Skip to content

Instantly share code, notes, and snippets.

View haxormad's full-sized avatar

Abartan Dhakal haxormad

121 followers · 145 following
View GitHub Profile
@karanlyons
karanlyons / log4shell_regexes.py
Last active March 7, 2022 03:49
log4shell Regexes
import re
from urllib.parse import unquote
FLAGS = re.IGNORECASE | re.DOTALL
ESC_DOLLAR = r'(?:\$|[\\%]u0024||\\x24|\\0?44|%24)'
ESC_LCURLY = r'(?:\{|[\\%]u007B|\\x7B|\\173|%7B)'
ESC_RCURLY = r'(?:\}|[\\%]u007D|\\x7D|\\175|%7D)'
_U_PERCENT_ESCAPE_RE = re.compile(r'%(u[0-9a-f]{4})', flags=FLAGS)
_PERCENT_ESCAPE_RE = re.compile(r'%[0-9a-f]{2}', flags=FLAGS)
@haxormad
haxormad / redUrl.txt
Created May 6, 2020 01:38 — forked from geekyrajnish/redUrl
Recon For Open Redirection Bug
redUrl() { gau -subs $1 | grep "redirect" >> $1_redirectall.txt | gau -subs $1 | grep "redirect=" >> $1_redirectequal.txt | gau -subs $1 | grep "url" >> $1_urlall.txt | gau -subs $1 | grep "url=" >> $1_urlequal.txt | gau -subs $1 | grep "next=" >> $1_next.txt | gau -subs $1 | grep "dest=" >> $1_dest.txt | gau -subs $1 | grep "destination" >> $1_destination.txt | gau -subs $1 | grep "return" >> $1_return.txt | gau -subs $1 | grep "go=" >> $1_go.txt | gau -subs $1 | grep "redirect_uri" >> $1_redirecturi.txt | gau -subs $1 | grep "continue=" >> $1_continue.txt | gau -subs $1 | grep "return_path=" >> $1_path.txt | gau -subs $1 | grep "externalLink=" >> $1_link.txt | gau -subs $1 | grep "URL=" >> $1_URL.txt
}
@geekyrajnish
geekyrajnish / redUrl
Last active November 12, 2020 12:37
Recon For Open Redirection Bug
redUrl() { gau -subs $1 | grep "redirect" >> $1_redirectall.txt | gau -subs $1 | grep "redirect=" >> $1_redirectequal.txt | gau -subs $1 | grep "url" >> $1_urlall.txt | gau -subs $1 | grep "url=" >> $1_urlequal.txt | gau -subs $1 | grep "next=" >> $1_next.txt | gau -subs $1 | grep "dest=" >> $1_dest.txt | gau -subs $1 | grep "destination" >> $1_destination.txt | gau -subs $1 | grep "return" >> $1_return.txt | gau -subs $1 | grep "go=" >> $1_go.txt | gau -subs $1 | grep "redirect_uri" >> $1_redirecturi.txt | gau -subs $1 | grep "continue=" >> $1_continue.txt | gau -subs $1 | grep "return_path=" >> $1_path.txt | gau -subs $1 | grep "externalLink=" >> $1_link.txt | gau -subs $1 | grep "URL=" >> $1_URL.txt
}
@harisec
harisec / exploit_path_traversals_in_Java_webapps.txt
Created April 27, 2020 10:24
quick primer on how to exploit path traversals in Java web apps (i.e. you can read WEB-INF/web.xml)
so, you can read WEB-INF/web.xml. how can you escalate this issue?
[step 1]. try to read other common Java files such as WEB-INF/web-jetty.xml.
use a specialized wordlist such as the following (from Sergey Bobrov/BlackFan):
https://github.com/BlackFan/WEB-INF-dict/blob/master/web-inf.txt
with time you can build your own wordlist adding files you've discovered over time.
use Burp Intruder for this, it's perfect for this job.
sort Intruder results by status code so you can see instantly which files were found.
@1lastBr3ath
1lastBr3ath / linkfinder.md
Last active September 29, 2024 11:07
Usage of LinkFinder (@GerbenJavado)
  • Navigate to page from where you want to extract links
  • Open your browser's console and paste the following ;
    document.querySelectorAll('script[src]').forEach((i)=>document.write(i.src+'<br/>'))
  • Copy all links and write it into a file (ex: jslinks.txt)
  • Open your terminal and cd to directory where you've downloaded LinkFinder
  • Run the following command
 while IFS= read link; do python linkfinder.py -i "$link" -o cli; done &lt; jslinks.txt | tee -a output.html