More cheatsheets

api/censys.md

@@ -29,9 +29,12 @@ cat cidrRanges.txt | xargs -I % sh -c 'echo %\\n; curl -s "https://search.censys
 
 ### Definitions
 ```
+autonomous_system.asn
+dns.names
+services.http.response.headers
+services.http.response.html_title
 services.port
-services.http.response.headers 
-services.http.response.html_title 
 services.software.product
+whois.organization.name
 ```
 

api/shodan.md

@@ -29,6 +29,7 @@ cat cidrRanges.txt | xargs -I % sh -c 'echo %\\n; curl -s "https://api.shodan.io
 ### Filters
 ```
 country:<country>
+hostname:<domain>
 http.title:<title>
 http.html:<keyword>
 http.favicon.hash:<murmurHash3>

api/zoomeye.md

@@ -1,19 +1,19 @@
 ### Source
-https://www.zoomeye.org/doc
+https://www.zoomeye.hk/doc
 
 ### Get current subscription status
 ```
-curl -s -X GET "https://api.zoomeye.org/resources-info" -H "API-KEY:<apiKey>"
+curl -s -X GET "https://api.zoomeye.hk/resources-info" -H "API-KEY:<apiKey>"
 ```
 
 ### Search for associated domain names
 ```
-curl -s -X GET "https://api.zoomeye.org/domain/search?q=<domain>" -H "API-KEY:<apiKey>
+curl -s -X GET "https://api.zoomeye.hk/domain/search?q=<domain>" -H "API-KEY:<apiKey>
 ```
 
 ### Send query to host endpoint
 ```
-curl -s -X GET "https://api.zoomeye.org/host/search?query=<query>" -H "API-KEY:<apiKey>"
+curl -s -X GET "https://api.zoomeye.hk/host/search?query=<query>" -H "API-KEY:<apiKey>"
 ```
 
 ### Host Filters
@@ -34,11 +34,12 @@ ver:<version>
 
 ### Send query to web endpoint
 ```
-curl -s -X GET "https://api.zoomeye.org/web/search?query=<query>" -H "API-KEY:<apiKey>"
+curl -s -X GET "https://api.zoomeye.hk/web/search?query=<query>" -H "API-KEY:<apiKey>"
 ```
 
 ### Web Filters
 ```
+asn:<asn>
 app:<wordpress>
 city:<city>
 country:<country>

linux/TeamEnum.md

@@ -0,0 +1,8 @@
+### Source
+https://github.com/sse-secure-systems/TeamsEnum
+
+### Enumerate email addresses
+```
+TeamsEnum -a password -u <user> -p "<password>" -f <outFile>
+```
+

linux/awk.md

@@ -23,3 +23,8 @@ awk '{print substr($1,1,2)}'
 awk 'length($1) < 10 { print $1 }'
 ```
 
+### Replace ; with :
+```
+awk -F ";" '{gsub(/;/, ":"); print}'
+```
+

linux/aws.md

@@ -0,0 +1,52 @@
+### Install
+```
+pip install awscli
+aws configure
+ls ~/.aws
+```
+
+### List instances
+```
+aws ec2 describe-instances
+```
+
+### List instances using ssh key
+```
+aws ec2 describe-instances --query 'Reservations[*].Instances[?KeyName==`<sshKey>`].[InstanceId,KeyName,State.Name]' --output text
+```
+
+### Create instance (amiId for Debian 12 eu-central-1 ami-0b1ceff20779a1adb)
+```
+aws ec2 run-instances --image-id <amiId> --count 1 --instance-type t2.micro --key-name <sshKey> --security-group-ids <groupId> --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=<name>},{Key=Project,Value=<project>}]'
+```
+
+### Delete instance
+```
+aws ec2 terminate-instances --instance-ids "<instanceId>"
+```
+
+### Get latest amiId of ubuntu
+```
+aws ssm get-parameters --names /aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id
+```
+
+### List security groups
+```
+aws ec2 describe-security-groups
+```
+
+### Create security group
+```
+aws ec2 create-security-group --group-name <groupName> --description "<description>"
+```
+
+### Add rule to security group
+```
+aws ec2 authorize-security-group-ingress --group-name <groupName> --protocol tcp --port <port> --cidr 0.0.0.0/0
+```
+
+### List subnets
+```
+aws ec2 describe-subnets --query 'Subnets[*].[SubnetId, AvailabilityZone, VpcId, Tags[?Key==`Name`].Value | [0]]'
+```
+

linux/dirsearch.md

@@ -11,8 +11,3 @@ dirsearch -u http://<domain> -e aspx,php,html -x 403,404 -r --timeout=1 -o <path
 --proxy=localhost:8080
 ```
 
-### Use 3 seconds delay between requests of multiple threads
-```
--s 3
-```
-

linux/dnsx.md

@@ -0,0 +1,13 @@
+### Source
+https://github.com/projectdiscovery/dnsx
+
+### Resolve domains to ipv4 from file
+```
+dnsx -a -l <file>
+```
+
+### Get asn of domain
+```
+dnsx -silent -l <file> -asn -resp
+```
+

linux/ffuf.md

@@ -1,8 +1,13 @@
 ### Source
 https://github.com/ffuf/ffuf  
 
-### Fuzz cgi directory (-e extensions, -t threads) - (https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/CGI-XPlatform.fuzz.txt)
+### Fuzz webpath (-e extensions, -t threads) 
 ```
 ffuf -w <path>/SecLists/Discovery/Web-Content/CGI-XPlatform.fuzz.txt -u <rhost>/ccgi-bin/FUZZ -t <number> -e .sh,.pl,.cgi
 ```
 
