Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 1.
- python3 ./cc.py -u -o temp_file.txt some_domain.com && python3 ./wayback.py some_domain.com >> temp_file.txt && awk '!a[$0]++' temp_file.txt | sed '/\.jpg/d; /\.png/d; /\.css/d; /\.pdf/d; /\.gif/d; /\.ttf/d; /\.woff/d; /\.eot/d' >> url_list.txt
- 2.Generate wordlist using wayback
- will helpful in directory bruteforcing
- curl -s "web.archive.org/cdx/search/cdx?url=bird.io/*" | sed 's/\//\n/g' | sort -u | grep -v 'svg\|.png\|.img\|.ttf\|http:\|:\|.eot\|woff\|ico\|css\|bootstrap\|wordpress\|.jpg\|.jpeg' | 𝐩𝐞𝐫𝐥 -𝐩𝐞 '𝐬/\%(\𝐰\𝐰)/𝐜𝐡𝐫 𝐡𝐞𝐱 $𝟏/𝐠𝐞' > wordlist.txt
- 3.
- Getting all js links in command line:
- wget -nd -rH -A js --spider DOMAIN/PAGE 2>&1 | grep '^--.*\.js' | awk '{print $3}'
- 4.
- Script to get the HTTP status code of a list of urls inorder to find valid subdomains.
- #!/bin/bash
- while read LINE; do curl -o /dev/null --silent --head --write-out "%{http_code} $LINE\n" "$LINE"
- done < url-list.txt
- 5.
- Here's a regular expression for extracting variable names from JS. I'll be using the results for parameter fuzzing.
- /(?<=(var|const|let) )([A-Za-z0-9_]+?)(?=(;|,|=| ))/g
- /(?:const|let|var)\s+\K(\w+?)(?=[;.=\s])
- 6.
- This #OneLiner extracts all API endpoints from AngularJS & Angular javascript files.
- @JaneScott_
- @Jiab77
- @haxel0rd
- curl -s URL | grep -Po "(\/)((?:[a-zA-Z\-_\:\.0-9\{\}]+))(\/)*((?:[a-zA-Z\-_\:\.0-9\{\}]+))(\/)((?:[a-zA-Z\-_\/\:\.0-9\{\}]+))" | sort -u
- 7.
- #OneLiner to get commoncrawl assets!
- curl -sL (link: http://index.commoncrawl.org) index.commoncrawl.org | grep 'href="/CC' | awk -F'"' '{print $2}' | xargs -n1 -I{} curl -sL (link: http://index.commoncrawl.org) index.commoncrawl.org{}-index?url=(link: http://uber.com/) uber.com* | awk -F'"url":\ "' '{print $2}' | cut -d'"' -f1 | sort -u | tee domain.txt
- 8.
- Do you have a big list of URLs & want to fuzz them for XSS in the URL path? Use
- @TomNomNom
- 's meg tool!
- 1. Add /?xss=xss1"2<3%22' in paths.txt
- 2. meg -L -c 5 paths.txt urls.txt ./megxss_out
- 3. grep -HC5 'xss1"' --color ./megxss_out/*/*
- 9.
- Decoding JWT token in a single python(3) command:
- headers, data, sign = tuple([base64.urlsafe_b64decode(x+"========").decode("utf-8", errors="ignore") for x in JWT_token.rsplit('.')])
- For bash,
- for i in {1..3} ; do echo "JWT.token.urlencoded" | cut -d "." -f $i | base64 -d; echo ; done
- from authlib.jose import jwt
- jwt.decode(cookie, verify=No)
Add Comment
Please, Sign In to add comment