dmatrixx / bbprograms.txt

Created April 13, 2021 20:03 — forked from haxcited/bbprograms.txt

	google dork -> site:.co.uk inurl:"responsible disclosure"
	https://registry.internetnz.nz/about/vulnerability-disclosure-policy/
	http://www.123contactform.com/security-acknowledgements.htm
	https://18f.gsa.gov/vulnerability-disclosure-policy/
	https://support.1password.com/security-assessments/
	https://www.23andme.com/security-report/
	https://www.abnamro.com/en/footer/responsible-disclosure.html
	https://www.accenture.com/us-en/company-accenture-responsible-disclosure
	https://www.accredible.com/white_hat/
	https://www.acquia.com/how-report-security-issue

dmatrixx / bbprograms.txt

Created April 13, 2021 20:03 — forked from arbazkiraak/bbprograms.txt

	google dork -> site:.co.uk inurl:"responsible disclosure"
	https://registry.internetnz.nz/about/vulnerability-disclosure-policy/
	http://www.123contactform.com/security-acknowledgements.htm
	https://18f.gsa.gov/vulnerability-disclosure-policy/
	https://support.1password.com/security-assessments/
	https://www.23andme.com/security-report/
	https://www.abnamro.com/en/footer/responsible-disclosure.html
	https://www.accenture.com/us-en/company-accenture-responsible-disclosure
	https://www.accredible.com/white_hat/
	https://www.acquia.com/how-report-security-issue

dmatrixx / user-agents.txt

Created January 29, 2021 09:58 — forked from pzb/user-agents.txt

	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/37.0.2062.94 Chrome/37.0.2062.94 Safari/537.36
	Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36
	Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/600.8.9 (KHTML, like Gecko) Version/8.0.8 Safari/600.8.9
	Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
	Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36
	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36
	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240
	Mozilla/5.0 (Windows NT 6.3; WOW64; rv:40.0)

dmatrixx / assetfinder.ads

Created September 15, 2020 14:12 — forked from sillydadddy/assetfinder.ads

Amass lua scripts


	name = "assetfinder"
	type = "ext"

	function vertical(ctx, domain)
	print("in asset finder")
	local cmd = outputdir(ctx) .. "assetfinder --subs-only " .. domain

	local data = assert(io.popen(cmd))
	for line in data:lines() do

dmatrixx / dumprequest.php

Created July 23, 2020 11:49 — forked from magnetikonline/dumprequest.php

PHP script to dump full HTTP request to file (method, HTTP headers and body).

	<?php
	// https://gist.github.com/magnetikonline/650e30e485c0f91f2f40

	class DumpHTTPRequestToFile {

	public function execute($targetFile) {

	$data = sprintf(
	"%s %s %s\n\nHTTP headers:\n",
	$_SERVER['REQUEST_METHOD'],

dmatrixx / credentials-leaks.md

Created May 29, 2020 05:00 — forked from vasanthk/credentials-leaks.md

Do not underestimate credentials leaks.

Gist copied from here for my own reference

While one might think that leaking credentials is pretty much a noob mistake, and if you are feeling yourself being safe because you are an experienced developer, that’s a wrong impression leading to underestimation of the problem.

I performed a rather simple credentials search using only two methods: wget/untar/grep on npm packages and GitHub Search. The queries were pretty simple, it did not take much time, and that’s a quite obvious thing to do. Do you remember yourself laughing at «begin rsa private key» search results over GitHub and people who publish that?

dmatrixx / ssrf.sh

Last active July 3, 2020 20:08 — forked from hussein98d/ssrf.sh

This script takes a domain name and a callback server, parses links , appends SSRF parameters and fire the requests.

	echo "Blind SSRF testing - append to parameters and add new parameters @hussein98d"
	echo "Usage: bash script.sh domain.com http://server-callbak"
	echo "This script uses https://github.com/ffuf/ffuf, https://github.com/lc/gau, https://github.com/tomnomnom/waybackurls"
	if [ -z "$1" ]; then
	echo >&2 "ERROR: Domain not set"
	exit 2
	fi
	if [ -z "$2" ]; then
	echo >&2 "ERROR: Sever link not set"
	exit 2

dmatrixx / introspection-query.graphql

Created May 15, 2020 17:14 — forked from craigbeck/introspection-query.graphql

Introspection query for GraphQL


	query IntrospectionQuery {
	__schema {
	queryType { name }
	mutationType { name }
	subscriptionType { name }
	types {
	...FullType
	}
	directives {

dmatrixx / subdomains wildcard detection example

Last active May 20, 2020 06:46 — forked from 003random/subdomains wildcard detection example

if [[ "$(dig @1.1.1.1 A,CNAME {testthisisrandomand,testcantpossibyexists,testbutletsseeodds}.$domain +short | wc -l)" -gt "1" ]]; then  echo "[!] Possible wildcard detected."; fi

dmatrixx / scanio.sh

Last active May 17, 2020 03:56 — forked from haccer/scanio.sh

PoC script to mass-locate vulnerable subdomains using results from Rapid7's Project Sonar

	#!/bin/bash
	# Usage : ./scanio.sh <save file>
	# Example: ./scanio.sh cname_list.txt

	# Premium
	function ech() {
	spinner=( "\|" "/" "-" "\\" )
	while true; do
	for i in ${spinner[@]}; do
	echo -ne "\r[$i] $1"

dmatrix dmatrixx

Do not underestimate credentials leaks.