GangGreenTemperTatum

#!/usr/bin/env bash
# ============================================================
#  Skill Creator for Codex — scaffold skills from plain text
#  https://github.com/codexskills/skill-creator
# ============================================================

set -euo pipefail

GREEN='\033[0;32m'
CYAN='\033[0;36m'

GangGreenTemperTatum

javascript:(function(){var scripts=document.getElementsByTagName("script"),regex=/(?<=(\"|\%27|\`))\/[a-zA-Z0-9_?&=\/\-\#\.]*(?=(\"|\'|\%60))/g,jsRegex=/(?<=(\"|\'|\%60))(?:\/|https?:\/\/)[a-zA-Z0-9_?&=\/\-\#\.]+\.js(?:\?[^"'%60]*)?(?=(\"|\'|\%60))/g;const results=new Set;const paramMap=new Map();const jsFiles=new Set();function processContent(t,src){var e=t.matchAll(regex);for(let r of e){results.add(r[0]);var params=r[0].split('?')[1];if(params){params.split('&').forEach(param=>{var [key,]=param.split('=');if(key){if(!paramMap.has(key)){paramMap.set(key,[]);}paramMap.get(key).push(src||'Inline script or HTML');}});}}var j=t.matchAll(jsRegex);for(let r of j){jsFiles.add(r[0]);}}for(var i=0;i<scripts.length;i++){var t=scripts[i].src;if(t){jsFiles.add(t);fetch(t).then(function(t){return t.text()}).then(text=>processContent(text,t)).catch(function(t){console.log("An error occurred: ",t)});}else{processContent(scripts[i].textContent);}}var pageContent=document.documentElement.outerHTML;processContent(pageContent

GangGreenTemperTatum

#!/usr/bin/env bash
# setup-recon.sh (v4)
# Works on Ubuntu / Debian / Kali
# Usage: sudo ./setup-recon.sh
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive

#-----------------------------
# Config
#-----------------------------

GangGreenTemperTatum

Summary

Executive summary

---

Background

Explain the application feature/functionality which is affected.

GangGreenTemperTatum

// custom action in Burp Suite that automatically sends a payload to all parameters in a request at once. This helps run basic checks automatically for every request sent through Repeater. You can customize it with your own payloads and create multiple actions as needed, a real timesaver.

var injReq = original.parameters().stream().reduce(
  original,
  (req, param) -> req.withUpdatedParameters(
    HttpParameter.parameter(
      param.name(),
      param.value() + "'AND'1'='1",
      param.type()
    )

GangGreenTemperTatum

#Gather JSFilesUrls

cat $target | gau | grep ".js$" | uniq | sort >> jsfile_links.txt
cat $target | subjs >> jsfile_links.txt
cat jsfile_links.txt | hakcheckurl | grep "200" | cut -d" " -f2 | sort -u > live_jsfile_links.txt

#Gather Endpoints From JsFiles

cat live_jsfile_links.txt | while read url; do python3 ./tools/LinkFinder/linkfinder.py -d -i $url -o cli; done > endpoints.txt

GangGreenTemperTatum

import time
from zapv2 import ZAPv2
from datetime import datetime

# --- Configuration ---
# ZAP Connection Details
ZAP_ADDRESS = "http://localhost"  # Or your ZAP's IP/hostname
ZAP_PORT = "8081"  # Or your ZAP's port
ZAP_API_KEY = "YOUR_ZAP_API_KEY"  # Replace with your ZAP API key if you have one set, otherwise leave as '' or None

GangGreenTemperTatum

Display responses that came from a server-side cache (Varnish/Cloudfront) with this filter bambda:

return requestResponse.response().headerValue("X-Cache").toLowerCase().contains("hit");

GangGreenTemperTatum

#!/bin/env python3

import argparse
import datetime
import re
import sys
import uuid

###############################################################################
# Based off of Daniel Thatcher's guid tool

GangGreenTemperTatum

import requests
import json
import os
import time

# Get the GitHub Personal Access Token from environment variable
gh_pat = os.getenv('GH_PAT')

if not gh_pat:
    print('Error: GH_PAT environment variable is not set. Please set the environment variable to run the script.' + '\n' + 'https://docs.github.com/en/rest/authentication/authenticating-to-the-rest-api?apiVersion=2022-11-28')