox pipe -o result.txt
This file has been truncated, but you can view the full file.
mail
webmail
cpanel
webdisk
autodiscover
sni
test
dev
com
m
@cihanmehmet
cihanmehmet / grep_ip.txt
Created September 25, 2019 13:32
grep_ip.txt
GREP NOT IP RESULT
cat file.txt| grep -Eov "\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b"
grep -Eov "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" some_ip.txt
egrep -v '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' file.txt
grep -v "[[:alpha:]]" some_url-ip.txt |egrep -v '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}'
grep -Eov "^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$" d.txt
@cihanmehmet
cihanmehmet / nmap_sn.sh
Last active September 25, 2019 11:43
nmap_sn.sh
#!/bin/bash
nmap -sn -iL $1 |grep "Nmap scan report for"|grep -Eo "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"|sort -u |tee $1.txt
echo "Detect IP $(wc -l $1.txt|awk '{ print $1 }' )" "=> result_${1}" "saved"
echo "File Location : "$(pwd)/"result_$1"
@cihanmehmet
cihanmehmet / sub.sh
Last active July 8, 2022 14:04
sub.sh
#!/bin/bash
echo "Online Subdomain Detect Script"
echo "Twitter => https://twitter.com/cihanmehmets"
echo "Github => https://github.com/cihanmehmet"
echo "CURL Subdomain Execute => curl -s -L https://raw.githubusercontent.com/cihanmehmet/sub.sh/master/sub.sh | bash -s bing.com"
echo "██████████████████████████████████████████████████████████████████████████████████████████████████████████████"
if [[ $# -eq 0 ]] ;
then