- Recon
- Find vuln
- Exploit
- Document it
Unicornscans in cli, nmap in msfconsole to help store loot in database.
h121h
/ nowafpls___8KB.json
Created
May 27, 2024 15:27
— forked from Rhynorater/nowafpls___8KB.json
nowafpls - Caido Convert Workflow
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "description": "Bypass WAFs with 8KB Padding.", | |
| "edition": 2, | |
| "graph": { | |
| "edges": [ | |
| { | |
| "source": { | |
| "exec_alias": "exec", | |
| "node_id": 2 | |
| }, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ! 3/17/2019 https://www.flightconnections.com | |
| www.flightconnections.com###flc-text | |
| www.flightconnections.com###flc | |
| www.flightconnections.com##div:watch-attr(class):remove-class(blur) | |
| www.flightconnections.com##div:watch-attr(class):remove-class(validity-schedule-premium-button) | |
| !www.flightconnections.com##.datepicker--body:watch-attr(class):remove-class(xyz) | |
| ! 2024/02/20 FlightConnections - Block network connections | |
| ||compare.flightconnections.com/c24k/v1/render |
h121h
/ Get_Early_Stargazers.graphql
Created
January 4, 2022 00:12
— forked from nil0x42/Get_Early_Stargazers.graphql
[OSINT] Get early stargazers of a GitHub repository for org/user info gathering
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get_Early_Stargazers #OSINT #recon trick, by @nil0x42 | |
| # Get list of first people to star a GitHub repository. | |
| # Those are more likely to be closely connected to target org/user | |
| # Run this query with wanted owner/name in GitHub GraphQL explorer: | |
| # - https://developer.github.com/v4/explorer/ | |
| query Get_Early_Stargazers { | |
| repository(owner: "sherlock-project", name: "sherlock") { |
h121h
/ st8out.sh
Created
February 22, 2020 21:28
— forked from dwisiswant0/st8out.sh
St8out - Extra one-liner for reconnaissance
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ##### | |
| # | |
| # St8out - Extra one-liner for reconnaissance | |
| # | |
| # Usage: ./st8out.sh target.com | |
| # | |
| # Resources: | |
| # - https://github.com/j3ssie/metabigor |
h121h
/ waybackrobots.py
Created
October 3, 2019 14:38
— forked from mhmdiaa/waybackrobots.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import re | |
| import sys | |
| from multiprocessing.dummy import Pool | |
| def robots(host): | |
| r = requests.get( | |
| 'https://web.archive.org/cdx/search/cdx\ | |
| ?url=%s/robots.txt&output=json&fl=timestamp,original&filter=statuscode:200&collapse=digest' % host) |
h121h
/ waybackurls.py
Created
October 3, 2019 14:38
— forked from mhmdiaa/waybackurls.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import sys | |
| import json | |
| def waybackurls(host, with_subs): | |
| if with_subs: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host | |
| else: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CREATE DATABASE pw | |
| WITH | |
| OWNER = XXXXXXXXXXXXXX | |
| ENCODING = 'UTF8' | |
| LC_COLLATE = 'en_US.UTF-8' | |
| LC_CTYPE = 'en_US.UTF-8' | |
| TABLESPACE = pg_default | |
| CONNECTION LIMIT = -1; | |
| CREATE TABLE public.passwords |
h121h
/ asteroid2.js
Created
November 5, 2017 21:48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| javascript:var%20s%20=%20document.createElement('script');s.type='text/javascript';document.body.appendChild(s);s.src='http://erkie.github.com/asteroids.min.js';void(0); |
h121h
/ asteroid.js
Created
November 5, 2017 21:44
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Copyright (c) <2011, 2012> Rootof Creations HB, rootof.com, kickassapp.com | |
| */(function(window) { | |
| (function(window,document,location,setTimeout,decodeURIComponent,encodeURIComponent){var global=this;var channelId=Math.floor(Math.random()*10000);var emptyFn=Function.prototype;var reURI=/^((http.?:)\/\/([^:\/\s]+)(:\d+)*)/;var reParent=/[\-\w]+\/\.\.\//;var reDoubleSlash=/([^:])\/\//g;var namespace="";var easyXDM={};var _easyXDM=window.easyXDM;var IFRAME_PREFIX="easyXDM_";var HAS_NAME_PROPERTY_BUG;var useHash=false;var flashVersion;var HAS_FLASH_THROTTLED_BUG;function isHostMethod(object,property){var t=typeof object[property];return t=='function'||(!!(t=='object'&&object[property]))||t=='unknown';} | |
| function isHostObject(object,property){return!!(typeof(object[property])=='object'&&object[property]);} | |
| function isArray(o){return Object.prototype.toString.call(o)==='[object Array]';} | |
| function hasFlash(){try{var activeX=new ActiveXObject("ShockwaveFlash.ShockwaveFlash");flashVersion=Array.prototype.slice.call(a |
h121h
/ how-to-oscp-final.md
Created
October 3, 2017 16:36
— forked from unfo/how-to-oscp-final.md