My collection of pentesting and bug bounty hunting tricks/scripts
[+] AUTOR: Heitor Gouvêa
[+] EMAIL: [email protected]
[+] WEBSITE: https://heitorgouvea.me
[+] GITHUB: https://github.com/GouveaHeitor
git clone https://github.com/GouveaHeitor/security-spellbook
cd security-spellbook
# building image
$ docker build --rm --squash -t kali .
# create alias command
$ alias kali='docker run -p 1337:1337 -v /Users/$(whoami)/Documents/Workstation:/home/ -ti kali /bin/bash' # enumarate subdomains
$~ for subdomain in $(cat wordlists/subdomains.txt);do ruby network/check.rb ${subdomain}target.com; done
# port scanning
$~ for port in {1..65535}; do perl network/portscan.pl target.com $port; done
# range scanning
$~ for host in {21..25}; do perl network/portscan.pl 104.24.111.${host} 80; done
# links extract
$~ perl web/links.pl https://target.com
# admin finder
$~ perl web/adminfinder.pl https://target.com
# backdoor access
$~ perl network/backdoor.pl # agent
$~ nc 127.0.0.1 21666 # client $ docker stop $(docker ps -a -q)
$ docker rm $(docker ps -a -q)- Report bugs via issues page.
- This work is licensed under MIT License
- Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕) See here the contribution guidelines