STRLCPY/Cipherops

GITBOOK-32: change request with no subject merged in GitBook
Adwaith committed with gitbook-bot 1 year ago

a58348db

1 parent 67cb9f5f

■ ■ ■ ■ ■ ■

SUMMARY.md

		skipped 19 lines
20	20		* [👣 OSINT](osint.md)
21	21		* [🦝 Google Hacking using Dorks](overview/google-hacking-using-dorks/README.md)
22	22		* [Books and References](overview/google-hacking-using-dorks/books-and-references.md)
23		-	* [Shodan Dorks](overview/google-hacking-using-dorks/shodan-dorks.md)
24	23		* [Github Dorks](overview/google-hacking-using-dorks/github-dorks.md)
25	24
26	25		***
		skipped 18 lines
45	44		* [Introducing 20 web-application hacking tools🔥🤩🌵](web-application/introducing-20-web-application-hacking-tools.md)
46	45		* [Disclosed Reports 📝](web-application/disclosed-reports.md)
47	46		* [🤯 SSRF From Hackerone](web-application/ssrf-from-hackerone.md)
	47	+	* [Web Hack Tools](web-application/web-hack-tools.md)
48	48
49		-	## �� Twitter Threads
	49	+	## �� Twitter
50	50
51		-	* [✖ Tips and Tricks From Twitter](twitter-threads/tips-and-tricks-from-twitter.md)
52		-	* [✖ Thread by @ArchAngelDDay on Thread Reader App](twitter-threads/thread-by-archangeldday-on-thread-reader-app.md)
	51	+	* [✖ Tips and Tricks From Twitter](twitter/tips-and-tricks-from-twitter.md)
	52	+	* [✖ Thread by @ArchAngelDDay on Thread Reader App](twitter/thread-by-archangeldday-on-thread-reader-app.md)
53	53		* [✖ people to follow on twitter](https://twitter.com/PhillipWylie/status/1682404653391118337?t=Fev86JGEbHFWv66CL8\_7Jw\&s=08)
54	54
55	55		***
		skipped 11 lines
67	67		## ⚒ Tools
68	68
69	69		* [Axion-Scan](tools/axion-scan.md)
70		-	* [Shodan Pentesting Guide](tools/shodan-pentesting-guide.md)
	70	+	* [Shodan Pentesting Guide](tools/shodan-pentesting-guide/README.md)
	71	+	* [Shodan Dorks](tools/shodan-pentesting-guide/shodan-dorks.md)
71	72
72	73		***
73	74
		skipped 2 lines
76	77		* [Linux-Cheatsheet](cheat-sheets/linux-cheatsheet.md)
77	78		* [Windows-Cheatsheet](cheat-sheets/windows-cheatsheet.md)
78	79		* [Hacking-Cheatsheet](cheat-sheets/hacking-cheatsheet.md)
79		-
80		-	## ✅ CheckLists
81		-
82		-	* [Page 1](checklists/page-1.md)
83		-
84		-	***
85		-
86	80		* [Medium and other articles links](medium-and-other-articles-links.md)
87	81

■ ■ ■ ■ ■ ■

checklists/page-1.md

1 - # Page 1
2 -
3 -

All occurrences

■ ■ ■ ■ ■ ■

medium-and-other-articles-links.md

		skipped 1 lines
2	2
3	3		{% embed url="https://medium.com/@musab_alharany/10-ways-to-exploit-json-web-token-jwt-ac5f4efbc41b" %}
4	4
	5	+	{% embed url="https://t.co/YvVTXNXPzE" %}
	6	+
	7	+

