More cheatsheets

r1cksec · Feb 3, 2024 · 62ccfd7 · 62ccfd7
1 parent 10da663
commit 62ccfd7
Show file tree

Hide file tree

Showing 23 changed files with 265 additions and 24 deletions.
diff --git a/api/bevigil.md b/api/bevigil.md
@@ -0,0 +1,13 @@
+### Source
+https://osint.bevigil.com
+
+### Search for keyword in s3 bucket URLs
+```
+curl -s --location --request GET "http://osint.bevigil.com/api/<keyword>/S3-keyword" --header "X-Access-Token: <apiKey>"
+```
+
+### Get subdomains
+```
+curl --location --request GET "http://osint.bevigil.com/api/<domain>/subdomains" --header "X-Access-Token: <apiKey>"
+```
+
diff --git a/api/fullhunt.md b/api/fullhunt.md
@@ -0,0 +1,13 @@
+### Source
+https://api-docs.fullhunt.io
+
+### Get information about hoster, certificates, DNS records, open ports 
+```
+curl "https://fullhunt.io/api/v1/domain/<domain>/details" -H "X-API-KEY: <apiKey>"
+```
+
+### Get subdomains
+```
+curl "https://fullhunt.io/api/v1/domain/<domain>/subdomains" -H "X-API-KEY: <apiKey>"
+```
+
diff --git a/api/grayhatwarfare.md b/api/grayhatwarfare.md
@@ -0,0 +1,13 @@
+### Source
+https://buckets.grayhatwarfare.com/docs/api/v2
+
+### Get subscription status
+```
+curl -s --request GET --url "https://buckets.grayhatwarfare.com/api/account" --header "Authorization: Bearer <apiKey>"
+```
+
+### Search for buckets that contain given string
+```
+curl -s --request GET --url "https://buckets.grayhatwarfare.com/api/v2/files?keywords=<keyword>&start=0&limit=1000" --header "Authorization: Bearer <apiKey>"
+```
+
diff --git a/api/hunter.md b/api/hunter.md
@@ -1,7 +1,12 @@
 ### Source
 https://hunter.io/api-keys
 
-### Get email addresses
+### Get details about current subscription
+```
+curl -s "https://api.hunter.io/v2/account?api_key=<apiKey>"
+```
+
+### Get email addresses and social media profiles
 ```
 curl -s "https://api.hunter.io/v2/domain-search?domain=<domain>&api_key=<apiKey>"
 ```
@@ -11,8 +16,13 @@ curl -s "https://api.hunter.io/v2/domain-search?domain=<domain>&api_key=<apiKey>
 curl -s "https://api.hunter.io/v2/email-finder?domain=<domain>&first_name=<firstname>&last_name=<lastname>&api_key=<apiKey>"
 ```
 
-### Get sources of email address
+### Verify email address
 ```
 curl -s "https://api.hunter.io/v2/email-verifier?email=<email>&api_key=<apiKey>"
 ```
 
+### Get rootdomains for company
+```
+curl -s "https://hunter.io/v2/domains-suggestion?query=<company>"
+```
+
diff --git a/api/intelx.md b/api/intelx.md
@@ -0,0 +1,13 @@
+### Source
+https://github.com/IntelligenceX/SDK/blob/master/Intelligence%20X%20API.pdf
+
+### Send search request for email addresses (sort 2 = most relevant items first”)
+```
+curl -s -X POST -H "Content-Type: application/json" -H "x-key: <apiKey>" 'https://2.intelx.io/phonebook/search' --data '{"term":"<domain>","lookuplevel":0,"maxresults":1000,"timeout":null,"datefrom":"","dateto":"","sort":2,"media":0,"terminate":[]}'
+```
+
+### Retreive results of given phonebook search id
+```
+curl -s -H "x-key: <apiKey>" 'https://2.intelx.io/phonebook/search/result?id=<resultId>'
+```
+
diff --git a/api/onyphe.md b/api/onyphe.md
@@ -1,7 +1,7 @@
 ### Source
 https://www.onyphe.io/docs/getting-started
 
-### Get subdomains, asn, ports etc
+### Get hostname, asn, ports etc
 ```
 curl -s -H "Content-Type: application/json" -H "Authorization: bearer <apiKey>" "https://www.onyphe.io/api/v2/search/?q=domain:<domain>"
 ```

diff --git a/api/robtex.md b/api/robtex.md
@@ -1,11 +1,10 @@
 ### Source
 https://www.robtex.com/api
 
-### Get domains that resolve to the given IP address and geolocation
+### Get domain history and GEO-location of given ip
 ```
 curl -s "https://freeapi.robtex.com/ipquery/<ip>"
 curl -s "https://freeapi.robtex.com/pdns/reverse/<ip>"
-curl -s "https://freeapi.robtex.com/ipquery/<ip>?key=<apiKey>"
 ```
 
 ### Get ip range of given ASN

diff --git a/api/securitytrails.md b/api/securitytrails.md
@@ -11,6 +11,11 @@ curl -s --request GET --url "https://api.securitytrails.com/v1/account/usage" --
 curl -s --request GET --url "https://api.securitytrails.com/v1/history/<domain>/whois" --header "accept: application/json" --header "APIKEY: <apiKey>"
 ```
 
