Skip to content

Instantly share code, notes, and snippets.

View michaellcader's full-sized avatar
🏠
Working from home

MichaellCader michaellcader

🏠
Working from home
38 followers · 40 following
View GitHub Profile
@michaellcader
michaellcader / nuclei-scan.sh
Last active July 9, 2020 06:26 — forked from dwisiswant0/nuclei-scan.sh
Automate nuclei for given hosts
#!/bin/bash
OUT=~/nuclei-results/$1
TPL=~/nuclei-templates
mkdir -p ${OUT}
SUB=$(subfinder -d $1 -silent | httprobe | tee ${OUT}/$1.txt)
cd ${TPL}; git pull origin master && cd -
for tpl in $(find $TPL -name "*.yaml"); do $GOPATH/bin/nuclei -l ${OUT}/$1.txt -t $tpl -o "${OUT}/$(basename "$tpl" .yaml).txt"; done
find ${OUT} -name "*.txt" -size 0 -delete
@michaellcader
michaellcader / tmux-cheatsheet.markdown
Created July 18, 2020 14:15 — forked from MohamedAlaa/tmux-cheatsheet.markdown
tmux shortcuts & cheatsheet

tmux shortcuts & cheatsheet

start new:

tmux

start new with session name:

tmux new -s myname
@michaellcader
michaellcader / subdomain_wordlist.md
Created August 25, 2020 12:07 — forked from cihanmehmet/subdomain_wordlist.md
Subdomain Wordlist
@michaellcader
michaellcader / ffuf.sh
Created August 25, 2020 12:10 — forked from noobsdt/ffuf.sh
#!/bin/bash
echo "###############################"
echo "# Ffuf #"
echo "###############################"
echo ""
echo ""
echo "[1] subdomains.txt"
echo "[2] subdomain-large.txt"
echo "[3] raft-large-directories.txt"
@michaellcader
michaellcader / ffuf to enumerate s3
Last active June 2, 2022 03:19 — forked from the-xentropy/gist:05ab1c5efd7ae7651b14e0fb85c6312c
[ffuf usage] Use wfuzz or ffuf to enumerate s3 #bugbounty
#!/bin/bash
Ffuf (faster):
ffuf -u "https://s3.REGION.amazonaws.com/COMPANYDELIMITERENVIRONMENT" -w "aws-regions.txt:REGION" -w "company.txt:COMPANY" -w "delimiters.txt:DELIMITER" -w "/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt:ENVIRONMENT" -mc 200 -v
Wfuzz:
wfuzz -u "https://s3.FUZZ.amazonaws.com/FUZ2ZFUZ3ZFUZ4Z" -w aws-regions.txt -w company.txt -w delimiters.txt -w "/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt" --sc 200 -v -t 50
The files:
@michaellcader
michaellcader / ys_subdomains
Last active June 2, 2022 03:28
[rootdomains_ys]ys #recon
ys7.com
ezvizlife.com
eziot.com
ezviz7.com
guardingvision.com
hicloudcam.com
shipin7.com
hik-connect.com
hikops.com
@michaellcader
michaellcader / oppo_rootdomains
Last active June 2, 2022 03:32
[rootdomains_oppo]oppo #recon
oppo.com
oppo.cn
myoppo.com
opposhop.cn
coloros.com
nearme.com.cn
oppomobile.com
oppofind.com
myoas.com
heytap.com
@michaellcader
michaellcader / Drozer_command.md
Last active June 2, 2022 03:26 — forked from castexyz/drozer.md
[mobile]Drozer commands #bugbounty

Drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS.

    * Starting a session
      * `adb forward tcp:31415 tcp:31415`
      * `drozer console connect`
      * `drozer console connect --server <ip>`
    * List modules
 * `ls`
@michaellcader
michaellcader / inject.c
Created July 14, 2022 13:34 — forked from theevilbit/inject.c
DYLD_INSERT_LIBRARIES DYLIB injection in macOS / OSX deep dive
#include <stdio.h>
#include <syslog.h>
#include <stdlib.h>
__attribute__((constructor))
static void customConstructor(int argc, const char **argv)
{
setuid(0);
system("id");
printf("Hello from dylib!\n");
@michaellcader
michaellcader / windows_privesc
Created August 5, 2022 06:28 — forked from sckalath/windows_privesc
Windows Privilege Escalation
// What system are we connected to?
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
// Get the hostname and username (if available)
hostname
echo %username%
// Get users
net users
net user [username]