testing for new release

alexrf45 · Nov 29, 2023 · 928a660 · 928a660
1 parent 457fdee
commit 928a660
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 36 deletions.
diff --git a/resources/ctf.yaml b/resources/ctf.yaml
diff --git a/resources/zsh/history b/resources/zsh/history
@@ -88,9 +88,16 @@ export NAME=
 export TARGET=
 export USER=
 fcrackzip -u -v -D -p /usr/share/wordlists/rockyou.txt file.zip
-ffuf -c -t 5 -rate 20 -p 0.2 -H "User-Agent: $AGENT" -ac -o $NAME.json -of json -mc 200,302,422,403 -w /u$HOME/.wordlists/common.txt -u http://$DOMAIN/FUZZ
-ffuf -c -t 5 -rate 30 -p 0.2 -H "User-Agent: $AGENT" -r -ac -o $NAME.json -of json -mc 200,302,403 -w /usr/share/seclists/Discovery/Web-Content/raft-small-words.txt -u http://$DOMAIN/FUZZ
-ffuf -c -t 5 -rate 30 -p 0.2 -H "User-Agent: $AGENT" -o $NAME_domains.json -of json -H "Host:FUZZ.$DOMAIN" -mc 200,403 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -u http://$DOMAIN/
+ffuf -c -t 5 -rate 20 -p 0.2 -H "User-Agent: $AGENT" -ac -o $NAME.json -of json -mc 200,302,422,403 -w $HOME/.wordlists/common.txt -u http://$DOMAIN/FUZZ
+ffuf -c -t 5 -rate 20 -p 0.2 -H "User-Agent: $AGENT" -ac -o $NAME.json -of json -mc 200,302,422,403,401 -w $HOME/.wordlists/api.txt -u http://$DOMAIN/FUZZ
+ffuf -c -t 5 -rate 20 -p 0.2 -H "User-Agent: $AGENT" -ac -o $NAME.json -of json -mc 200,302,422,403,401 -w $HOME/.wordlists/dir-list.txt -u http://$DOMAIN/FUZZ
+ffuf -c -t 5 -rate 20 -p 0.2 -H "User-Agent: $AGENT" -ac -o $NAME.json -of json -mc 200,302,422,403,401 -w $HOME/.wordlists/raft-small.txt -u http://$DOMAIN/FUZZ
+ffuf -c -t 5 -rate 20 -p 0.2 -H "User-Agent: $AGENT" -ac -o $NAME.json -of json -mc 200,302,422,403,401 -w $HOME/.wordlists/api-wild.txt -u http://$DOMAIN/FUZZ
+ffuf -c -t 5 -rate 20 -p 0.2 -H "User-Agent: $AGENT" -ac -o $NAME.json -of json -mc 200,302,422,403,401 -w $HOME/.wordlists/fuzz-1.txt -u http://$DOMAIN/FUZZ
+ffuf -c -t 5 -rate 20 -p 0.2 -H "User-Agent: $AGENT" -ac -o $NAME.json -of json -mc 200,302,422,403,401 -w $HOME/.wordlists/LFI.txt -u http://$DOMAIN/FUZZ
+ffuf -c -t 5 -rate 20 -p 0.2 -H "User-Agent: $AGENT" -ac -o $NAME.json -of json -mc 200,503,500,400 -w $HOME/.wordlists/SQL.txt -u http://$DOMAIN/FUZZ
+ffuf -c -t 5 -rate 30 -p 0.2 -H "User-Agent: $AGENT" -o $NAME_domains.json -of json -H "Host:FUZZ.$DOMAIN" -mc 200,403 -w $HOME/.wordlists/dns.txt -u http://$DOMAIN/
+ffuf -c -t 5 -rate 30 -p 0.2 -H "User-Agent: $AGENT" -o $NAME_domains.json -of json -H "Host:FUZZ.$DOMAIN" -mc 200,403 -w $HOME/.wordlists/dns-1.txt -u http://$DOMAIN/
 ffuf -request REQUESTFILE -request-proto http -w PATH/TO/WORDLIST -fs 0 -c
 find DIR -type f -newermt YYYY-MM-DD ! -newermt YYYY-MM-DD > /dev/null
 gMSADumper.py -d "$DOMAIN" -l "$DC_HOST" -u "$USER" -p "$PASSWORD"

diff --git a/resources/zsh/zshrc b/resources/zsh/zshrc
@@ -64,7 +64,6 @@ alias http='python3 -m http.server 80'
 alias reload='. ~/.zshrc'
 alias update='sudo apt-get update -y'
 alias t='tmux -f ~/.tmux.conf'
-alias ctf='tmuxp load ~/.config/tmuxp/ctf.yaml'
 alias bounty='tmuxp load ~/.config/tmuxp/bounty.yaml'
 alias i='sudo apt-get install -y'
 alias public='curl wtfismyip.com/text'
@@ -73,7 +72,6 @@ alias commands='history | cut -c 6-'
 alias proxy='proxychains'
 
 #basic shortcuts with a windows target flavor
-alias secretsdump='impacket-secretsdump'
 alias ps-shell='cp ~/nishang/Shells/Invoke-PowerShellTcpOneLine.ps1 .'
 alias portscan='cp ~/nishang/Scan/Invoke-PortScan.ps1 .'
 alias cme='netexec'
@@ -83,8 +81,8 @@ ffuf_subdomain () {
 
 ffuf -c -t 5 -rate 20 -p 0.2 \
   -H "User-Agent: $AGENT" -o $NAME_domains.json -of json \
-  -H "Host:FUZZ.$DOMAIN" \
-  -mc 200,403 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -u http://$DOMAIN/
+  -H "Host: FUZZ.$DOMAIN" \
+  -mc 200,403,401,503,500,302 -w $HOME/.wordlists/dns.txt -u http://$DOMAIN/
 }
 
 ffuf_directory () {

diff --git a/sources/3-wordlists.sh b/sources/3-wordlists.sh
@@ -22,3 +22,6 @@ wget "https://raw.githubusercontent.com/danielmiessler/SecLists/master/Fuzzing/L
 
 wget "https://raw.githubusercontent.com/danielmiessler/SecLists/master/Fuzzing/SQLi/Generic-BlindSQLi.fuzzdb.txt" -q -O $HOME/.wordlists/SQL.txt
 
+wget "https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/subdomains-top1million-20000.txt" -q -O $HOME/.wordlists/dns.txt
+
+wget "https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/bitquark-subdomains-top100000.txt" -q -O $HOME/.wordlists/dns-1.txt
Original file line number	Diff line number	Diff line change
Expand Up		@@ -22,3 +22,6 @@ wget "https://raw.githubusercontent.com/danielmiessler/SecLists/master/Fuzzing/L

		wget "https://raw.githubusercontent.com/danielmiessler/SecLists/master/Fuzzing/SQLi/Generic-BlindSQLi.fuzzdb.txt" -q -O $HOME/.wordlists/SQL.txt

		wget "https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/subdomains-top1million-20000.txt" -q -O $HOME/.wordlists/dns.txt

		wget "https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/bitquark-subdomains-top100000.txt" -q -O $HOME/.wordlists/dns-1.txt