Skip to content

Instantly share code, notes, and snippets.

View emadshanab's full-sized avatar
🏠
Working from home

Emad Shanab emadshanab

🏠
Working from home
681 followers · 275 following
View GitHub Profile
@emadshanab
emadshanab / cpanel.txt
Created August 1, 2021 23:47
paths
/$USER_wrdp1.sql
/$USER_wpdb.sql
/home/$USER/mail/dovecot-uidlist
/var/spool/exim/input/i/1lE8Ii-0006Gf-LV-D
/var/log/cpanel-install.log
/var/log/exim_mainlog
/var/log/mysqld.log
/var/log/cron
/var/log/maillog
/var/log/exim_mainlog-20210221.gz
@emadshanab
emadshanab / f5_here_i_come.sh
Created August 20, 2021 22:30 — forked from LuD1161/f5_here_i_come.sh
F5 Slapdash attempt
# Get all the F5 IPs from Shodan | Get script here : https://gist.github.com/LuD1161/2087aea80e8771a4af069c33b4078570
python3 shodan_query.py "http.favicon.hash:-335242539" results_f5.txt | tee -a output.txt
cat output.txt | grep -i "host :" | cut -d":" -f2 | cut -d" " -f2 | httpx -threads 400 -ports 80,443,8443,4443 -silent | nuclei -t cves/CVE-2020-5902.yaml -o results.txt
cut -d" " -f3 results.txt > targets.txt
sed -i -e "s/\.\;/\.\\\;/g" targets.txt # escape semicolon to pass to interlace
interlace -tL ./targets.txt -threads 100 -c "echo _target_; curl --insecure -v _target_ 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }'" -v | tee -a all_certs.txt
@emadshanab
emadshanab / token_spray_automation.sh
Created October 31, 2021 00:12 — forked from aufzayed/token_spray_automation.sh
search for leaked data (tokens, secrets) in JavaScript files and validate them with nuclei token spray
# requirements:
# gf -> https://github.com/tomnomnom/gf
# gf patterns to find leaked tokens and secrets -> https://github.com/emadshanab/Gf-Patterns-Collection
# subjs -> https://github.com/lc/subjs
# gau -> https://github.com/lc/gau
# nuclei -> https://github.com/projectdiscovery/nuclei
# hakcheckurl -> https://github.com/hakluke/hakcheckurl
# note: before you run the script, edit your gf patterns and remove all grep 'H' and 'n' flag and add the 'h' flag
@emadshanab
emadshanab / log4j-keywords
Created December 22, 2021 00:56 — forked from bugbountynights/log4j-keywords
${ctx:loginId}
${map:type}
${filename}
${date:MM-dd-yyyy}
${docker:containerId}
${docker:containerName}
${docker:imageName}
${env:USER}
${event:Marker}
${mdc:UserId}
@emadshanab
emadshanab / stealth-fast-nmap-scan.sh
Created January 12, 2022 04:35 — forked from nil0x42/stealth-fast-nmap-scan.sh
"Quickly" scan all ports for a big list of IPs with nmap, while avoiding being banned,
#!/bin/bash
# by @nil0x42
shuf IP-LIST.TXT > /tmp/ips.txt # randomize ip-list
# for each port (in random order):
for i in {1..65535}; do echo $i; done | shuf | while read port; do
# scan single port on every IP from randomized ip-list
nmap -sS -PN -n --max-retries=0 --max-rtt-timeout=1000ms \
--min-rate=10000 --min-hostgroup=4096 -iL /tmp/ips.txt -p $port
done
@emadshanab
emadshanab / firefox_settings.md
Created January 25, 2022 18:12 — forked from mccabe615/firefox_settings.md
Firefox settings for testing

In about:config in Firefox, all of the below should be set to false

  • network.captive-portal-service.enabled
  • extensions.getAddons.cache.enabled
  • network.prefetch-next
  • browser.newtabpage.enabled
  • toolkit.telemetry.archive.enabled = false
  • toolkit.telemetry.enabled = false
  • toolkit.telemetry.rejected = true
@emadshanab
emadshanab / tweets.txt
Created February 13, 2022 14:01 — forked from R0X4R/tweets.txt
tweets collection
subfinder -d target.com -all -silent -t 10 | naabu -p "21,22,80,81,280,300,443,583,591,593,832,981,1010,1099,1311,2082,2087,2095,2096,2480,3000,3128,3333,4243,4444,4445,4567,4711,4712,4993,5000,5104,5108,5280,5281,5601,5800,6543,7000,7001,7002,7396,7474,8000,8001,8008,8009,8014,8042,8060,8069,8080,8081,8083,8088,8090,8091,8095,8118,8123,8172,8181,8222,8243,8280,8281,8333,8337,8443,8500,8530,8531,8834,8880,8887,8888,8983,9000,9001,9043,9060,9080,9090,9091,9092,9200,9443,9502,9800,9981,10000,10250,10443,11371,12043,12046,12443,15672,16080,17778,18091,18092,20720,28017,32000,55440,55672" -silent -nc | httprobe -prefer-https | xargs -P 10 -I @ bash -c "echo @ | gau" 2> /dev/null | grep -E "password|password\-reset|reset\-token|token\=" | anew -q urls.txt
xargs -a urls.txt -P 5 -I @ bash -c "curl -ks -L \"@\" -H \"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36\" | grep -iE \"enter password|new password|new\-password|confirm password|co
@emadshanab
emadshanab / oopen.sh
Created March 11, 2022 03:01 — forked from gwen001/oopen.sh
oneliner to open a bunch of hosts/urls
firefox `cat urls.txt | awk '{if(index($1,"http")){print $1}else{print "http://"$1;print "https://"$1}}'
firefox `cat urls.txt | awk '{if(index($1,"http")){print $1}else{print "http://"$1;print "https://"$1}}' | tr "\n" " "`
chromium-browser `cat urls.txt | awk '{if(index($1,"http")){print $1}else{print "http://"$1;print "https://"$1}}'
chromium-browser `cat urls.txt | awk '{if(index($1,"http")){print $1}else{print "http://"$1;print "https://"$1}}' | tr "\n" " "`
function oopen() {
firefox `cat $1 | awk '{if(index($1,"http")){print $1}else{print "http://"$1;print "https://"$1}}'
}
@emadshanab
emadshanab / sslsub.sh
Created March 11, 2022 03:01 — forked from gwen001/sslsub.sh
get altnames from ssl certificates
function sslsub() {
timeout 3 openssl s_client -showcerts -servername $1 -connect $1:443 <<< "Q" 2>/dev/null | openssl x509 -text -noout | grep DNS | tr ',' '\n' | cut -d ':' -f 2 | sort -fu
}
@emadshanab
emadshanab / wordgrab.sh
Created March 11, 2022 03:01 — forked from gwen001/wordgrab.sh
create a wordlist from the target itself
#using cewl
wordgrab() {
url=$1
cewl.rb -u "Mozilla/5.0 (X11; Linux; rv:74.0) Gecko/20100101 Firefox/74.0" -d 0 -m 3 https://www.$1 | tr '[:upper:]' '[:lower:]' |sort -fu | grep -v "robin wood"
}
# added min length 3
wordgrab() {
url=$1
tmpfile="$(date "+%s")"