R0X4R

subfinder -d target.com -all -silent -t 10 | naabu -p "21,22,80,81,280,300,443,583,591,593,832,981,1010,1099,1311,2082,2087,2095,2096,2480,3000,3128,3333,4243,4444,4445,4567,4711,4712,4993,5000,5104,5108,5280,5281,5601,5800,6543,7000,7001,7002,7396,7474,8000,8001,8008,8009,8014,8042,8060,8069,8080,8081,8083,8088,8090,8091,8095,8118,8123,8172,8181,8222,8243,8280,8281,8333,8337,8443,8500,8530,8531,8834,8880,8887,8888,8983,9000,9001,9043,9060,9080,9090,9091,9092,9200,9443,9502,9800,9981,10000,10250,10443,11371,12043,12046,12443,15672,16080,17778,18091,18092,20720,28017,32000,55440,55672" -silent -nc | httprobe -prefer-https | xargs -P 10 -I @ bash -c "echo @ | gau" 2> /dev/null | grep -E "password|password\-reset|reset\-token|token\=" | anew -q urls.txt
xargs -a urls.txt -P 5 -I @ bash -c "curl -ks -L \"@\" -H \"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36\" | grep -iE \"enter password|new password|new\-password|confirm password|co

R0X4R

# Import modules that'll be needed to run this tool
import requests
from bs4 import BeautifulSoup
from re import search
from sys import stdin, exit, stdout
from time import sleep
# Hide insecure request warning error
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

R0X4R

#!/usr/bin/env bash
go_version=$(curl -ks https://golang.org/VERSION?m=text)
red_color="\e[31m"
green_color="\e[32m"
no_color="\e[0m"
type -P go &> /dev/null && echo -e "Current go version is ${green_color}$(go version | awk '{print $3}')${no_color}" || echo -e "${red_color}Go is not installed on your system${no_color}"
echo -e "Downloading latest go into your system - version ${green_color}${go_version}${no_color}"
sudo apt purge --auto-remove golang-go 2> /dev/null &> /dev/null
sudo apt clean &> /dev/null
wget https://dl.google.com/go/${go_version}.linux-amd64.tar.gz -q --no-check-certificate 2> /dev/null

R0X4R

Dutch Government Bug Bounty Scope

The National Cyber Security Centre (NCSC) contributes to jointly enhancing the resilience of the Dutch society in the digital domain and, in doing so, realizes a safe, open and stable information society by providing insight and offering a perspective for action. Therefore it is essential that the ICT systems of the NCSC are safe. The NCSC strives towards providing a high level of security for its system. However, it can occur that one of these systems has a vulnerability.

For more information about reporting the bugs go to https://english.ncsc.nl/contact/reporting-a-vulnerability-cvd

Source https://gist.github.com/random-robbie/f985ad14fede2c04ac82dd89653f52ad
https://www.communicatierijk.nl/vakkennis/r/rijkswebsites/verplichte-richtlijnen/websiteregister-rijksoverheid

R0X4R

#!/bin/bash
#Requirements: KXSS(https://github.com/Emoe/kxss), Dalfox (https://github.com/hahwul/dalfox), QSreplace(https://github.com/tomnomnom/qsreplace)
#Preparation: subfinder -d target.tld -all -silent | httpx -silent | gauplus --random-agent -b eot,jpg,jpeg,gif,css,tif,tiff,png,ttf,otf,woff,woff2,ico,pdf,svg,txt -t 100 -o params.txt && cat params.txt | gf xss | sed "s/'/ /g" | sed "s/(/ /g" | sed "s/)/ /g" | qsreplace "FUZZ" 2> /dev/null | anew -q testparams.txt
#Usage: ./inxss.sh testparams.txt target.tld
lists=$1
mkout=$(echo -e "$2_$(date +%F_%H_%M_%S)")
mkdir -p $mkout
echo -e "Total $(cat $1 | wc -l) targets loaded"
sleep 6s
echo -e "[$(date +"%F %H:%M:%S")] Starting scan..."

R0X4R

#!/bin/bash
# Task Killer
# Helps you to kill unnecessary tasks running on linux and ubuntu.
echo -e "$1 - Killing task..."
totaltask=$(ps aux | grep "$1" | sed '/grep/d' | wc -l)
echo -e "Total $totaltask tasks found"
sleep 3s
ps aux | grep "$1" | sed '/grep/d' | awk '{print $2}' | while read -r line; do kill $line; done &> /dev/null
exit 1

R0X4R

#!/bin/bash
targets=$1
mkdir -p protpscan
# requirements: https://github.com/detectify/page-fetch, https://github.com/tomnomnom/waybackurls, https://github.com/bp0lr/gauplus, https://github.com/R0X4R/Fuzzy, https://github.com/jaeles-project/gospider, https://snapcraft.io/chromium
# usage: subfinder -d target.com -all -silent | httpx -silent | anew -q /home/targets.txt && ./protpscan.sh /home/targets.txt
cd protpscan 2> /dev/null
echo -e "Total $(cat $targets | wc -l) domains loaded to scan"
echo -e "Increasing scope..."
xargs -a $targets -P 50 -I % bash -c "echo % | waybackurls" 2> /dev/null | anew -q wayback.txt
cat $targets | gauplus --random-agent -b eot,jpg,jpeg,gif,css,tif,tiff,png,ttf,otf,woff,woff2,ico,pdf,svg,txt -t 300 -o gauplus.txt &> /dev/null

R0X4R

alpblog
www
%20%20%20%20s3
%20%20www
%20.
%20675-ybi-674
%20assets
%20b92
%20connect
%20databank

R0X4R

#!/bin/bash
# requirements: chromium or chrome browser (sudo apt update && sudo apt install snapd && sudo systemctl start snapd.service && sudo snap install chromium)
# usage: subfinder -d target.com -all -silent | httpx -silent | xargs -P 50 -I % bash -c "./chakshu.sh %"
echo -e "[CHAKSHU] - Taking screenshot of $1"
domain=$1
output=$(echo $1 | awk -F// '{print $NF}' | sed -E 's/[\.\|:]+/_/g')
mkdir -p screenshots
# all the screenshots will be saved in screenshots folder
/snap/bin/chromium --no-sandbox --headless --disable-gpu --window-size=1280,720 --screenshot $domain --screenshot=screenshots/$output.jpg > /dev/null 2>&1
exit 1

R0X4R

check-ssti{{7*7}}[[1*1]]
check-ssti{{7*7}}
check-ssti{{7*'7'}}
check-ssti<%= 7 * 7 %>
check-ssti${7*7}
check-ssti${{7*7}}
check-ssti@(7*7)
check-ssti#{7*7}
check-ssti#{ 7 * 7 }