Skip to content

Latest commit

 

History

History
66 lines (52 loc) · 2.96 KB

README.md

File metadata and controls

66 lines (52 loc) · 2.96 KB

text (1)

contributions welcome

Uncover

  • Description: Oneliner for run your targets all domain on uncover ( very useful when you have list of wildcard domains)
while read -r line; do uncover -q "$line" -e fofa,censys | uniq; done < all-domains.txt > all-domains-ips-uncover.txt

FFUF

  • Description: Run ffuf on all of your targets domain and save only find in a txt file
for url in $(cat targets.txt); do ffuf -ac -fc 404,403 -w wordlist.txt -u $url/FUZZ >> results.txt; done && sort -u results.txt | grep -E '^https?://' > results.txt

Httpx grep only ips

  • Description: Graping only Ips and filter out domains and save them on a txt file
cat live-domain.txt | httpx -ip -silent -timeout 10 | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | tee domains-ips.txt

Httpx only Cname gather

  • Description: Graping only cname and filter out other stuff and save them on a txt file
cat domains.txt | httpx -cname -timeout 13 | cut -f2 | awk '{print $2}' | uniq | unfurl -u domains > cname.txt

Html DEV comments grep

  • Description: Sometimes developer #Html comments can be useful while doing bug bounty or security assessments .
cat target-domain.txt | xargs -I@ sh -c 'curl -v --stderr - @ | grep "<\!--" && echo @' > target-domains-html-comments.txt

Greather all panel stuff from Gau/wayback urls

  • Description: Greather all panel stuff from Gau/wayback urls that may help to find vulnabilty like defult password, sqli on admin panel, singup option, unrestricted/weakly secure admin panel etc.
cat gau-urls.txt | grep -i "login\|singup\|admin\|dashboard\|wp-admin\|singin\|adminer\|dana-na\|login/?next/=" | sort | uniq > gau-panel.txt

🛠 Post-Mortem your Gau/Wayback result with Gau-Expose tool

Regex for bug bounty

  • Description: Remove http/s from your target list very useful when your tool dosen't work with http/s like nabbu
cat targets.txt | sed 's/^http\(\|s\):\/\///g' > without-http.txt
  • Description: adding https:// or any word like admin,ftp infront of your domains.
awk '$0="https://"$0' domains.txt > add-done-domain.txt
  • Description: Remove garbage from gospider/wayback urls
cat gospider.txt | sed -e 's/\.gif\|.html\|.rss\|.cfm\|.htm\|.jpg\|.mp4\|.css\|.jpeg\|.png\|.svg\|.ico\|.mp3\|.mp4//' > filter-gospider-urls.txt
  • Description: Grep only ips from a txt file.Hidden ips may revel internal admin panel page, help in ssrf , may find interesting thing after port scan etc.
grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' text-file.txt