-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtips_subdomain.txt
45 lines (24 loc) · 1.36 KB
/
tips_subdomain.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
subfinder -d domain.com --silent | httprobe | tee -a subdomains.txt
amass enum --passive -d domain.com | httprobe | tee -a subdoamins.txt
assetfinder -subs-only domain.com | httprobe | tee -a subdomains.txt
Find End Points
cat subdomains.txt | waybackurls >> wayback.txt
cat subdomains.txt | hakrawler -depth 3 -plain >> spider.txt
Find All Parameter
python3 paramspider.py --domain domain.com --exclude svg,jpg,css,js --output domainParam.txt
cat subdomains.txt | waybackurls | grep "=" | tee -a domainParam.txt
XSS Scanner
assetfinder target.com | hakrawler | some-xss-scanner
python3 xsstrike.py -u "http://redacted.org/search.php?query=&book=190"
Arjun
python3 arjun.py -u https://api.example.com/endpoint --get
python3 arjun.py --urls targets.txt --get
python3 arjun.py -u https://api.example.com/endpoint --get -t 22
python3 arjun.py -u https://api.example.com/endpoint --get -d 2
python3 arjun.py -u https://api.example.com/endpoint --get --stable
python3 arjun.py -u https://api.example.com/endpoint --get --include 'api_key=xxxxx'
python3 arjun.py -u https://api.example.com/endpoint --get --include '{"api_key":"xxxxx"}'
python3 arjun.py -u https://api.example.com/endpoint --get -o result.json
python3 arjun.py -u https://api.example.com/endpoint --post --headers "Accept-Language: en-US\nCookie: null"
XSS Scanner
XSpear -u http://redacted.com/my-account/ -v 2