Skip to content

Instantly share code, notes, and snippets.

View secfb's full-sized avatar
🎯
Focusing

Never Mind secfb

🎯
Focusing
82 followers · 523 following
View GitHub Profile
@payloadartist
payloadartist / firefox.sh
Last active February 6, 2021 20:42
Enumerate sub-domains, then open them in Firefox automatically. Useful for taking a quick glance at target's assets, and make notes, while doing recon.
# ------Instructions---------
# Install (and configure) subfinder, assetfinder, and httprobe
# go get -v github.com/projectdiscovery/subfinder/cmd/subfinder && go get -v github.com/tomnomnom/httprobe && go get -v github.com/tomnomnom/assetfinder
# cat firefox.sh >> ~/.bashrc
# source ~/.bashrc
# Usage - subf_ff target.tld
# asset_ff target.tld
subf_ff () {
subfinder -d $1 -silent -t 100 | httprobe -c 50 | sort -u | while read line; do firefox $line; sleep 10; done
@si9int
si9int / check_ip.py
Created March 23, 2020 07:59
#!/usr/bin/env python3
import requests, sys
requests.packages.urllib3.disable_warnings()
try:
target = sys.argv[1]
method = sys.argv[2]
except:
print('[!] Usage: python3 check_ip.py <domain/ip> <http/https>')
sys.exit()
@nullenc0de
nullenc0de / qualys_wordlist.txt
Created March 29, 2020 18:25
Qualys Wordlist
/
/.
/.*
/../../../../../../../../../../../
/../../../../../../../../../../../../boot.ini
/../../../../../../../../../../../../etc/passwd
/../../../../../../../winnt/system32/cmd.exe
/../../..//index.html
/../index.html
/.bzr/
@securITymania
securITymania / cors_poc.html
Created April 5, 2020 13:43
<!DOCTYPE html>
<html>
<head>
<title>CORS PoC Exploit</title>
</head>
<body>
<center>
<h1>CORS Exploit<br>secureITmania</h1>
<hr>
@Parasimpaticki
Parasimpaticki / gist:0b1f1f508b2ee2a146244ab53d0bb3b8
Created May 6, 2020 23:22
#!/bin/bash
#Escape slash from name for folder name
folderName=$(echo $1| awk '{gsub("/","_")}1');
mkdir $folderName && cd $folderName
fqdn=$1;
ipList=$(dig +short $fqdn|grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'); #Get all A names
if [ -z "$ipList" ]
then
ipArgument=$fqdn
@cihanmehmet
cihanmehmet / xss_one_liner.md
Last active July 27, 2024 03:17
xss_one_liner.md 
#cat targets_urls.txt                
http://public-firing-range.appspot.com

Command Line

gospider -S targets_urls.txt -c 10 -d 5 --blacklist ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)" --other-source | grep -e "code-200" | awk '{print $5}'| grep "=" | qsreplace -a | dalfox pipe -o result.txt
@5bhuv4n35h
5bhuv4n35h / install.sh
Last active July 27, 2020 12:17
pentest setup backup shell script to install sublime,typora,shellter,wine,figlet,lolcat,gobuster automatically using linux commands #oscp #pentest #documentation #tools
#!/bin/bash
##### (Cosmetic) Colour output
RED="\033[01;31m" # Issues/Errors
GREEN="\033[01;32m" # Success
YELLOW="\033[01;33m" # Warnings/Information
BLUE="\033[01;34m" # Heading
BOLD="\033[01;01m" # Highlight
RESET="\033[00m" # Normal
@cihanmehmet
cihanmehmet / subdomain_wordlist.md
Last active March 21, 2025 18:36
Subdomain Wordlist
@dwisiswant0
dwisiswant0 / nuclei-scan.sh
Last active July 8, 2022 13:46
Automate nuclei for given hosts
#!/bin/bash
OUT="~/nuclei-results/$1"
TPL="~/nuclei-templates"
mkdir -p ${OUT}
SUB=$(subfinder -d $1 -silent | httprobe | tee ${OUT}/$1.txt)
cd ${TPL}; git pull origin master && cd -
for tpl in $(find $TPL -name "*.yaml"); do $GOPATH/bin/nuclei -l ${OUT}/$1.txt -t $tpl -o "${OUT}/$(basename "$tpl" .yaml).txt"; done
find ${OUT} -name "*.txt" -size 0 -delete
@dwisiswant0
dwisiswant0 / .bash_profile
Created May 27, 2020 07:38
SQLi & XSS Vulnerability Scanner
###
# ▶ go get -u github.com/lc/gau
# ▶ go get -u github.com/tomnomnom/qsreplace
# ▶ go get -u github.com/tomnomnom/hacks/kxss
# ▶ go get -u github.com/hahwul/dalfox
# ▶ git clone https://github.com/dwisiswant0/DSSS
###
gauq() {