Skip to content

Instantly share code, notes, and snippets.

View secfb's full-sized avatar
🎯
Focusing

Never Mind secfb

🎯
Focusing
82 followers · 521 following
View GitHub Profile
@secfb
secfb / foxyproxyBB.json
Created June 30, 2020 08:04 — forked from 0xatul/foxyproxyBB.json
firefox foxy proxy settings for BB stuff
{
"84kr3q1592995213323": {
"type": 1,
"color": "#cc883a",
"title": "Burp",
"active": true,
"address": "127.0.0.1",
"port": 8080,
"proxyDNS": false,
"username": "",
@secfb
secfb / cors_poc.html
Created June 5, 2020 08:42 — forked from securITymania/cors_poc.html
<!DOCTYPE html>
<html>
<head>
<title>CORS PoC Exploit</title>
</head>
<body>
<center>
<h1>CORS Exploit<br>secureITmania</h1>
<hr>
@secfb
secfb / .bash_profile
Created May 27, 2020 18:51 — forked from dwisiswant0/.bash_profile
SQLi & XSS Vulnerability Scanner
###
# ▶ go get -u github.com/lc/gau
# ▶ go get -u github.com/tomnomnom/qsreplace
# ▶ go get -u github.com/tomnomnom/hacks/kxss
# ▶ go get -u github.com/hahwul/dalfox
# ▶ git clone https://github.com/dwisiswant0/DSSS
###
gauq() {
@secfb
secfb / nuclei-scan.sh
Created May 23, 2020 00:44 — forked from dwisiswant0/nuclei-scan.sh
Automate nuclei for given hosts
#!/bin/bash
OUT="~/nuclei-results/$1"
TPL="~/nuclei-templates"
mkdir -p ${OUT}
SUB=$(subfinder -d $1 -silent | httprobe | tee ${OUT}/$1.txt)
cd ${TPL}; git pull origin master && cd -
for tpl in $(find $TPL -name "*.yaml"); do
@secfb
secfb / gist:250906fcea4d6b7a13e29120ec897a31
Created May 18, 2020 15:26 — forked from Parasimpaticki/gist:0b1f1f508b2ee2a146244ab53d0bb3b8
#!/bin/bash
#Escape slash from name for folder name
folderName=$(echo $1| awk '{gsub("/","_")}1');
mkdir $folderName && cd $folderName
fqdn=$1;
ipList=$(dig +short $fqdn|grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'); #Get all A names
if [ -z "$ipList" ]
then
ipArgument=$fqdn
@secfb
secfb / install.sh
Created May 12, 2020 09:26 — forked from 5bhuv4n35h/install.sh
pentest setup backup shell script to install sublime,typora,shellter,wine,figlet,lolcat,gobuster automatically using linux commands #oscp #pentest #documentation #tools
#!/bin/bash
##### (Cosmetic) Colour output
RED="\033[01;31m" # Issues/Errors
GREEN="\033[01;32m" # Success
YELLOW="\033[01;33m" # Warnings/Information
BLUE="\033[01;34m" # Heading
BOLD="\033[01;01m" # Highlight
RESET="\033[00m" # Normal
@secfb
secfb / Web-Attack-Cheat-Sheet.md
Created May 8, 2020 20:53
Web-Attack-Cheat-Sheet.md

Web-Attack-Cheat-Sheet

Discovering

Bug Bount Targets

https://github.com/arkadiyt/bounty-targets-data

IP Enumeration

http://www.asnlookup.com/
@secfb
secfb / oscp-cheatsheet.md
Created May 1, 2020 18:19
oscp-cheatsheet.md

OSCP-Cheatsheet

nmap

  • service: all
  • tactics: enumeration

enumerate services and use default scripts

  • nmap -sC -sV -oN normal.txt target-ip

scan all tcp ports

@secfb
secfb / bugbounty_checklist.md
Last active May 31, 2020 09:40
bugbounty_checklist.md | https://github.com/sehno/Bug-bounty/blob/master/bugbounty_checklist.md

Bug Bounty Checklist for Web App

This checklist may help you to have a good methodology for bug bounty hunting
When you have done a action, don't forget to check ;)
Happy hunting !

Table of Contents

@secfb
secfb / c99-nl.py
Created April 6, 2020 11:22 — forked from si9int/c99-nl.py
Automates https://subdomainfinder.c99.nl | Usage: python3 c99-nl.py <domain.com> | Requirements: pip3 install bs4
#!/usr/bin/env python3
# v.0.2 | twitter.com/si9int
import requests, sys
from bs4 import BeautifulSoup as bs
domain = sys.argv[1]
subdomains = []
def get_csrf_params():
csrf_params = {}