2017-08-31 16:36:39 +00:00
|
|
|
# Certspotter
|
|
|
|
|
|
|
|
|
|
```zsh
|
|
|
|
|
curl https://certspotter.com/api/v0/certs\?domain\=example.com | jq '.[].dns_names[]' | sed 's/\"//g' | sed 's/\*\.//g' | uniq
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
```zsh
|
|
|
|
|
curl https://certspotter.com/api/v0/certs\?domain\=example.com | jq '.[].dns_names[]' | sed 's/\"//g' | sed 's/\*\.//g' | uniq | dig +short -f - | uniq | nmap -T5 -Pn -sS -i - -p 80,443,21,22,8080,8081,8443 --open -n -oG -
|
|
|
|
|
```
|
2017-09-06 11:04:04 +00:00
|
|
|
|
|
|
|
|
# Sublist3r One-liner
|
|
|
|
|
|
|
|
|
|
This runs [Sublist3r](https://github.com/aboul3la/Sublist3r) on a list of domains and outputs the results in separate files.
|
|
|
|
|
|
|
|
|
|
```
|
2017-09-06 12:41:35 +00:00
|
|
|
. <(cat domains | xargs -n1 -i{} python sublist3r.py -d {} -o {}.txt)
|
2017-09-06 11:04:04 +00:00
|
|
|
```
|
2017-09-09 15:09:15 +00:00
|
|
|
|
|
|
|
|
# [Apktool](https://ibotpeaches.github.io/Apktool/) to [LinkFinder](https://github.com/GerbenJavado/LinkFinder)
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
apktool d app.apk; cd app;mkdir collection; find . -name \*.smali -exec sh -c "cp {} collection/\$(head /dev/urandom | md5 | cut -d' ' -f1).smali" \;; linkfinder -i 'collection/*.smali' -o cli
|
|
|
|
|
```
|
2017-10-04 18:12:35 +00:00
|
|
|
|
|
|
|
|
# [Aquatone](https://github.com/michenriksen/aquatone/) One-liner
|
|
|
|
|
|
|
|
|
|
```
|
2017-10-26 16:20:50 +00:00
|
|
|
$ echo "aquatone-discover -d \$1 && aquatone-scan -d \$1 --ports huge && aquatone-takeover -d \$1 && aquatone-gather -d \$1" >> aqua.sh && chmod +x aqua.sh
|
2017-10-04 18:12:35 +00:00
|
|
|
$./aqua.sh domain.com
|
|
|
|
|
```
|
2017-10-25 18:44:07 +00:00
|
|
|
|
|
|
|
|
# [relative-url-extractor](https://github.com/jobertabma/relative-url-extractor)
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
$ ruby extract.rb demo-file.js
|
|
|
|
|
$ ruby extract.rb https://hackerone.com/some-file.js
|
|
|
|
|
$ ruby extract.rb '|cat demo-file.js' -c
|
|
|
|
|
```
|