+### Get historical DNS records (A, AAAA, MX, NS, SOA, TXT)
+```
+curl -s --request GET --url "https://api.securitytrails.com/v1/history/<domain>/dns/a" --header "accept: application/json" --header "APIKEY: <apiKey>"
+```
+
 ### Get mail-, nameserver and dns records
 ```
 curl -s --request GET --url "https://api.securitytrails.com/v1/domain/<domain>" --header "accept: application/json" --header "APIKEY: <apiKey>"

diff --git a/api/shodan.md b/api/shodan.md
@@ -31,6 +31,7 @@ cat cidrRanges.txt | xargs -I % sh -c 'echo %\\n; curl -s "https://api.shodan.io
 country:<country>
 http.title:<title>
 http.html:<keyword>
+http.favicon.hash:<murmurHash3>
 net:<networkCidr>
 org:<company>
 port:<port>

diff --git a/api/tomba.md b/api/tomba.md
@@ -0,0 +1,13 @@
+### Source
+https://app.tomba.io/api
+
+### Get email addresses and social media profiles
+```
+curl -s --request GET --url "https://api.tomba.io/v1/domain-search?domain=<domain>" --header "X-Tomba-Key: <apiKeyTa>" --header "X-Tomba-Secret: <apiKeyTs>"
+```
+
+### Validate email address
+```
+curl -s --request GET --url "https://api.tomba.io/v1/email-verifier/<email>" --header "X-Tomba-Key: <apiKeyTa>" --header "X-Tomba-Secret: <apiKeyTs>
+```
+
diff --git a/api/urlscan.md b/api/urlscan.md
@@ -1,6 +1,11 @@
 ### Source
 https://urlscan.io/docs/api
 
+### Return details about current subscription
+```
+curl -s "https://urlscan.io/user/quotas" -H "API-Key: <apiKey>"
+```
+
 ### Get root- and subdomains
 ```
 curl -s "https://urlscan.io/api/v1/search/?q=domain:<company>*" -H "API-Key: <apiKey>"

diff --git a/api/validin.md b/api/validin.md
@@ -6,8 +6,13 @@ https://app.validin.com/docs
 curl -s -H "Authorization: BEARER <apiKey>" "https://app.validin.com/api/axon/domain/dns/history/<domain>"
 ```
 
-### Get domains that resolve(d) to the given IP address
+### Perform historical reverse IP lookup on single IP
 ```
 curl -s -H "Authorization: BEARER <apiKey>" "https://app.validin.com/api/axon/ip/dns/history/<ip>"
 ```
 
+### Perform historical reverse IP lookup on range
+```
+curl -s -H "Authorization: BEARER <apiKey>" "https://app.validin.com/api/axon/ip/dns/history/<ip>/<cidr>"
+```
+
diff --git a/api/zoomeye.md b/api/zoomeye.md
@@ -6,6 +6,11 @@ https://www.zoomeye.org/doc
 curl -X GET "https://api.zoomeye.org/resources-info" -H "API-KEY:<apiKey>"
 ```
 
