Skip to content

Instantly share code, notes, and snippets.

@shelu16
shelu16 / content_discovery_all.txt
Created June 19, 2020 09:44 — forked from jhaddix/content_discovery_all.txt
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
`
~/
~
ים
___
__
_
#!/bin/bash
export DEBIAN_FRONTEND=noninteractive;
echo "[*] Starting Install... [*]"
echo "[*] Upgrade installed packages to latest [*]"
echo -e "\nRunning a package upgrade...\n"
apt-get -qq update && apt-get -qq dist-upgrade -y
apt full-upgrade -y
apt-get autoclean
echo "[*] Install stuff I use all the time [*]"
@shelu16
shelu16 / google-dorks
Created August 28, 2020 08:52 — forked from pikpikcu/google-dorks
Listing of a number of useful Google dorks.
" _ _ "
" _ /|| . . ||\ _ "
" ( } \||D ' ' ' C||/ { % "
" | /\__,=_[_] ' . . ' [_]_=,__/\ |"
" |_\_ |----| |----| _/_|"
" | |/ | | | | \| |"
" | /_ | | | | _\ |"
It is all fun and games until someone gets hacked!
@shelu16
shelu16 / params.txt
Created August 28, 2020 08:52 — forked from pikpikcu/params.txt
List of parameters for content discovery
0
1
11
12
13
14
15
16
17
2
debian@pikpikcu~$ cat subdo.txt | hakrawler | grep 'http' | cut -d '' -f 2 > crawler.txt 
debian@pikpikcu~$ gau -subs domain.com >>  crawler.txt
debian@pikpikcu~$ waybackurls domain.com >> crawler.txt 
debian@pikpikcu~$ cat crawling.txt | grep "?" | unfurl --unique format %s://%d%p > base.txt
debian@pikpikcu~$ cat base.txt | parallel -j50 -q grep {} -m5 crawling.txt | tee -a final.txt
debian@pikpikcu~$ cat final.txt | egrep -iv ".(jpg|jpeg|gif|css|tif|tiff|woff|woff2|ico|pdf|svg|txt|js)" > final_bos.txt 
debian@pikpikcu~$ rm -rf base.txt final.txt
@shelu16
shelu16 / Ssrf
Created August 28, 2020 08:53 — forked from pikpikcu/Ssrf
curl -s "http://web.archive.org/cdx/search/cdx?url=*.domain/*&output=txt&fl=original&collapse=urlkey&page=/" | gf ssrf | qsreplace "https://localtest.me" | parallel -j50 -q curl -i -s -k -o >(grep -io "<title>[^<]*" | cut -d'>' -f2-) --silent --max-time 2 --write-out 'Status:%{http_code}\t Header-size:%{size_header}tUrl:%{url_effective} || '
@shelu16
shelu16 / yahoo.txt
Created September 23, 2020 07:07
yahoo
This file has been truncated, but you can view the full file.
http://00.aud-gca.production.omega.bf1.yahoo.com
http://00.aud-gca.production.omega.gq1.yahoo.com
http://00.au.oztips.m.yahoo.com
http://00.ccapi.commercecentral.yahoo.com
http://00.commercecentral.yahoo.com
http://00.hk.store.yahoo.com
http://00.hotfix.m.yahoo.com
http://00.insights-lab.production.omega.bf1.yahoo.com
http://00.insights-lab.production.omega.gq1.yahoo.com
http://00.livestore.commercecentral.yahoo.com
@shelu16
shelu16 / Jira.txt
Created January 17, 2021 18:37
Jira
http://3u5xzxi0x2u5l3fpgzjiraaxq7u7j00g.waf.aliyun.com
http://3u5xzxi0x2u5l3fpgzjiraaxq7u7j00g.waf.taobao.com
http://anaujiram.urbanup.com
http://ci2d-jira.test.com
http://cm-jira.gsa-ecas.usa.gov
http://cm-jira.usa.gov
http://experts-jira.atlassian.com
http://getjira.cisco.com
http://hrjira.mail.ru
http://jira.220.chundermtilders.twilio.com
@shelu16
shelu16 / CVE-2022-35416.yaml
Created July 13, 2022 14:32
H3C_SSL_VPN_XSS(Reflected XSS) CVE-2022-35416 - Cross-Site Scripting
id: CVE-2022-35416
info:
name: H3C_SSL_VPN_XSS(Reflected XSS) CVE-2022-35416 - Cross-Site Scripting
author: 0x240x23elu
severity: medium
reference:
- https://github.com/safe3s/CVE-2022-35416
tags: H3C,xss