cihanmehmet

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$%&'()*+,-./:;<=>?@[\]^_`{|}~" 

cihanmehmet

#!/bin/bash

echo "Online Subdomain Detect Script"
echo "Twitter => https://twitter.com/cihanmehmets"
echo "Github => https://github.com/cihanmehmet"
echo "CURL Subdomain Execute => curl -s -L https://raw.githubusercontent.com/cihanmehmet/sub.sh/master/sub.sh | bash -s bing.com"
echo "██████████████████████████████████████████████████████████████████████████████████████████████████████████████"

if [[ $# -eq 0 ]] ;
then

cihanmehmet

#!/bin/bash

nmap -sn -iL $1 |grep "Nmap scan report for"|grep -Eo "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"|sort -u |tee $1.txt

echo "Detect IP $(wc -l $1.txt|awk '{ print $1 }' )" "=> result_${1}" "saved"
echo "File Location : "$(pwd)/"result_$1"

cihanmehmet

GREP NOT IP RESULT
cat file.txt| grep -Eov "\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b"

grep -Eov "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" some_ip.txt

egrep -v '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' file.txt

grep -v "[[:alpha:]]" some_url-ip.txt |egrep -v '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}'

grep -Eov "^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$" d.txt

cihanmehmet

mail
webmail
cpanel
webdisk
autodiscover
sni
test
dev
com
m

cihanmehmet

#cat targets_urls.txt                
http://public-firing-range.appspot.com

Command Line

gospider -S targets_urls.txt -c 10 -d 5 --blacklist ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)" --other-source | grep -e "code-200" | awk '{print $5}'| grep "=" | qsreplace -a | dalfox pipe -o result.txt

• https://github.com/jaeles-project/gospider

cihanmehmet

⏳🔺33 Million Subdomain Wordlist🔻🧱🔨👀

https://mega.nz/file/UsJXzITR#TMIFTXnW1zABHfZUIKMPMvA-c8UvzGWeAd4mg4gGCtQ

cmd@fb:/tmp|❯ wc -l 33m-subdomain-wordlist.txt
 33927885 33m-subdomain-wordlist.txt

---

🚨🔺15 Million Subdomain Wordlist🔻 🧱🔨👀

https://mega.nz/file/BtIh2KaZ#zI1aZgAdHYdBfvKC5G8bwXwfFG11Gx0CW1zLhc0weC8

cihanmehmet

🚨BIGIP CVE-2020-5902 Exploit POC 🔥🧱🔨👀

---

Shodan Seaarch

title:"Big-IP®" org:"Organization Name"
http.title:"BIG-IP®- Redirect" org:"Organization Name"
http.favicon.hash:-335242539 "3992" org:"Organization Name"

---

🔸LFI

cihanmehmet

password
princess
123456
sunshine
princess1
abc123
jordan23
blessed1
Password1
password1

cihanmehmet

#!/usr/bin/env bash
wget -e use_proxy=yes -e http_proxy=127.0.0.1:8080 http://burp/cert -O cacert.der #open burp suite | Proxy > Options > CA Certificate > Export in DER format
#openssl x509 -inform DER -in cacert.der -out cacert.pem
cp cacert.pem $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem | head -1)".0" #9a5ba575.0
#--------------------------------------------------------------------------------------------------------
adb root
adb remount
adb push 9a5ba575.0 /sdcard/
#--------------------------------------------------------------------------------------------------------
adb shell cp /sdcard/9a5ba575.0 /system/etc/security/cacerts/