xct's notes
Search…
Recon

Subenum

1
#!/bin/bash
2
echo "-> Assetfinder"
3
assetfinder --subs-only $1 | tee -a domains.txt
4
echo "-> Amass"
5
amass enum --passive -d $1 -o domains
6
echo "-> Filter"
7
sort -u domains -o domains
8
cat domains | filter-resolved | tee -a domains.txt
9
rm domains
10
echo "\n\n[+] Checking for alive domains..\n"
11
cat domains.txt | ~/go/bin/httprobe | tee -a alive.txt
Copied!

Fill Burp Sitemap with Curl

1
https_proxy=http://127.0.0.1:8081 http_proxy=http://127.0.0.1:8081 curl -k https://www.upwork.com
2
(while read LINE; do https_proxy=http://127.0.0.1:8081 http_proxy=http://127.0.0.1:8081 curl -k "$LINE"; done < alive.txt)
Copied!

WPScan

Scan & Enumerate Users:
1
wpscan -e u,ap --url <url>
Copied!
Bruteforce Login via xmlrpc:
1
wpscan --url <url> -t 3 -P rockyou.txt -U users.txt
Copied!
Last modified 1yr ago
Copy link