Skip to content

Instantly share code, notes, and snippets.

@BuffaloWill
BuffaloWill / cloud_metadata.txt
Last active Mar 2, 2021
Cloud Metadata Dictionary useful for SSRF Testing
View cloud_metadata.txt
## IPv6 Tests
http://[::ffff:169.254.169.254]
http://[0:0:0:0:0:ffff:169.254.169.254]
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
@BuffaloWill
BuffaloWill / content-types.txt
Last active Feb 28, 2021
Content-Type Dictionary Bruteforcing
View content-types.txt
# from https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
application/1d-interleaved-parityfec
application/3gpdash-qoe-report+xml
application/3gpp-ims+xml
application/a2l
application/activemessage
application/alto-costmap+json
application/alto-costmapfilter+json
application/alto-directory+json
View hex_00_to_FF
00
01
02
03
04
05
06
07
08
09
@BuffaloWill
BuffaloWill / soft_404_check.py
Last active Jan 25, 2021
Checks if the provided URL(s) are likely soft 404s
View soft_404_check.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import sys
import requests
import soft404
###
# usage:
# - The script prints the URL to stdout if it is unlikely to be a soft 404.
@BuffaloWill
BuffaloWill / file_extensions.txt
Created Apr 19, 2019
File Extension Dictionary (decent) Bruteforcing
View file_extensions.txt
aw
atom
atomcat
atomsvc
ccxml
cdmia
cdmic
cdmid
cdmio
cdmiq
@BuffaloWill
BuffaloWill / reset_pass.sh
Created Sep 3, 2016
Reset Password for a User with Installed version
View reset_pass.sh
#!/bin/sh
cmd=`basename $0`
CWD=`pwd`
SCRIPTDIR=/opt/Serpico/embedded/bin
EMBEDDED=/opt/Serpico/embedded
SERPDIR=/opt/Serpico/Serpico
uname=$1
pass=$2
View censys_cert_search.rb
#!/usr/bin/ruby
# deps
# gem install curb dnsruby
#
# might need on ubuntu:
# sudo apt-get install libcurl4-openssl-dev
require 'json'
require 'curb'
@BuffaloWill
BuffaloWill / ip_gen.rb
Last active Jun 21, 2020
Generic IP List Generator
View ip_gen.rb
irb --simple-prompt --noecho
require 'ipaddr'
# RFC 1918
# 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
#IPAddr.new("10.0.0.0/8").to_range.to_a.each{ |ip| puts ip }
#IPAddr.new("172.16.0.0/12").to_range.to_a.each{ |ip| puts ip }
#IPAddr.new("192.168.0.0/16").to_range.to_a.each{ |ip| puts ip }
# prints up to NUM ips from the range
View content-type-list.json
[
{"desc":"Andrew Toolkit","mime":["application/andrew-inset"],"ext":["N/A"]},
{"desc":"Applixware","mime":["application/applixware"],"ext":["aw"]},
{"desc":"Atom Syndication Format","mime":["application/atom+xml"],"ext":["atom"]},
{"desc":"Atom Publishing Protocol","mime":["application/atomcat+xml"],"ext":["atomcat"]},
{"desc":"Atom Publishing Protocol Service Document","mime":["application/atomsvc+xml"],"ext":["atomsvc"]},
{"desc":"Voice Browser Call Control","mime":["application/ccxml+xml,"],"ext":["ccxml"]},
{"desc":"Cloud Data Management Interface (CDMI) - Capability","mime":["application/cdmi-capability"],"ext":["cdmia"]},
{"desc":"Cloud Data Management Interface (CDMI) - Contaimer","mime":["application/cdmi-container"],"ext":["cdmic"]},
{"desc":"Cloud Data Management Interface (CDMI) - Domain","mime":["application/cdmi-domain"],"ext":["cdmid"]},
@BuffaloWill
BuffaloWill / import_vulndb_serpico.rb
Last active May 9, 2020
Import VulnDB into the Serpico Template Database
View import_vulndb_serpico.rb
# An example script to import VulnDB data into the Serpico Template database
# => Must be run from the Serpico root directory
#
# Serpico: https://github.com/MooseDojo/Serpico
# VulnDB: https://github.com/vulndb/data
# Author: https://github.com/BuffaloWill
require './model/master.rb'
require 'json'