rpriven
5b6af65def
Changes: - Added 80+ scripts with organized structure - payloads/ for third-party pentesting tools - pentesting/ for custom security scripts - Daily drivers remain flat for fast access - Converted wes() function to proper script - Removed .sh extensions from pentesting scripts - Cleaned up aliases (removed 31 redundant lines) - Added kanata/, build artifacts to gitignore - Removed old fre.sh scripts and empty a.out - Updated configs: helix, tmux, zsh, ulauncher, redshift Security: All sensitive data excluded via gitignore
74 lines
2.5 KiB
Bash
Executable file
74 lines
2.5 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
# Quick vulnerability testing helper
|
|
# Usage: quick-vuln-test.sh <url> <type>
|
|
# Types: xss, sqli, idor, csrf
|
|
|
|
set -euo pipefail
|
|
|
|
URL="${1:-}"
|
|
TYPE="${2:-}"
|
|
|
|
if [[ -z "$URL" ]] || [[ -z "$TYPE" ]]; then
|
|
echo "Usage: $0 <url> <type>"
|
|
echo "Types: xss, sqli, idor, csrf"
|
|
exit 1
|
|
fi
|
|
|
|
case "$TYPE" in
|
|
xss)
|
|
echo "[+] Testing for XSS..."
|
|
echo "[+] Basic payload: <script>alert(1)</script>"
|
|
echo "[+] Image payload: <img src=x onerror=alert(1)>"
|
|
echo "[+] SVG payload: <svg onload=alert(1)>"
|
|
echo ""
|
|
echo "[!] Test these in Burp Suite or manually"
|
|
echo "[!] Document which ones work in your findings"
|
|
;;
|
|
|
|
sqli)
|
|
echo "[+] Testing for SQL Injection..."
|
|
echo "[+] Basic test: '"
|
|
echo "[+] Boolean test: ' OR '1'='1"
|
|
echo "[+] UNION test: ' UNION SELECT NULL--"
|
|
echo "[+] Time-based: ' AND SLEEP(5)--"
|
|
echo ""
|
|
echo "[!] Use sqlmap for automated testing:"
|
|
echo "sqlmap -u '$URL' --batch --risk=3 --level=5"
|
|
;;
|
|
|
|
idor)
|
|
echo "[+] Testing for IDOR..."
|
|
echo "[+] 1. Create two test accounts"
|
|
echo "[+] 2. Log in as User A, identify resource ID"
|
|
echo "[+] 3. Log in as User B, try to access User A's resource"
|
|
echo "[+] 4. Check if authorization is enforced"
|
|
echo ""
|
|
echo "[!] Use Burp Suite to intercept and modify requests"
|
|
echo "[!] Look for IDs in: URL params, POST body, JSON, cookies"
|
|
;;
|
|
|
|
csrf)
|
|
echo "[+] Testing for CSRF..."
|
|
echo "[+] 1. Find state-changing action (password change, email update)"
|
|
echo "[+] 2. Intercept request in Burp Suite"
|
|
echo "[+] 3. Check for CSRF token in request"
|
|
echo "[+] 4. Remove token and replay - does it still work?"
|
|
echo "[+] 5. Check SameSite cookie attribute"
|
|
echo ""
|
|
echo "[!] If no CSRF protection, create PoC HTML page"
|
|
;;
|
|
|
|
*)
|
|
echo "[-] Unknown vulnerability type: $TYPE"
|
|
echo "Types: xss, sqli, idor, csrf"
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
echo ""
|
|
echo "[+] When you find a vulnerability:"
|
|
echo " 1. Take screenshots (Flameshot)"
|
|
echo " 2. Document PoC steps"
|
|
echo " 3. Copy template: cp ~/.claude/context/business/security/bug-bounty/templates/<type>.json ~/bug-bounty/discoveries/"
|
|
echo " 4. Fill in [BRACKETED] fields"
|
|
echo " 5. Generate report: bun run ~/.claude/context/business/security/bug-bounty/latex/generate.ts"
|