1n1t6Sh3ll · November 10, 2021 22:00 · Aug 16, 2020 · Aug 16, 2020 · Aug 16, 2020 · Aug 16, 2020
diff --git a/bash profile b/bash profile
@@ -81,10 +81,6 @@ otx()
 }
 
 endpoints(){
-subfinder -d $1 -silent|xargs -n1 -i{}     curl  -s "https://otx.alienvault.com/otxapi/indicator/hostname/url_list/{}?limit=100&page=1"|jq '.url_list[].url'|sed 's/"//$
+subfinder -d $1 -silent|xargs -n1 -i{}     curl  -s "https://otx.alienvault.com/otxapi/indicator/hostname/url_list/{}?limit=100&page=1"|jq '.url_list[].url'|sed 's/"//g'|unfurl paths|sort -u
 
 }
-
-
-
-
diff --git a/bash profile b/bash profile
@@ -80,6 +80,11 @@ otx()
  curl  "https://otx.alienvault.com/otxapi/indicator/hostname/url_list/$1?limit=100&page=1"|jq '.url_list[].url'|sed 's/"//g'|unfurl paths|sort -u
 }
 
+endpoints(){
+subfinder -d $1 -silent|xargs -n1 -i{}     curl  -s "https://otx.alienvault.com/otxapi/indicator/hostname/url_list/{}?limit=100&page=1"|jq '.url_list[].url'|sed 's/"//$
+
+}
+
 
 
 
diff --git a/bash profile b/bash profile
@@ -72,7 +72,14 @@ Parmasfinder(){
 ssrf_redirect(){
         cat $1 | gau   | head -n 5000 > google.txt; cat google.txt | sort -u | grep -a -i \=http > ssrf_redirects.txt
 }
+
+
 otx()
 {
-    gron "https://otx.alienvault.com/otxapi/indicator/hostname/url_list/$1?limit=100&page=1" | grep "\burl\b" | gron --ungron | jq
+
+ curl  "https://otx.alienvault.com/otxapi/indicator/hostname/url_list/$1?limit=100&page=1"|jq '.url_list[].url'|sed 's/"//g'|unfurl paths|sort -u
 }
+
+
+
+
diff --git a/bash profile b/bash profile
@@ -1,3 +1,22 @@
+
+recon() {
+
+subfinder -d $1 -silent|httprobe -c 40|tee -a $1.txt
+
+}
+
+
+fdir(){
+
+cat $1|xargs -n1 -i{} ffuf -w  api.txt -u  {}/FUZZ -fc 404,401,302,301,307,403,$
+
+}
+
+
+
+
+
+
 sub(){
 
         curl -s https://dns.bufferover.run/dns?q=.$1 |jq -r .FDNS_A[]|cut -d',' -f2|sort -u

diff --git a/bash profile b/bash profile
@@ -0,0 +1,59 @@
+sub(){
+
+        curl -s https://dns.bufferover.run/dns?q=.$1 |jq -r .FDNS_A[]|cut -d',' -f2|sort -u
+}
+
+spring(){
+        shodan search org:"$1" http.favicon.hash:116323821 --fields ip_str,port --separator " " | awk '{print $1":"$2}' | while read host do ;do ffuf -u http://$host/FUZZ -mc 200 -w spring-boot.txt ;done
+}
+bin2hex(){
+        hexdump -v -e '1/1 "%02x"' "$1"
+}
+amassp(){
+        echo "passive scanning"
+        amass enum --passive -d $1 -o $2
+}
+active(){
+        echo "active amass scanning"
+        amass enum  -src -ip -brute -min-for-recursive 2 -d $1 -o $2
+} 
+cors_reflect_auto(){
+        gau $1 | while read url;do target=$(curl -s -I -H "Origin: https://evil.com" -X GET $url) | if grep 'https://evil.com'; then [Potentional CORS Found]echo $url;$url;else echo Nothing on "$url";fi;done
+}
+cors_null_origin(){
+        gau $1 | while read url;do target=$(curl -s -I -H "Origin: null" -X GET $url) | if grep 'Access-Control-Allow-Origin: null'; then echo [Potentional CORS Found] "$url"; else echo Nothing on: "$url";fi;done
+
+}
+cors_null_value(){
+        gau $1 | while read url;do target=$(curl -s -I -X GET "$url") | if grep 'Access-Control-Allow-Origin: null'; then echo [Potentional CORS Found] "$url"; else echo Nothing on: "$url";fi;done
+}
+cors_trust_subdomain(){
+        gau $1 | while read url;do target=$(curl -s -I -H "Origin: evil.$url" -X GET "$url") | if grep 'Access-Control-Allow-Origin: null'; then echo [Potentional CORS Found] "$url"; else echo Nothing on: "$url";fi;done
+}
+cors_domain_not_valid(){
+        gau $1 | while read url;do target=$(curl -s -I -H "Origin: https://not$site" -X GET "$url") | if grep 'Access-Control-Allow-Origin: https://not$site'; then echo [Potentional CORS Found] "$url"; else echo Nothing on: "$url";fi;done
+}
+cors_dom_ext(){
+        gau $1 | while read url;do target=$(curl -s -I -H "Origin: $site.evil.com" -X GET "$url") | if grep "Origin: Access-Control-Allow-Origin: $site.evil.com";  then echo [Potentional CORS Found] "$url"; else echo Nothing on: "$url";fi;done
+}
+find_domains_vt(){
+        curl  -s https://www.virustotal.com/ui/domains/$1/subdomains\?limit\=$2 | jq .data[].id | cut -d '"' -f2
+}
+find_cert(){
+        curl -s https://certspotter.com/api/v0/certs?domain=$1 | jq  -c '.[].dns_names' | cut -d "[" -f2 | cut -d "]" -f1 | cut -d "," -f1 | cut -d '"' -f2
+}
+
+endpointfromjs(){
+        cat $1 | grep -oh "\"\/[a-zA-Z0-9_/?=&]*\"" | sed -e 's/^"//' -e 's/"$//' | sort -u
+}
+
+Parmasfinder(){
+        cat subdomains.txt | hakrawler | grep 'http' | cut -d  ' ' -f2>crawling.txt && gau --subs domain.com >>crawling.txt;waybackurls domain.com>>crawling.txt && cat crawling.txt | grep '?' | unfurl --unique format %s://%d%p >base.txt;cat base.txt | parallel -j 4 grep {} -m5 crawling.txt | tee final1.txt;cat final1.txt | egrep -iv ".(jpg|gif|jpeg|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt|js)" >final.txt && rm -rf base.txt final1.txt
+}
+ssrf_redirect(){
+        cat $1 | gau   | head -n 5000 > google.txt; cat google.txt | sort -u | grep -a -i \=http > ssrf_redirects.txt
+}
+otx()
+{
+    gron "https://otx.alienvault.com/otxapi/indicator/hostname/url_list/$1?limit=100&page=1" | grep "\burl\b" | gron --ungron | jq
+}