■ ■ ■ ■ ■ ■

osint.md

		skipped 63 lines
64	64		I hope this helps!
65	65		```
66	66
	67	+	### Fast Google Dorks Scan
	68	+
	69	+	> [https://github.com/IvanGlinkin/Fast-Google-Dorks-Scan](https://github.com/IvanGlinkin/Fast-Google-Dorks-Scan)
	70	+
	71	+	```
	72	+	$ ./FGDS.sh <DOMAIN>
	73	+	$ proxychains bash ./FGDS.sh <DOMAIN>
	74	+	```
	75	+
	76	+	###
	77	+
	78	+	### Google
	79	+
	80	+	####
	81	+
	82	+	#### Google Dorks
	83	+
	84	+	> [https://cheatsheet.haax.fr/open-source-intelligence-osint/dorks/google\_dorks/](https://cheatsheet.haax.fr/open-source-intelligence-osint/dorks/google\_dorks/)
	85	+
	86	+	> [https://www.searchenginejournal.com/google-search-operators-commands/215331/](https://www.searchenginejournal.com/google-search-operators-commands/215331/)
	87	+
	88	+	```
	89	+	intitle:index.of <TEXT> // open directory listings
	90	+	```
	91	+
	92	+	```
	93	+	ext:php
	94	+	inurl:%3F
	95	+	site:..*.<domain>
	96	+	filetype:txt
	97	+	```
	98	+
	99	+
	100	+
	101	+	Example
	102	+
	103	+	```
	104	+	site:<DOMAIN> ext:php
	105	+	```
	106	+
	107	+
	108	+
	109	+	Leaks
	110	+
	111	+	```
	112	+	site:http://jsfiddle.net "<DOMAIN>"
	113	+	site:http://codebeautify.org "<DOMAIN>"
	114	+	site:http://codepen.io "<DOMAIN>"
	115	+	site:http://pastebin.com "<DOMAIN>"
	116	+	```
	117	+
	118	+
	119	+
	120	+	Example
	121	+
	122	+	```
	123	+	site:http://jsfiddle.net \| site:http://codebeautify.org \| site:http://codepen.io \| site:http://pastebin.com "<DOMAIN>"
	124	+	site:http://jsfiddle.net \| site:http://codebeautify.org \| site:http://codepen.io \| site:http://pastebin.com "<DOMAIN>" "demo" "test" "api"
	125	+	```
	126	+
	127	+
	128	+
	129	+	Open Redirects
	130	+
	131	+	```
	132	+	inurl:page= \| inurl:url= \| inurl:return= \| inurl:next= \| inurl:redir= \| inurl:redirect= \| inurl:target= \| inurl:page= inurl:& inurl:http site:http://<DOMAIN>
	133	+	```
	134	+
	135	+
	136	+
	137	+	Cloud Environments
	138	+
	139	+	```
	140	+	site:http://s3.amazonaws.com "<DOMAIN>"
	141	+	site:http://blob.core.windows.net "<DOMAIN>"
	142	+	site:http://googleapis.com "<DOMAIN>"
	143	+	site:http://drive.google.com "<DOMAIN>"
	144	+	```
	145	+
	146	+	####
	147	+
	148	+	#### Abusing Google ID
	149	+
	150	+	> [https://medium.com/week-in-osint/getting-a-grasp-on-googleids-77a8ab707e43](https://medium.com/week-in-osint/getting-a-grasp-on-googleids-77a8ab707e43)
	151	+
	152	+
	153	+
	154	+	Setup
	155	+
	156	+	1. Add a new contact to you google account (email address required)
	157	+	2. Open developer tools and select the network tab
	158	+	3. Reload the page
	159	+	4. Set the right pane to request
	160	+	5. Check all batchexecute packets
	161	+
	162	+
	163	+
	164	+	Example
	165	+
