ANeilan

.cgi/
.cgi/.htaccess
.cgi/idm/
.cgi/idm/.htaccess
.cgi/idm/index.php
.cgi/idm/oauth2
.cgi/idm/oauth2/authword.php
.cgi/idm/oauth2/context.php
.cgi/idm/oauth2/Email.php
.cgi/idm/oauth2/index.php

opexxx

Logo
Aravo
Assess your third parties at scale with SecurityScorecard insights in Aravo.


Logo
CFGI
CFGI delivers 'Security Risk Monitoring Services' to clients to improve their security posture and to continuously monitor third parties.

opexxx

git clone --recursive https://github.com/screetsec/Sudomy.git
git clone https://bitbucket.org/LaNMaSteR53/recon-ng.git
git clone https://github.com/0ang3el/aem-hacker.git
git clone https://github.com/0xinfection/tidos-framework.git
git clone https://github.com/1N3/BlackWidow.git
git clone https://github.com/1N3/Goohak.git
git clone https://github.com/1N3/IntruderPayloads
git clone https://github.com/1N3/Sn1per.git
git clone https://github.com/Alfresco/prowler.git
git clone https://github.com/Arr0way/linux-local-enumeration-script.git

salaheldinaz

🧰 DEFCON29 Recon Village Resources

Talks videos 🎬 Watch here

---

Future of Asset Management - Ben Sadeghipour

Where to find Domains/subdomains:

• Acquisitions https://acquiredby.co/apple-acquisitions/

nullenc0de

../wiki/ImageDatabaseSummary.md
./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
/..
/...
/../
/.DS_Store
/.codepushrelease
/0-.
/10000000
/3-

cyberheartmi9

https://medium.com/android-news/hacking-android-app-with-frida-a85516f4f8b7
https://cmrodriguez.me/blog/frida-scripting-guide/
https://notsosecure.com/pentesting-android-apps-using-frida/
https://11x256.github.io/Frida-hooking-android-part-1
https://payatu.com/blog/amit/Getting%20_started_with_Frida
https://zhuanlan.zhihu.com/p/157604388
https://corellium.com/blog/android-frida-finding-hooks
https://frida.re/docs/javascript-api/
https://www.fatalerrors.org/a/java-runtime-for-advanced-usage-of-frida-hook-android-app.html
https://www.nowsecure.com/blog/2017/04/27/owasp-ios-crackme-tutorial-frida/

nullenc0de

wget https://gist.githubusercontent.com/nullenc0de/bb16be959686295b3b1caff519cc3e05/raw/2016dc0e692821ec045edd5ae5c0aba5ec9ec3f1/api-linkfinder.yaml
echo https://stripe.com/docs/api | hakrawler -t 500 -d 10 |nuclei -t ./linkfinder.yaml -o api.txt
cat api.txt |grep url_params |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_params.txt
cat api.txt |grep relative_links |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_link_finder.txt

zPrototype

FROM ubuntu:20.04
 
ENV TZ Europe/Berlin
RUN DEBIAN_FRONTEND="noninteractive" && \
    apt-get update && \
    apt-get upgrade -y && \
    apt-get autoclean -y && \
    apt-get autoremove -y && \
    apt-get install -y sudo apt-utils tzdata && \
    dpkg-reconfigure --frontend noninteractive tzdata && \

brevityinmotion

import json, boto3
import ast
import urllib.request
import pandas as pd
import numpy as np
import brevityscope.scope
import brevityprogram.programs

def lambda_handler(event, context):

R0X4R

#!/bin/bash
#Requirements: KXSS(https://github.com/Emoe/kxss), Dalfox (https://github.com/hahwul/dalfox), QSreplace(https://github.com/tomnomnom/qsreplace)
#Preparation: subfinder -d target.tld -all -silent | httpx -silent | gauplus --random-agent -b eot,jpg,jpeg,gif,css,tif,tiff,png,ttf,otf,woff,woff2,ico,pdf,svg,txt -t 100 -o params.txt && cat params.txt | gf xss | sed "s/'/ /g" | sed "s/(/ /g" | sed "s/)/ /g" | qsreplace "FUZZ" 2> /dev/null | anew -q testparams.txt
#Usage: ./inxss.sh testparams.txt target.tld
lists=$1
mkout=$(echo -e "$2_$(date +%F_%H_%M_%S)")
mkdir -p $mkout
echo -e "Total $(cat $1 | wc -l) targets loaded"
sleep 6s
echo -e "[$(date +"%F %H:%M:%S")] Starting scan..."