+### Print 200 status code URLs
+```
+jq -r '.results[] | select(.status == 200) | .url' <file>.json
+```
+

linux/fish.md

@@ -3,8 +3,18 @@
 ~/.local/share/fish/fish_history
 ```
 
+### Print history with timestamps
+```
+history -t -R
+```
+
 ### Equivalent to bashrc
 ```
 ~/.config/fish/config.fish
 ```
 
+### Define and export variable
+```
+set -x varName "content"
+```
+

linux/gato.md

@@ -0,0 +1,13 @@
+### Source
+https://github.com/praetorian-inc/gato
+
+### Seach for public repositories that use self-hosted runners
+```
+gato search --sourcegraph --output-text <outFile> <keyword>
+```
+
+### Find pipeline vulnerabilities within GitHub repositories
+```
+gato enumerate --repositories <file>
+```
+

linux/gitfive.md

@@ -0,0 +1,8 @@
+### Source
+https://github.com/mxrch/gitfive
+
+### Enumerate username for list of e-mail addresses
+```
+gitfive emails <emailFile>
+```
+

linux/hashcat.md

@@ -60,15 +60,20 @@ hashcat -o <outfile> -m <hashType> -a 3 <fileToCrack> -1 ?l?u?d ?1?1?1?1?1?1 -m
 
 ### Cracking kerberoast, -O optimize kernel but also limits password length, -w workload high (speeds up but can also affect availability)
 ```
-hashcat -a 0 -o <resultFile> -m 13100 <fileToCrack> <wordlist> -O -r <pathToRule> -w 3
+hashcat -a 0 -o <resultFile> -m 13100 <hashFile> <wordlist> -O -r <ruleFile> -w 3
 ```
 
-### Cracking wpa2
+### Crack WPA2
 ```
 cap2hccapx <input>.pcap <output>.hccapx [<essid1>] [<essid2>]
 hashcat -m 2500 -a 0 <wordlist> <file>.hccapx
 ```
 
+### Crack NTLM
+```
+hashcat -a 0 -o <resultFile> -m 1000 <hashFile> <wordlist> --potfile-path <potFile> --session <sessionName> --quiet
+```
+
 ### Show results
 ```
 hashcat -m <hashId> <resultFile> --show

linux/holehe.md

@@ -0,0 +1,8 @@
+### Source
+https://github.com/megadose/holehe
+
+### Check if e-mail address was used for different services
+```
+holehe --no-clear <email>
+```
+

linux/ldap-scanner.md

@@ -3,6 +3,6 @@ https://raw.githubusercontent.com/GoSecure/ldap-scanner/master/ldap-scanner.py
 
 ### Check for signature requirements over LDAP
 ```
-ldap-scanner.py -hashes <lm:<ntlm> <rhost>
+ldap-scanner.py -hashes <lm:ntlm> <rhost>
 ```
 

linux/nuclei.md

@@ -26,3 +26,8 @@ nuclei -tags osint -var user=<user> -o <file>
 nuclei -tl
 ```
 
+### Print all wordpress hosts
+```
+cat <nucleiScan>.json | jq -r 'select(.["template-id"] | contains("wordpress")) | .host'
+```
+

linux/roadrecon.md

@@ -0,0 +1,29 @@
+### Source
+https://github.com/dirkjanm/ROADtools
+
+### Start graphical interface
+```
+roadrecon gui
+```
+
+### Load local database
+```
+roadrecon gui -d <file>.db
+```
+
+### Generate bloodhound graph
+```
+roadrecon plugin bloodhound -d <file>.db -du <user> -dp <password>
+```
+
+### Generate conditional access policy HTML
+```
+roadrecon plugin policies -d <file>.db -p
+```
+
+### Generate csv file from database
+```
+roadrecon plugin xlsexport -v -d <file>.db
+libreoffice --headless --convert-to csv <file>.xls --outdir <outdir>
+```
+

linux/subfinder.md

@@ -1,5 +1,5 @@
 ### Source
-https://github.com/projectdiscovery/subfinder  
+https://github.com/projectdiscovery/subfinder
 
 ### Find domains using OSINT
 ```

linux/systemd-run-script-every-x-seconds.md

@@ -1,4 +1,4 @@
-# insert into: /etc/systemd/system/<jobName>.service  
+### vim /etc/systemd/system/jobName.service  
 ```
 [Unit]
 Description=<description>
@@ -8,7 +8,7 @@ Type=forking
 ExecStart=/bin/bash <path/to/script>.sh
 ```
 
-# insert into: /etc/systemd/system/<jobName>.timer  
+### vim /etc/systemd/system/jobName.timer  
 ```
 [Unit]
 Description=<description>
@@ -43,3 +43,8 @@ echo "text" | systemd-cat -p info
 systemctl list-unit-files
 ```
 
+### Reset failed jobs
+```
+systemctl reset-failed
+```
+

linux/vim.md

@@ -177,6 +177,11 @@ dw
 shift + a
 ```
 
+### Delete all chars inside delimiter (example ")
+```
+c + i + "
+```
+
 ### Write output of command directly to vim
 ```
 :read ! <command>

linux/wg.md

@@ -0,0 +1,18 @@
+### Install
+```
+# Ubuntu Debian
+apt install wireguard
+
+# Fedora
+dnf install wireguard-tools
+
+# Arch
+pacman -S wireguard-tools
+```
+
+### Generate configuration
+```
+wg genkey | sudo tee /etc/wireguard/private.key 
+cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key
+```
+

snippet/py/printHtml.py → snippet/py/printMultipleLines.py

@@ -1,6 +1,3 @@
-print('Content-Type: text/html')
-print()
-
 print('''
 <!DOCTYPE html>
 <html> 

snippet/sh/ifFileContainString.sh

@@ -0,0 +1,7 @@
+if grep -q "str" "f.txt"
+then
+    echo "str in file"
+else
+    echo "str not in file"
+fi
+