	166	+	> [https://contacts.google.com/\_/ContactsUi/data/batchexecute?rpcids=OSOtuf\&f.sid=-916332265175998083\&bl=boq\_contactsuiserver\_20200707.13\_p0\&hl=en\&soc-app=527\&soc-platform=1\&soc-device=1&\_reqid=765234\&rt=c](https://contacts.google.com/\_/ContactsUi/data/batchexecute?rpcids=OSOtuf\&f.sid=-916332265175998083\&bl=boq\_contactsuiserver\_20200707.13\_p0\&hl=en\&soc-app=527\&soc-platform=1\&soc-device=1&\_reqid=765234\&rt=c)
	167	+
	168	+	6. Watch out for a string like the following one
	169	+
	170	+
	171	+
	172	+	Example
	173	+
	174	+	```
	175	+	[[["OSOtuf","[\"55fa738b0a752dc5\",\"117395327982835488254\"]",null,"generic"]]]
	176	+	```
	177	+
	178	+	The Google ID's are always `21` characters long and starting with `10` or `11`.
	179	+
	180	+	> [https://get.google.com/albumarchive/](https://get.google.com/albumarchive/)
	181	+
	182	+	> [https://www.google.com/maps/contrib/](https://www.google.com/maps/contrib/)
	183	+
	184	+	###
	185	+
	186	+	### h8mail
	187	+
	188	+	> [https://github.com/khast3x/h8mail](https://github.com/khast3x/h8mail)
	189	+
	190	+	```
	191	+	$ h8mail -t <EMAIL>
	192	+	```
	193	+
	194	+	###
	195	+
	196	+	### Photon
	197	+
	198	+	> [https://github.com/s0md3v/Photon](https://github.com/s0md3v/Photon)
	199	+
	200	+	```
	201	+	$ python3 photon.py -u https://<DOMAIN> -l 3 -t 100 --wayback
	202	+	```
	203	+
	204	+	###
	205	+
	206	+	### Recon-ng
	207	+
	208	+	####
	209	+
	210	+	#### Basic Commands
	211	+
	212	+	```
	213	+	$ recon-ng
	214	+	$ recon-ng -w <WORKSPACE>
	215	+	[recon-ng][default] > workspaces create <WORKSPACE>
	216	+	[recon-ng][default] > db schema
	217	+	[recon-ng][default] > db insert domains
	218	+	[recon-ng][default] > marketplace search
	219	+	[recon-ng][default] > marketplace search <NAME>
	220	+	[recon-ng][default] > marketplace info <NAME>
	221	+	[recon-ng][default] > marketplace install <NAME>
	222	+	[recon-ng][default] > marketplace remove <NAME>
	223	+	[recon-ng][default] > modules search
	224	+	[recon-ng][default] > modules load <MODULE>
	225	+	[recon-ng][default][<MODULE>] > info
	226	+	[recon-ng][default][<MODULE>] > options list
	227	+	[recon-ng][default][<MODULE>] > options set <VALUE>
	228	+	[recon-ng][default][<MODULE>] > run
	229	+	[recon-ng][default] > keys list
	230	+	[recon-ng][default] > keys add <KEY> <VALUE>
	231	+	[recon-ng][default] > keys remove <KEY>
	232	+	```
	233	+
	234	+	`Ctrl+c` unloads a module.
	235	+
	236	+	###
	237	+
	238	+	### Social Analyzer
	239	+
	240	+	> [https://github.com/qeeqbox/social-analyzer](https://github.com/qeeqbox/social-analyzer)
	241	+
	242	+	```
	243	+	$ python3 app.py --cli --mode "fast" --username "<GIVENNAME> <SURNAME>" --websites "youtube facebook instagram" --output "pretty" --options "found,title,link,rate"
	244	+	```
	245	+
	246	+	### theHarvester
	247	+
	248	+	> [https://github.com/laramies/theHarvester](https://github.com/laramies/theHarvester)
	249	+
	250	+	```
	251	+	$ theHarvester -d <DOMAIN> -l 500 -b google -f myresults.html
	252	+	```
	253	+
	254	+	###
	255	+

