jadkorr
/ 🔥Complete Bug Bounty Cheat Sheet🔥
Created
March 3, 2023 01:30
— forked from cyberheartmi9/🔥Complete Bug Bounty Cheat Sheet🔥
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 🔥Complete Bug Bounty Cheat Sheet🔥 | |
| XSS | |
| https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xss.md | |
| https://github.com/ismailtasdelen/xss-payload-list | |
| SQLi | |
| https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/sqli.md |
jadkorr
/ Generic keys
Created
February 21, 2023 09:53
— forked from h4x0r-dz/Generic keys
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k |
jadkorr
/ regexCheatsheet.js
Created
August 26, 2021 04:55
— forked from sarthology/regexCheatsheet.js
A regex cheatsheet 👩🏻💻 (by Catherine)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let regex; | |
| /* matching a specific string */ | |
| regex = /hello/; // looks for the string between the forward slashes (case-sensitive)... matches "hello", "hello123", "123hello123", "123hello"; doesn't match for "hell0", "Hello" | |
| regex = /hello/i; // looks for the string between the forward slashes (case-insensitive)... matches "hello", "HelLo", "123HelLO" | |
| regex = /hello/g; // looks for multiple occurrences of string between the forward slashes... | |
| /* wildcards */ | |
| regex = /h.llo/; // the "." matches any one character other than a new line character... matches "hello", "hallo" but not "h\nllo" | |
| regex = /h.*llo/; // the "*" matches any character(s) zero or more times... matches "hello", "heeeeeello", "hllo", "hwarwareallo" |
jadkorr
/ bountyscan_setup.sh
Created
May 10, 2021 03:12
— forked from jhaddix/bountyscan_setup.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| export DEBIAN_FRONTEND=noninteractive; | |
| echo "[*] Starting Install... [*]" | |
| echo "[*] Upgrade installed packages to latest [*]" | |
| echo -e "\nRunning a package upgrade...\n" | |
| apt-get -qq update && apt-get -qq dist-upgrade -y | |
| apt full-upgrade -y | |
| apt-get autoclean | |
| echo "[*] Install stuff I use all the time [*]" |
jadkorr
/ Github bash generated search links (from hunter.sh)
Created
May 10, 2021 01:37
— forked from jhaddix/Github bash generated search links (from hunter.sh)
Github bash generated search links (from hunter.sh)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "" | |
| echo "************ Github Dork Links (must be logged in) *******************" | |
| echo "" | |
| echo " password" | |
| echo "https://github.com/search?q=%22$1%22+password&type=Code" | |
| echo "https://github.com/search?q=%22$without_suffix%22+password&type=Code" | |
| echo "" | |
| echo " npmrc _auth" |
jadkorr
/ Preparación OSCP.md
Created
April 19, 2021 18:34
— forked from s4vitar/Preparación OSCP.md
jadkorr
/ send_urls_to_burp
Created
July 11, 2020 16:52
— forked from arbazkiraak/send_urls_to_burp
Send Urls to Burp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| import requests,sys | |
| import urllib3,queue,threading | |
| urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) | |
| headers = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36'} | |
| proxies = {'http':'http://127.0.0.1:8080','https':'http://127.0.0.1:8080'} | |
| urls_inp = sys.argv[1] |
jadkorr
/ f5_here_i_come.sh
Created
July 7, 2020 22:53
— forked from LuD1161/f5_here_i_come.sh
F5 Slapdash attempt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get all the F5 IPs from Shodan | Get script here : https://gist.github.com/LuD1161/2087aea80e8771a4af069c33b4078570 | |
| python3 shodan_query.py "http.favicon.hash:-335242539" results_f5.txt | tee -a output.txt | |
| cat output.txt | grep -i "host :" | cut -d":" -f2 | cut -d" " -f2 | httpx -threads 400 -ports 80,443,8443,4443 -silent | nuclei -t cves/CVE-2020-5902.yaml -o results.txt | |
| cut -d" " -f3 results.txt > targets.txt | |
| sed -i -e "s/\.\;/\.\\\;/g" targets.txt # escape semicolon to pass to interlace | |
| interlace -tL ./targets.txt -threads 100 -c "echo _target_; curl --insecure -v _target_ 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }'" -v | tee -a all_certs.txt |
jadkorr
/ shodan_api_query.py
Created
July 7, 2020 22:53
— forked from LuD1161/shodan_api_query.py
Query Shodan API : Plain and Simple
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| import requests | |
| import time | |
| import os | |
| import json | |
| import sys | |
| headers = { | |
| 'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0', | |
| 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8', |
jadkorr
/ levelbot.py
Created
June 14, 2020 19:36
— forked from ExtraJuiceMan/levelbot.py
Shitty Discord levelbot written in Python
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from discord.ext import commands | |
| import discord | |
| import logging | |
| import yaml | |
| import sqlite3 | |
| import time | |
| import random | |
| import re | |
| logging.basicConfig(level=logging.INFO) |