Tutorial: https://www.youtube.com/watch?v=hIqMrPTeGTc
Paste the below code in your browser console (F12 > Console):
/**
* YouTube "Not Interested" Automation Script
*
* This script marks all videos in the YouTube feed as "Not interested".
*
* Usage:| # github.com/m4ll0k (@m4ll0k2) | |
| ''' | |
| Steps: | |
| 0. Make dir like chaos 'mkdir chaos' | |
| 1. Download this script in choas dir 'wget https://..' | |
| 2. Now: 'python3 choas.py |sort -u > dns_wordlist.txt' | |
| ''' |
| #!/bin/bash | |
| (echo "Subdomain,IP,Region,Country,Organization,Netblock,Link Type" && while read line; do ip=$(echo $line| cut -d " " -f 2); name=$(echo $line | cut -d " " -f 1); echo -n "$name,"; echo $ip | ipi '[.ip,.city,.region,.country,.company.name,.asn.name,.asn.route,.asn.type] | @csv'; done) | tee -a assets.csv |
| Rank | Type | Prefix/Suffix | Length | |
|---|---|---|---|---|
| 1 | Prefix | my+ | 2 | |
| 2 | Suffix | +online | 6 | |
| 3 | Prefix | the+ | 3 | |
| 4 | Suffix | +web | 3 | |
| 5 | Suffix | +media | 5 | |
| 6 | Prefix | web+ | 3 | |
| 7 | Suffix | +world | 5 | |
| 8 | Suffix | +net | 3 | |
| 9 | Prefix | go+ | 2 |
Here is a simple approach that might work for you. Perform reconnaissance as you would typically do and collect hosts and targets. Next, find an application running the target software or setup a local instance. Gather strings that would easily allow you to discern the piece of software from other applications (e.g. with GitLab this may be _gitlab_session). With that small list of keywords in hand, fingerprint all hosts by requesting the index page using a tool such as meg by @TomNomNom and then grepping for the strings. Make sure to then store your findings in a structured fashion that allows you to query applications running that software in future. I primarily use text files in folders for this purpose but I know of others who prefer to store everything in a database.
| #!/usr/bin/python3 | |
| import requests | |
| import json | |
| import re | |
| import paho.mqtt.client as mqtt | |
| import paho.mqtt.publish as publish | |
| # Regex to match the hidden input on the initial log in page |
| echo "" | |
| echo "************ Github Dork Links (must be logged in) *******************" | |
| echo "" | |
| echo " password" | |
| echo "https://github.com/search?q=%22$1%22+password&type=Code" | |
| echo "https://github.com/search?q=%22$without_suffix%22+password&type=Code" | |
| echo "" | |
| echo " npmrc _auth" |
| # start up with 'docker-compose up -d' to start in background | |
| # update images with 'docker-compose pull' | |
| # this assumes that you have a sibling directory to this file called 'config' that contains all of the config for these services | |
| # you can reference 'sabnzbd' 'radarr' or 'sonarr' from inside the containers (in the apps) to reference the other containers. no need to deal with IPs or hostnames | |
| # remember that docker is isolated from the rest of your filesystem. you need to add volumes to the entries | |
| # in order to give the processes access to them. so if you have multiple target directories for TV or Movies, | |
| # then make sure you add each one that you want radarr/sonarr/sabnzbd to see. | |
| version: '3' | |
| services: |
| addEventListener("fetch", event => { | |
| event.respondWith(handleRequest(event.request)) | |
| }) | |
| //////////////////////////////////////////////////////////////////////////////////////////////////// | |
| // ! DON'T LEAK THE SECRETS ! | |
| // Use Workers KV if you can https://developers.cloudflare.com/workers/reference/storage/ | |
| const telegram_token = "*****REDACTED*****"; | |
| const telegram_url = "https://api.telegram.org/bot" + telegram_token + "/sendMessage"; |
| # Domains with malicious or phishing intent by mimicing domains from real email services | |
| # Examples: example domains (RFC 2606 & 6761) and fake domains that spoof real domains used for email services | |
| address.local | |
| cacema.nl | |
| casama.nl | |
| example.com | |
| example.net | |
| example.org | |
| gmail.nl | |
| gmial.com |