tools/shodan-pentesting-guide.md tools/shodan-pentesting-guide/README.md

Content is identical
overview/google-hacking-using-dorks/shodan-dorks.md tools/shodan-pentesting-guide/shodan-dorks.md

Content is identical
twitter-threads/thread-by-archangeldday-on-thread-reader-app.md twitter/thread-by-archangeldday-on-thread-reader-app.md

Content is identical

■ ■ ■ ■ ■ ■

twitter-threads/tips-and-tricks-from-twitter.md twitter/tips-and-tricks-from-twitter.md

		skipped 7 lines
8	8
9	9		{% embed url="https://twitter.com/DhiyaneshDK/status/1684045128380428289?s=20" %}
10	10
	11	+	{% embed url="https://twitter.com/theXSSrat/status/1674489491715661836?s=20" %}
	12	+
	13	+	{% embed url="https://twitter.com/hakluke/status/1684987665077153811?s=20" %}
	14	+
	15	+

■ ■ ■ ■ ■ ■

web-application/web-hack-tools.md

1	+	# Web Hack Tools
2	+
3	+	```markdown
4	+	❇️ Web Hack Tool Links
5	+
6	+	❇️ WordPress admin finder
7	+	🔗 Link : https://github.com/kancotdiq/wpaf
8	+
9	+	❇️ Smb scanner tool
10	+	🔗 Link : https://github.com/TechnicalMujeeb/smb-scanner
11	+
12	+	❇️ Heart Bleed scanner
13	+	🔗 Link : https://github.com/TechnicalMujeeb/HeartBleed
14	+
15	+	❇️ weevely php web shell
16	+	🔗 Link : https://github.com/sunge/Weevely
17	+
18	+	❇️ Webponized web shell
19	+	🔗 Link : https://github.com/epinna/weevely3
20	+
21	+	❇️ Nikto web scanner tool
22	+	🔗 Link : https://github.com/sullo/nikto
23	+
24	+	❇️ Auto Ip or domain Attacking Tool
25	+	🔗 Link : https://github.com/Bhai4You/Ip-Attack
26	+
27	+	❇️ Click jacking vulnerability scanner
28	+	🔗 Link : https://github.com/D4Vinci/Clickjacking-Tester
29	+
30	+	❇️ All in 1 information gathering and web penetration tool DTect
31	+	🔗 Link : https://github.com/Audi0x01/D-TECT-1
32	+
33	+	❇️ Detect phishing URL
34	+	🔗 Link : https://github.com/UndeadSec/checkURL
35	+
36	+	❇️ Dos attack tool - Golden eye
37	+	🔗 Link : https://github.com/jseidl/GoldenEye
38	+
39	+	❇️ Dos attack with hulk
40	+	🔗 Link : https://github.com/grafov/hulk
41	+
42	+	❇️ Sql vulnerability scanner
43	+	🔗 Link : https://github.com/Pure-L0G1C/SQL-scanner
44	+
45	+	❇️ hack website with sqlmap
46	+	🔗 Link : https://github.com/sqlmapproject/sqlmap
47	+
48	+	❇️ information and vulnerability scanner with striker
49	+	🔗 Link : https://github.com/s0md3v/Striker
50	+
51	+	❇️ web server attacking tool with dost
52	+	🔗 Link : https://github.com/verluchie/dost-attack
53	+
54	+	❇️ advanced multithreaded admin panel finder
55	+	🔗 Link : https://github.com/s0md3v/Breacher
56	+
57	+	❇️ Ssl vulnerability scanner
58	+	🔗 Link : https://github.com/PortSwigger/ssl-scanner
59	+
60	+	❇️ sublister - Subdomain enumeration
61	+	🔗 Link : https://github.com/aboul3la/Sublist3r
62	+
63	+	❇️ WordPress vulnerability scanner and attacker
64	+	🔗 Link : https://github.com/wpscanteam/wpscan
65	+
66	+	❇️ Hunner scanner framework
67	+	🔗 Link : https://github.com/b3-v3r/Hunner
68	+
69	+	❇️ Red hawk all in 1 information gathering and scanning tool
70	+	🔗 Link : https://github.com/Tuhinshubhra/RED_HAWK
71	+
72	+	❇️ Dos attack tool with Xerxes
73	+	🔗 Link : https://github.com/sepehrdaddev/
74	+	Xerxes
75	+
76	+	❇️ social fish phishing tool
77	+	🔗 Link : https://github.com/UndeadSec/SocialFish
78	+
79	+	❇️ weeman phishing tool no root
80	+	🔗 Link : https://github.com/evait-security/weeman
81	+
82	+	❇️ WordPress security scanner Wpseku
83	+	🔗 Link : https://github.com/m4ll0k/WPSeku
84	+
85	+	❇️ IDN homograph attack tool
86	+	🔗 Link : https://github.com/UndeadSec/EvilURL
87	+
88	+	❇️ Detect security flaws with CMS
89	+	🔗 Link : https://github.com/Dionach/CMSmap
90	+
91	+	❇️ Fire crack , admin, finders, deface, bing dorking etc
92	+	🔗 Link : https://github.com/Ranginang67/Firecrack
93	+
94	+	❇️ Pish web tool
95	+	🔗 Link : https://github.com/Cabdulahi/pish
96	+
97	+	❇️ MITM attack tool
98	+	🔗 Link : https://github.com/websploit/websploit
99	+
100	+	❇️ kill shot pentesting framework
101	+	🔗 Link :https://github.com/bahaabdelwahed/killshot
102	+	```
103	+

1	-	# Page 1
2	-
3	-

GITBOOK-32: change request with no subject merged in GitBook