SHARE
TWEET

Useful Commands

a guest Jun 30th, 2019 122 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 1.
  2. python3 ./cc.py -u -o temp_file.txt some_domain.com && python3 ./wayback.py some_domain.com >> temp_file.txt && awk '!a[$0]++' temp_file.txt | sed '/\.jpg/d; /\.png/d; /\.css/d; /\.pdf/d; /\.gif/d; /\.ttf/d; /\.woff/d; /\.eot/d' >> url_list.txt
  3.  
  4. 2.Generate wordlist using wayback
  5. will helpful in directory bruteforcing
  6. curl -s "web.archive.org/cdx/search/cdx?url=bird.io/*" | sed 's/\//\n/g' | sort -u | grep -v 'svg\|.png\|.img\|.ttf\|http:\|:\|.eot\|woff\|ico\|css\|bootstrap\|wordpress\|.jpg\|.jpeg' | 𝐩𝐞𝐫𝐥 -𝐩𝐞 '𝐬/\%(\𝐰\𝐰)/𝐜𝐡𝐫 𝐡𝐞𝐱 $𝟏/𝐠𝐞'  > wordlist.txt
  7.  
  8. 3.
  9.  
  10. Getting all js links in command line:
  11.  
  12. wget -nd -rH -A js --spider DOMAIN/PAGE 2>&1 | grep '^--.*\.js' | awk '{print $3}'
  13.  
  14. 4.
  15. Script to get the HTTP status code of a list of urls inorder to find valid subdomains.
  16.  
  17. #!/bin/bash
  18. while read LINE; do curl -o /dev/null --silent --head --write-out "%{http_code} $LINE\n" "$LINE"
  19.  done < url-list.txt
  20.  
  21.  
  22.  5.
  23.  Here's a regular expression for extracting variable names from JS. I'll be using the results for parameter fuzzing.
  24.  
  25. /(?<=(var|const|let) )([A-Za-z0-9_]+?)(?=(;|,|=| ))/g
  26.  
  27. /(?:const|let|var)\s+\K(\w+?)(?=[;.=\s])
  28.  
  29.  
  30. 6.
  31. This #OneLiner extracts all API endpoints from AngularJS & Angular javascript files.
  32. @JaneScott_
  33.  
  34. @Jiab77
  35.  
  36. @haxel0rd
  37.  
  38.  
  39. curl -s URL | grep -Po "(\/)((?:[a-zA-Z\-_\:\.0-9\{\}]+))(\/)*((?:[a-zA-Z\-_\:\.0-9\{\}]+))(\/)((?:[a-zA-Z\-_\/\:\.0-9\{\}]+))" | sort -u
  40.  
  41.  
  42. 7.
  43.  
  44. #OneLiner to get commoncrawl assets!
  45.  
  46. curl -sL (link: http://index.commoncrawl.org) index.commoncrawl.org | grep 'href="/CC'  |  awk -F'"' '{print $2}' | xargs -n1 -I{} curl -sL (link: http://index.commoncrawl.org) index.commoncrawl.org{}-index?url=(link: http://uber.com/) uber.com* |  awk -F'"url":\ "' '{print $2}' | cut -d'"' -f1 | sort -u | tee domain.txt
  47.  
  48.  
  49. 8.
  50. Do you have a big list of URLs & want to fuzz them for XSS in the URL path? Use
  51. @TomNomNom
  52. 's meg tool!
  53.  
  54. 1. Add /?xss=xss1"2<3%22' in paths.txt
  55. 2. meg -L -c 5 paths.txt urls.txt ./megxss_out
  56. 3.  grep -HC5 'xss1"' --color ./megxss_out/*/*
  57.  
  58.  
  59. 9.
  60. Decoding JWT token in a single python(3) command:
  61.  
  62. headers, data, sign = tuple([base64.urlsafe_b64decode(x+"========").decode("utf-8", errors="ignore") for x in JWT_token.rsplit('.')])
  63.  
  64. For bash,
  65. for i in {1..3} ; do echo "JWT.token.urlencoded" | cut -d "." -f $i | base64 -d; echo ; done
  66.  
  67.  
  68. from authlib.jose import jwt
  69.  
  70. jwt.decode(cookie, verify=No)
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top