sasqwatch
/ ohost.sh
Created
August 18, 2020 04:25
— forked from gwen001/ohost.sh
onliner to resolve the host of a given url
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| host `echo https://pass:[email protected]:2996/utils/|sed "s/.*:\/\///"|cut -d '/' -f 1|cut -d '@' -f 2|cut -d':' -f 1` | |
| function ohost { | |
| host `echo $1|sed "s/.*:\/\///"|cut -d '/' -f 1|cut -d '@' -f 2|cut -d':' -f 1` | |
| } | |
| function ohosts { | |
| while read u; do host `echo $u|sed "s/.*:\/\///"|cut -d '/' -f 1|cut -d '@' -f 2|cut -d':' -f 1`; done < $1 | |
| } |
sasqwatch
/ olink.sh
Created
August 18, 2020 04:25
— forked from gwen001/olink.sh
oneliner to extract links from the target itself
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| while read h; do curl -siL https://$h|sed -n -E "s/.*<.*(href|src|url)[=:]['\"]?([^'\">]+).*/\2/p" ; done < hosts.txt | |
| function olink { | |
| curl -siL https://$1|sed -n -E "s/.*(href|src|url)[=:]['\"]?([^'\">]+).*/\2/p" | |
| } | |
| function olinks { | |
| while read h; do curl -siL https://$h|sed -n -E "s/.*<.*(href|src|url)[=:]['\"]?([^'\">]+).*/\2/p" ; done < $1 | |
| } |
sasqwatch
/ osub.sh
Created
August 18, 2020 04:25
— forked from gwen001/osub.sh
oneliner to get subdomains and related from the target itself
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| while read h; do curl -siL https://$h|egrep -io "[0-9a-z_\-\.]+\.([0-9a-z_\-]+)?`echo $h|awk -F '.' '{print $(NF-1)}'`([0-9a-z_\-\.]+)?\.[a-z]{1,5}"|sort -fu ; done < hosts.txt | |
| function osub { | |
| curl -siL https://$h1egrep -io "[0-9a-z_\-\.]+\.([0-9a-z_\-]+)?`echo $h|awk -F '.' '{print $(NF-1)}'`([0-9a-z_\-\.]+)?\.[a-z]{1,5}"|sort -fu | |
| } | |
| function osubs { | |
| while read h; do curl -siL https://$h|egrep -io "[0-9a-z_\-\.]+\.([0-9a-z_\-]+)?`echo $h|awk -F '.' '{print $(NF-1)}'`([0-9a-z_\-\.]+)?\.[a-z]{1,5}"|sort -fu ; done < $1 | |
| } |
sasqwatch
/ oparam.sh
Created
August 18, 2020 04:25
— forked from gwen001/oparam.sh
onliner to extract params from url
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "https://www.example.com/?aaa=bbb&ccc=ddd" | tr '?' '&' | awk -F '&' '{for(i=2;i<=NF;i++){split($i,t,"=");print t[1]}}' | |
| while read u; do echo $u | tr '?' '&' | awk -F '&' '{for(i=2;i<=NF;i++){split($i,t,"=");print t[1]}}'; done < plainurls.txt | sort -fu | |
| From wayback json file: | |
| cat waybackurls.json|jq -r '.[]'|grep 'http'|cut -d '"' -f 2 | while read u; do echo $u | tr '?' '&' | awk -F '&' '{for(i=2;i<=NF;i++){split($i,t,"=");print t[1]}}'; done | sort -fu | |
| function oparam { | |
| echo $1 | tr '?' '&' | awk -F '&' '{for(i=2;i<=NF;i++){split($i,t,"=");print t[1]}}' | |
| } |
sasqwatch
/ ejs.sh
Created
August 18, 2020 04:25
— forked from gwen001/ejs.sh
onliner to extract endpoints from JS files of a given host
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu | |
| # using linkfinder | |
| function ejs() { | |
| URL=$1; | |
| curl -Lks $URL | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"\n##### %\";wget --no-check-certificate --quiet \"%\"; basename \"%\" | xargs -I \"#\" sh -c 'linkfinder.py -o cli -i #'" | |
| } | |
| # with file download (the new best one): | |
| # but there is a bug if you don't provide a root url |
sasqwatch
/ wordgrab.sh
Created
August 18, 2020 04:24
— forked from gwen001/wordgrab.sh
create a wordlist from the target itself
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #using cewl | |
| wordgrab() { | |
| url=$1 | |
| cewl.rb -u "Mozilla/5.0 (X11; Linux; rv:74.0) Gecko/20100101 Firefox/74.0" -d 0 -m 3 https://www.$1 | tr '[:upper:]' '[:lower:]' |sort -fu | grep -v "robin wood" | |
| } | |
| # added min length 3 | |
| wordgrab() { | |
| url=$1 | |
| tmpfile="$(date "+%s")" |
sasqwatch
/ sslsub.sh
Created
August 18, 2020 04:24
— forked from gwen001/sslsub.sh
get altnames from ssl certificates
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function sslsub() { | |
| timeout 3 openssl s_client -showcerts -servername $1 -connect $1:443 <<< "Q" 2>/dev/null | openssl x509 -text -noout | grep DNS | tr ',' '\n' | cut -d ':' -f 2 | sort -fu | |
| } |
sasqwatch
/ QueryQNAPUpdate-PS2.ps1
Created
July 23, 2020 18:39
— forked from Demonslay335/QueryQNAPUpdate-PS2.ps1
Query a QNAP for any available updates using the API (PowerShell 2)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ignore self-certs | |
| if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type) | |
| { | |
| $certCallback = @" | |
| using System; | |
| using System.Net; | |
| using System.Net.Security; | |
| using System.Security.Cryptography.X509Certificates; | |
| public class ServerCertificateValidationCallback | |
| { |
sasqwatch
/ dump.py
Created
July 23, 2020 18:38
— forked from Demonslay335/dump.py
Dumps a PE from VirtualAlloc/VirtualProtect
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import sys | |
| import time | |
| import winappdbg | |
| import traceback | |
| class MyEventHandler(winappdbg.EventHandler): | |
| last_alloc_memory = 0 |
sasqwatch
/ Sosemanuk.cs
Created
July 23, 2020 18:38
— forked from Demonslay335/Sosemanuk.cs
Sosemanuk cryptographic algorithm in C#.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Adapted from https://www.seanet.com/~bugbee/crypto/sosemanuk/ | |
| public class Sosemanuk | |
| { | |
| public Sosemanuk(byte[] key, byte[] iv) | |
| { | |
| BuildAlphas(); | |
| SetKey(key); | |
| SetIV(iv); | |
| } |