+### Search for associated domain names
+```
+curl -s -X GET "https://api.zoomeye.org/domain/search?q=<domain>" -H "API-KEY:<apiKey>
+```
+
 ### Send query to host endpoint
 ```
 curl -s -X GET "https://api.zoomeye.org/host/search?query=<query>" -H "API-KEY:<apiKey>"
@@ -16,12 +21,15 @@ curl -s -X GET "https://api.zoomeye.org/host/search?query=<query>" -H "API-KEY:<
 app:<ProFTPD>
 asn:<asn>
 cidr:<ipRangeCidr>
+city:<city>
 country:<country>
+device:<deviceType> 
 hostname:<hostname>
 ip:<ipv4>
 os:<windows>
 port:<port>
 service:<http>
+ver:<version>
 ```
 
 ### Send query to web endpoint
@@ -32,10 +40,13 @@ curl -s -X GET "https://api.zoomeye.org/web/search?query=<query>" -H "API-KEY:<a
 ### Web Filters
 ```
 app:<wordpress>
+city:<city>
 country:<country>
+desc:<description>
 header:<header>
 ip:<ipv4>
 keywords:<keyword>
+site:<site>
 title:<title>
 ```
 
diff --git a/linux/awk.md b/linux/awk.md
@@ -3,9 +3,9 @@
 cat <file> | awk -F '#' '{print $2,$3}'
 ```
 
-### Get all user in group vboxusers
+### Print last and second last match
 ```
-awk -F ':' '/vboxusers/{print $4}' /etc/group
+cat <file> | awk -F '.' '{print $(NF-1)"."$NF}'
 ```
 
 ### Convert to lower case

diff --git a/linux/bbot.md b/linux/bbot.md
@@ -0,0 +1,45 @@
+### Source
+https://github.com/blacklanternsecurity/bbot
+
+### Run passive subdomain enumeration
+```
+bbot -t <domain> -f subdomain-enum -rf passive
+```
+
+### OSINT sources without API key
+```
+anubis
+certspotter
+crtsh
+digitorus
+dnsdumpster
+hackertarget
+leakix
+myssl
+alienvault
+passivetotal
+rapiddns
+riddler
+sitedossier
+threatminer
+urlscan
+waybackarchive
+```
+
+### OSINT sources with API key
+```
+bevigil
+binaryedge
+builtwith
+c99
+censys
+chaos
+fullhunt
+github
+hunterio
+securitytrails
+shodan
+virustotal
+zoomeye
+```
+
diff --git a/linux/efibootmgr.md b/linux/efibootmgr.md
@@ -3,7 +3,7 @@
 efibootmgr
 ```
 
-### Delte boot entry (id does not need padding 0s)
+### Delete boot entry (id does not need padding 0s)
 ```
 efibootmgr --delete-bootnum --bootnum <id>
 ```

diff --git a/linux/git.md b/linux/git.md
@@ -1,7 +1,7 @@
-### Set email and username for all repositories (remove --global for current repository)
+### Configure email and username
 ```
-git config --global user.email "<mail>"
-git config --global user.name "<user>"
+git config user.name "r1cksec"
+git config user.email "[email protected]"
 ```
 
 ### Sign files with given key

diff --git a/linux/subfinder.md b/linux/subfinder.md
@@ -6,9 +6,55 @@ https://github.com/projectdiscovery/subfinder
 subfinder -d <domain>
 ```
 
-### OSINT sources:
+### OSINT sources without API key
 ```
-alienvault,archiveis,binaryedge,bufferover,censys,certspotter,certspotterold,commoncrawl,crtsh,digicert,dnsdumpster,dnsdb,entrust,googleter,hackertarget,intelx,ipv4info,passivetotal,rapiddns,securitytrails,shodan,sitedossier,sublist3r,spyse,threatcrowd,threatminer,urlscan,virustotal,waybackarchive,zoomeye
+alienvault
+anubis
+commoncrawl
+crtsh
+digitorus
+dnsdumpster
+gitlab
+hackertarget
+leakix
+netlas
+rapiddns
+reconcloud
+redhuntlabs
+riddler
+sitedossier
+threatminer
+waybackarchive
+```
+
+### OSINT sources with API key
+```
+bevigil
+binaryedge
+bufferover
+builtwith
+c99
+censys
+certspotter
+chaos
+chinaz
+dnsdb
+dnsrepo
+facebook
+fofa
+fullhunt
+github
+hunterio
+intelx
+passivetotal
+quake
+robtex
+securitytrails
+shodan
+threatbook
+virustotal
+whoisxml
+zoomeye
 ```
 
 ### API setup