API tools faq
paste
Guest User

Useful Commands

a guest
Jun 30th, 2019
632
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.43 KB | None | 0 0
raw download clone embed print report
  1. 1.
  2. python3 ./cc.py -u -o temp_file.txt some_domain.com && python3 ./wayback.py some_domain.com >> temp_file.txt && awk '!a[$0]++' temp_file.txt | sed '/\.jpg/d; /\.png/d; /\.css/d; /\.pdf/d; /\.gif/d; /\.ttf/d; /\.woff/d; /\.eot/d' >> url_list.txt
  3.  
  4. 2.Generate wordlist using wayback
  5. will helpful in directory bruteforcing
  6. curl -s "web.archive.org/cdx/search/cdx?url=bird.io/*" | sed 's/\//\n/g' | sort -u | grep -v 'svg\|.png\|.img\|.ttf\|http:\|:\|.eot\|woff\|ico\|css\|bootstrap\|wordpress\|.jpg\|.jpeg' | 𝐩𝐞𝐫𝐥 -𝐩𝐞 '𝐬/\%(\𝐰\𝐰)/𝐜𝐡𝐫 𝐡𝐞𝐱 $𝟏/𝐠𝐞' > wordlist.txt
  7.  
  8. 3.
  9.  
  10. Getting all js links in command line:
  11.  
  12. wget -nd -rH -A js --spider DOMAIN/PAGE 2>&1 | grep '^--.*\.js' | awk '{print $3}'
  13.  
  14. 4.
  15. Script to get the HTTP status code of a list of urls inorder to find valid subdomains.
  16.  
  17. #!/bin/bash
  18. while read LINE; do curl -o /dev/null --silent --head --write-out "%{http_code} $LINE\n" "$LINE"
  19. done < url-list.txt
  20.  
  21.  
  22. 5.
  23. Here's a regular expression for extracting variable names from JS. I'll be using the results for parameter fuzzing.
  24.  
  25. /(?<=(var|const|let) )([A-Za-z0-9_]+?)(?=(;|,|=| ))/g
  26.  
  27. /(?:const|let|var)\s+\K(\w+?)(?=[;.=\s])
  28.  
  29.  
  30. 6.
  31. This #OneLiner extracts all API endpoints from AngularJS & Angular javascript files.
  32. @JaneScott_
  33.  
  34. @Jiab77
  35.  
  36. @haxel0rd
  37.  
  38.  
  39. curl -s URL | grep -Po "(\/)((?:[a-zA-Z\-_\:\.0-9\{\}]+))(\/)*((?:[a-zA-Z\-_\:\.0-9\{\}]+))(\/)((?:[a-zA-Z\-_\/\:\.0-9\{\}]+))" | sort -u
  40.  
  41.  
  42. 7.
  43.  
  44. #OneLiner to get commoncrawl assets!
  45.  
  46. curl -sL (link: http://index.commoncrawl.org) index.commoncrawl.org | grep 'href="/CC' | awk -F'"' '{print $2}' | xargs -n1 -I{} curl -sL (link: http://index.commoncrawl.org) index.commoncrawl.org{}-index?url=(link: http://uber.com/) uber.com* | awk -F'"url":\ "' '{print $2}' | cut -d'"' -f1 | sort -u | tee domain.txt
  47.  
  48.  
  49. 8.
  50. Do you have a big list of URLs & want to fuzz them for XSS in the URL path? Use
  51. @TomNomNom
  52. 's meg tool!
  53.  
  54. 1. Add /?xss=xss1"2<3%22' in paths.txt
  55. 2. meg -L -c 5 paths.txt urls.txt ./megxss_out
  56. 3. grep -HC5 'xss1"' --color ./megxss_out/*/*
  57.  
  58.  
  59. 9.
  60. Decoding JWT token in a single python(3) command:
  61.  
  62. headers, data, sign = tuple([base64.urlsafe_b64decode(x+"========").decode("utf-8", errors="ignore") for x in JWT_token.rsplit('.')])
  63.  
  64. For bash,
  65. for i in {1..3} ; do echo "JWT.token.urlencoded" | cut -d "." -f $i | base64 -d; echo ; done
  66.  
  67.  
  68. from authlib.jose import jwt
  69.  
  70. jwt.decode(cookie, verify=No)
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!