Skip to content

Instantly share code, notes, and snippets.

View randomrobby's full-sized avatar

randomrobby

2 followers · 3 following
View GitHub Profile
@nullenc0de
nullenc0de / apk_relative_links.txt
Created August 13, 2021 00:07
@nullenc0de
nullenc0de / interesting_dirsearch.txt
Last active October 22, 2023 11:54
uploads/affwp-debug.log
certs/server.key
server.key
.CSV
.PDF
.README.md.bud
.action
.actionScriptProperties
.angular-cli.json
.apport-ignore.xml
@dwisiswant0
dwisiswant0 / bash_aliases.sh
Last active November 24, 2024 19:04
One-liner to get Open-redirect & LFI
lfi() {
gau $1 | gf lfi | qsreplace "/etc/passwd" | xargs -I % -P 25 sh -c 'curl -s "%" 2>&1 | grep -q "root:x" && echo "VULN! %"'
}
open-redirect() {
local LHOST="http://localhost"; gau $1 | gf redirect | qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"'
}
@dubey-amit
dubey-amit / Unique wayback url
Last active July 8, 2022 14:03
Get all the Wayback endpoints to compare it with your Burp crawled URLs & probe all the unique endpoints.
cat urls | unfurl -u format %s://%d%p > unique && sort -uo unique unique && cat unique | unfurl -u domains | waybackurls | unfurl -u format %s://%d%p > wayurl && sort -uo wayurl wayurl | comm -1 -3 unique wayurl > final && rm urls && rm unique && rm wayurl && httpx -l final --status-code -silent --content-length | grep -i 200
@gh0sh
gh0sh / gf-and-gau-automate.sh
Last active November 30, 2022 10:02
Simple script to look for juicy endpoints with gf and gau
#!/usr/bin/env bash
#
# Requirements
# - Golang (for complete bug bounty tools, clone this https://github.com/x1mdev/ReconPi)
# - gau (go get -u github.com/lc/gau)
# - gf (go get -u github.com/tomnomnom/gf)
# - Gf-Patterns (https://github.com/1ndianl33t/Gf-Patterns) - Read the README.md for how to copy json file to ~/.gf/
cd ~/.gf
ls *.json > ~/patterns
@arbazkiraak
arbazkiraak / send_urls_to_burp
Created February 20, 2020 12:03
Send Urls to Burp
#!/usr/bin/python3
import requests,sys
import urllib3,queue,threading
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
headers = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36'}
proxies = {'http':'http://127.0.0.1:8080','https':'http://127.0.0.1:8080'}
urls_inp = sys.argv[1]
@dwisiswant0
dwisiswant0 / st8out.sh
Last active February 17, 2024 16:48
St8out - Extra one-liner for reconnaissance
#!/bin/bash
#####
#
# St8out - Extra one-liner for reconnaissance
#
# Usage: ./st8out.sh target.com
#
# Resources:
# - https://github.com/j3ssie/metabigor
@Lopseg
Lopseg / vuln_list.txt
Created November 9, 2019 09:30
150 vulnerability types that you can submit for. Thanks to @thecybermentor and hackerone.
Account Hijacking
Allocation of Resources Without Limits or Throttling - CWE-770
Array Index Underflow - CWE-129
Authentication Bypass Using an Alternate Path or Channel - CWE-288
Brute Force - CWE-307
Buffer Over-read - CWE-126
Buffer Underflow - CWE-124
Buffer Under-read - CWE-127
Business Logic Errors - CWE-840
Classic Buffer Overflow - CWE-120
@yassineaboukir
yassineaboukir / List of API endpoints & objects
Last active September 24, 2025 15:54
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000
@random-robbie
random-robbie / ruby-sensitive-files.txt
Created October 15, 2019 18:58 — forked from harisec/ruby-sensitive-files.txt
database.yml
database.yml_original
database.yml~
database.yml.pgsql
database.yml.sqlite3
config/database.yml
config/database.yml_original
config/database.yml~
config/database.yml.pgsql
config/database.yml.sqlite3