cyberheartmi9 · May 1, 2025 17:41
diff --git a/bash profile b/bash profile

 recon() {

 subfinder -d $1 -silent|httprobe -c 40|tee -a $1.txt

 }


 fdir(){

 cat $1|xargs -n1 -i{} ffuf -w  api.txt -u  {}/FUZZ -fc 404,401,302,301,307,403,$

 }






 sub(){

        curl -s https://dns.bufferover.run/dns?q=.$1 |jq -r .FDNS_A[]|cut -d',' -f2|sort -u
 }

 spring(){
        shodan search org:"$1" http.favicon.hash:116323821 --fields ip_str,port --separator " " | awk '{print $1":"$2}' | while read host do ;do ffuf -u http://$host/FUZZ -mc 200 -w spring-boot.txt ;done
 }
 bin2hex(){
        hexdump -v -e '1/1 "%02x"' "$1"
 }
 amassp(){
        echo "passive scanning"
        amass enum --passive -d $1 -o $2
 }
 active(){
        echo "active amass scanning"
        amass enum  -src -ip -brute -min-for-recursive 2 -d $1 -o $2
 } 
 cors_reflect_auto(){
        gau $1 | while read url;do target=$(curl -s -I -H "Origin: https://evil.com" -X GET $url) | if grep 'https://evil.com'; then [Potentional CORS Found]echo $url;$url;else echo Nothing on "$url";fi;done
 }
 cors_null_origin(){
        gau $1 | while read url;do target=$(curl -s -I -H "Origin: null" -X GET $url) | if grep 'Access-Control-Allow-Origin: null'; then echo [Potentional CORS Found] "$url"; else echo Nothing on: "$url";fi;done

 }
 cors_null_value(){
        gau $1 | while read url;do target=$(curl -s -I -X GET "$url") | if grep 'Access-Control-Allow-Origin: null'; then echo [Potentional CORS Found] "$url"; else echo Nothing on: "$url";fi;done
 }
 cors_trust_subdomain(){
        gau $1 | while read url;do target=$(curl -s -I -H "Origin: evil.$url" -X GET "$url") | if grep 'Access-Control-Allow-Origin: null'; then echo [Potentional CORS Found] "$url"; else echo Nothing on: "$url";fi;done
 }
 cors_domain_not_valid(){
        gau $1 | while read url;do target=$(curl -s -I -H "Origin: https://not$site" -X GET "$url") | if grep 'Access-Control-Allow-Origin: https://not$site'; then echo [Potentional CORS Found] "$url"; else echo Nothing on: "$url";fi;done
 }
 cors_dom_ext(){
        gau $1 | while read url;do target=$(curl -s -I -H "Origin: $site.evil.com" -X GET "$url") | if grep "Origin: Access-Control-Allow-Origin: $site.evil.com";  then echo [Potentional CORS Found] "$url"; else echo Nothing on: "$url";fi;done
 }
 find_domains_vt(){
        curl  -s https://www.virustotal.com/ui/domains/$1/subdomains\?limit\=$2 | jq .data[].id | cut -d '"' -f2
 }
 find_cert(){
        curl -s https://certspotter.com/api/v0/certs?domain=$1 | jq  -c '.[].dns_names' | cut -d "[" -f2 | cut -d "]" -f1 | cut -d "," -f1 | cut -d '"' -f2
 }

 endpointfromjs(){
        cat $1 | grep -oh "\"\/[a-zA-Z0-9_/?=&]*\"" | sed -e 's/^"//' -e 's/"$//' | sort -u
 }

 Parmasfinder(){
        cat subdomains.txt | hakrawler | grep 'http' | cut -d  ' ' -f2>crawling.txt && gau --subs domain.com >>crawling.txt;waybackurls domain.com>>crawling.txt && cat crawling.txt | grep '?' | unfurl --unique format %s://%d%p >base.txt;cat base.txt | parallel -j 4 grep {} -m5 crawling.txt | tee final1.txt;cat final1.txt | egrep -iv ".(jpg|gif|jpeg|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt|js)" >final.txt && rm -rf base.txt final1.txt
 }
 ssrf_redirect(){
        cat $1 | gau   | head -n 5000 > google.txt; cat google.txt | sort -u | grep -a -i \=http > ssrf_redirects.txt
 }


 otx()
 {

 curl  "https://otx.alienvault.com/otxapi/indicator/hostname/url_list/$1?limit=100&page=1"|jq '.url_list[].url'|sed 's/"//g'|unfurl paths|sort -u
 }

 endpoints(){
 subfinder -d $1 -silent|xargs -n1 -i{}     curl  -s "https://otx.alienvault.com/otxapi/indicator/hostname/url_list/{}?limit=100&page=1"|jq '.url_list[].url'|sed 's/"//g'|unfurl paths|sort -u

