ihebhamad
/ subdomains_oneliners.sh
Last active
December 19, 2023 20:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| echo 'Usage : bash subdomains_oneliners.sh target.com' | |
| curl -s "https://rapiddns.io/subdomain/$1?full=1#result" |grep '<td>' |grep "$1" |cut -d '>' -f 2 |cut -d '<' -f 1 |sort -u | |
| curl -s "https://api.certspotter.com/v1/issuances?domain=$1&include_subdomains=true&expand=dns_names" | jq .[].dns_names | grep -Po "(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u | |
| curl -s "http://web.archive.org/cdx/search/cdx?url=*.$1/*&output=text&fl=original&collapse=urlkey" | sed -e 's_https*://__' -e "s/\/.*//" | sort -u |
TheBinitGhimire
/ README.md
Last active
April 15, 2025 06:49
[Facebook Bug Bounty] Dangling DNS Records on surf-test.xwf.internet.org! - $500
Read the proper write-up here: https://publish.whoisbinit.me/amazon-ec2-dangling-dns-records-on-surf-test-xwf-internet-org!
In this GitHub Gist, I have included my script (main.sh), which I used in discovering this vulnerability.
The script performs sub-domain enumeration over the Internet.org domain using assetfinder, subfinder, sublist3r and amass, and then checks for sub-domains which are further pointing to Amazon EC2 hostnames, and stores all of the results in multiple text files.
I didn't perform any form of manual work in discovering this vulnerability, and my workflow was fully automated with the help of Bash scripting using different tools.
nil0x42's tips & tricks
- Scrape twitter account of all github followers of target user on GitHub
- Scrape twitter account of all stargazers of target project on GitHub
cmd@fb:/tmp|β― wc -l 33m-subdomain-wordlist.txt
33927885 33m-subdomain-wordlist.txt
setrus
/ Bug Bounty methodology
Created
November 7, 2019 14:40
— forked from cyberheartmi9/Bug Bounty methodology
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| βββββββ ββββββββ βββββββ βββββββ ββββ βββ | |
| ββββββββββββββββββββββββββββββββββββββ βββ | |
| ββββββββββββββ βββ βββ βββββββββ βββ | |
| ββββββββββββββ βββ βββ βββββββββββββ | |
| βββ βββββββββββββββββββββββββββββββ ββββββ | |
| βββ βββββββββββ βββββββ βββββββ βββ βββββ | |
| @intx0x80 |
yassineaboukir
/ List of API endpoints & objects
Last active
September 24, 2025 15:54
A list of 3203 common API endpoints and objects designed for fuzzing.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | |
| 00 | |
| 01 | |
| 02 | |
| 03 | |
| 1 | |
| 1.0 | |
| 10 | |
| 100 | |
| 1000 |
EdOverflow
/ bugbountyfaq.md
Last active
April 4, 2022 16:18
A list of questions that bug bounty hunters frequently DM me about.
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| . | |
| .. | |
| ........ | |
| @ | |
| * | |
| *.* | |
| *.*.* | |
| Γ°ΕΈΒΕ½ |
- How to Build a Successful Information Security Career (Daniel Miessler)
- The First Steps to a Career in Information Security (Errata Security - Marisa Fagan)
- Hiring your first Security Professional (Peerlyst - Dawid Balut)
- How to Start a Career in Cyber security
- How to Get Into Information Security (ISC^2)
- https://www.isc2.org/how-to-get-into-information-security.aspx
NewerOlder