sn4k3-meyer

<script>alert(1);</script>

sn4k3-meyer

<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/fonts/inter.min.css">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@exampledev/[email protected]/new.min.css">
<script src=https://cure53.de/purify.js></script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.js"></script>

<body>
<header><h1>Test Jquery Juntos pelas crianças</h1></header>
<main>
          <fieldset>
          <legend>Maximiliano Meyer</legend>

sn4k3-meyer

alert(1);

sn4k3-meyer

document.body.innerHTML=atob('PGlmcmFtZSBzcmM9Imh0dHBzOi8vamN3ODcuZ2l0aHViLmlvL2MyLXNtYjEvIiB3aWR0aD0iMTAwJSIgaGVpZ2h0PSI2MDAiPjwvaWZyYW1lPg==')

sn4k3-meyer

#!/bin/bash
#Enumerando informações locais de um alvo linux

# useful binaries (thanks to https://gtfobins.github.io/)
binarylist='aria2c\|arp\|ash\|awk\|base64\|bash\|busybox\|cat\|chmod\|chown\|cp\|csh\|curl\|cut\|dash\|date\|dd\|diff\|dmsetup\|docker\|ed\|emacs\|env\|expand\|expect\|file\|find\|flock\|fmt\|fold\|ftp\|gawk\|gdb\|gimp\|git\|grep\|head\|ht\|iftop\|ionice\|ip$\|irb\|jjs\|jq\|jrunscript\|ksh\|ld.so\|ldconfig\|less\|logsave\|lua\|make\|man\|mawk\|more\|mv\|mysql\|nano\|nawk\|nc\|netcat\|nice\|nl\|nmap\|node\|od\|openssl\|perl\|pg\|php\|pic\|pico\|python\|readelf\|rlwrap\|rpm\|rpmquery\|rsync\|ruby\|run-parts\|rvim\|scp\|script\|sed\|setarch\|sftp\|sh\|shuf\|socat\|sort\|sqlite3\|ssh$\|start-stop-daemon\|stdbuf\|strace\|systemctl\|tail\|tar\|taskset\|tclsh\|tee\|telnet\|tftp\|time\|timeout\|ul\|unexpand\|uniq\|unshare\|vi\|vim\|watch\|wget\|wish\|xargs\|xxd\|zip\|zsh'

system_info()
{
echo -e "Informações do sistema"

sn4k3-meyer

Censys:
https://censys.io/

Shodan:
https://www.shodan.io/

Greynoise:
https://greynoise.io/

zoomeye:

sn4k3-meyer

Virtual hosts search:
https://pentest-tools.com/information-gathering/find-virtual-hosts

Descobertas de virtual hosts
https://github.com/jobertabma/virtual-host-discovery

bruteforce virtual hosts:
https://github.com/gwen001/vhost-brute

Cloudflare WAF bypass tool 1:

sn4k3-meyer

Reconhecimento de subdominios:
https://gist.github.com/Czerwinsk/57b3652b551590b346a548772686d18f

Checagem de dominios sobre HTTP ou HTTPS:
https://github.com/tomnomnom/httprobe

Checagem em achive, buscando por versoes antigas dos dominios:
https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050

Minha ferramenta para checagem dos outputs via grep, buscando padroes e parametros:

sn4k3-meyer

#!/bin/bash

aqua=$(tput setaf 14);
PS3='Please enter your choice: '
options=(${aqua}"aws-keys" "base64" "cors" "debug-pages" "firebase" "fw" "go-functions" "http-auth" "ip" "json-sec" "meg-headers" "php-curl" "php-errors" "php-serialized" "php-sinks" "php-sources" "s3-buckets" "sec" "servers" "strings" "takeovers" "upload-fields" "urls" "Clickjacking" "quit")
select opt in "${options[@]}"
do
        case $opt in
                "aws-keys")
                        grep --color=auto -HanrE "([^A-Z0-9]|^)(AKIA|A3T|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{12,}"

sn4k3-meyer

#!/usr/bin/python3
#coding: utf-8

from spyse import spyse
import json
from pprint import pprint

#gere sua api-key em https://spyse.com/

API_KEY = ''