 }

	recon() {

	subfinder -d $1 -silent\|httprobe -c 40\|tee -a $1.txt

	}


	fdir(){

	cat $1\|xargs -n1 -i{} ffuf -w api.txt -u {}/FUZZ -fc 404,401,302,301,307,403,$

	}






	sub(){

	curl -s https://dns.bufferover.run/dns?q=.$1 \|jq -r .FDNS_A[]\|cut -d',' -f2\|sort -u
	}

	spring(){
	shodan search org:"$1" http.favicon.hash:116323821 --fields ip_str,port --separator " " \| awk '{print $1":"$2}' \| while read host do ;do ffuf -u http://$host/FUZZ -mc 200 -w spring-boot.txt ;done
	}
	bin2hex(){
	hexdump -v -e '1/1 "%02x"' "$1"
	}
	amassp(){
	echo "passive scanning"
	amass enum --passive -d $1 -o $2
	}
	active(){
	echo "active amass scanning"
	amass enum -src -ip -brute -min-for-recursive 2 -d $1 -o $2
	}
	cors_reflect_auto(){
	gau $1 \| while read url;do target=$(curl -s -I -H "Origin: https://evil.com" -X GET $url) \| if grep 'https://evil.com'; then [Potentional CORS Found]echo $url;$url;else echo Nothing on "$url";fi;done
	}
	cors_null_origin(){
	gau $1 \| while read url;do target=$(curl -s -I -H "Origin: null" -X GET $url) \| if grep 'Access-Control-Allow-Origin: null'; then echo [Potentional CORS Found] "$url"; else echo Nothing on: "$url";fi;done

	}
	cors_null_value(){
	gau $1 \| while read url;do target=$(curl -s -I -X GET "$url") \| if grep 'Access-Control-Allow-Origin: null'; then echo [Potentional CORS Found] "$url"; else echo Nothing on: "$url";fi;done
	}
	cors_trust_subdomain(){
	gau $1 \| while read url;do target=$(curl -s -I -H "Origin: evil.$url" -X GET "$url") \| if grep 'Access-Control-Allow-Origin: null'; then echo [Potentional CORS Found] "$url"; else echo Nothing on: "$url";fi;done
	}
	cors_domain_not_valid(){
	gau $1 \| while read url;do target=$(curl -s -I -H "Origin: https://not$site" -X GET "$url") \| if grep 'Access-Control-Allow-Origin: https://not$site'; then echo [Potentional CORS Found] "$url"; else echo Nothing on: "$url";fi;done
	}
	cors_dom_ext(){
	gau $1 \| while read url;do target=$(curl -s -I -H "Origin: $site.evil.com" -X GET "$url") \| if grep "Origin: Access-Control-Allow-Origin: $site.evil.com"; then echo [Potentional CORS Found] "$url"; else echo Nothing on: "$url";fi;done
	}
	find_domains_vt(){
	curl -s https://www.virustotal.com/ui/domains/$1/subdomains\?limit\=$2 \| jq .data[].id \| cut -d '"' -f2
	}
	find_cert(){
	curl -s https://certspotter.com/api/v0/certs?domain=$1 \| jq -c '.[].dns_names' \| cut -d "[" -f2 \| cut -d "]" -f1 \| cut -d "," -f1 \| cut -d '"' -f2
	}

	endpointfromjs(){
	cat $1 \| grep -oh "\"\/[a-zA-Z0-9_/?=&]*\"" \| sed -e 's/^"//' -e 's/"$//' \| sort -u
	}

	Parmasfinder(){
	cat subdomains.txt \| hakrawler \| grep 'http' \| cut -d ' ' -f2>crawling.txt && gau --subs domain.com >>crawling.txt;waybackurls domain.com>>crawling.txt && cat crawling.txt \| grep '?' \| unfurl --unique format %s://%d%p >base.txt;cat base.txt \| parallel -j 4 grep {} -m5 crawling.txt \| tee final1.txt;cat final1.txt \| egrep -iv ".(jpg\|gif\|jpeg\|css\|tif\|tiff\|png\|ttf\|woff\|woff2\|ico\|pdf\|svg\|txt\|js)" >final.txt && rm -rf base.txt final1.txt
	}
	ssrf_redirect(){
	cat $1 \| gau \| head -n 5000 > google.txt; cat google.txt \| sort -u \| grep -a -i \=http > ssrf_redirects.txt
	}


	otx()
	{

	curl "https://otx.alienvault.com/otxapi/indicator/hostname/url_list/$1?limit=100&page=1"\|jq '.url_list[].url'\|sed 's/"//g'\|unfurl paths\|sort -u
	}

	endpoints(){
	subfinder -d $1 -silent\|xargs -n1 -i{} curl -s "https://otx.alienvault.com/otxapi/indicator/hostname/url_list/{}?limit=100&page=1"\|jq '.url_list[].url'\|sed 's/"//g'\|unfurl paths\|sort -u

	}