khanjanny

//change hackerone.com to any domain to extract subdomains 


curl -s "https://crt.sh/?q=%25.hackerone.com&output=json" |jq -r '.[].name_value' | sed 's/\*\.//g' | sort -u | grep -o "\w.*hackerone.com" | sort -u  >> output.txt
curl https://www.threatcrowd.org/searchApi/v2/domain/report/?domain=hackerone.com | jq '.' | sort -u | grep hackerone.com >> output.txt
curl https://api.hackertarget.com/hostsearch/?q=hackerone.com | cut -d',' -f1 | sort -u | grep hackerone.com >> output.txt
curl https://certspotter.com/api/v0/certs?domain=hackerone.com | sort -u >> output.txt
curl http://web.archive.org/cdx/search/cdx?url=*.hackerone.com/\&output=text\&fl=original\&collapse=urlkey |sort| grep hackerone.com |sed -e 's_https*://__' -e "s/\/.*//" -e 's/:.*//' -e 's/^www\.//' | sort -u >> output.txt 
curl http://index.commoncrawl.org/CC-MAIN-2018-22-index?url=*.hackerone.com\&output=json | jq -r .url | sort -u >> output.txt
curl https://api.threatminer.org/v2/domain.php?q=hackerone.com\&rt=5 | jq '.' | sort -u | grep hacke

khanjanny

HTTP Splitting
----------------------------------
en
Content-Length: 0

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 28
<html>http Splitting test</html>

khanjanny

#!/bin/bash
file_lines=$(cat $1)
echo "Running LinkFinder over these urls..."

for line in $file_lines
do
if [[ "$line" == "http"* ]]
 then
  if [[ $(wget $line -O-) ]] 2>/dev/null
   then

khanjanny

#!/bin/bash

apt update
apt install wget curl python python3 python-pip python3-pip python-dev zip git phantomjs whatweb python-virtualenv bc locate dnsutils apache2 tree jq
pip install boto wfuzz google wafw00f truffleHog

#install golang phantomjs


#golang profile...