Skip to content

Instantly share code, notes, and snippets.

View DanaEpp's full-sized avatar
☠️
Flippin' duh bits. Dumping core.

Dana Epp DanaEpp

☠️
Flippin' duh bits. Dumping core.
57 followers · 1 following
View GitHub Profile
@DanaEpp
DanaEpp / setup_vpn.sh
Created May 12, 2021 22:26
My disposable VPN script I use during external #redteam engagements
#!/bin/bash
# Author: Dana Epp (@danaepp)
GROUP_NAME="DisposableVPN"
VM_NAME="DisposableVPN"
REGION="canadacentral"
PORT="51820"
echo "Creating resource group '$GROUP_NAME'..."
@DanaEpp
DanaEpp / dump-endpoints.jq
Created November 26, 2022 00:05
jq query and filter to dump the HTTP method, route and description of every endpoint in an OpenAPI 3.0 document. Usage: jq -r -f dump-endpoints.jq openapidoc.json
.paths | to_entries | map(select(.key | test("^x-") | not)) | map ( .key as $path | .value | to_entries | map( select( .key | IN("get", "put", "post", "delete", "options", "head", "patch", "trace")) | { method: .key, path: $path, summary: .value.summary?, deprecated: .value.deprecated? })[] ) | map( .method + "\t" + .path + "\t" + .summary + (if .deprecated then " (deprecated)" else "" end)) []
@DanaEpp
DanaEpp / guid_reaper.py
Created October 20, 2022 17:56
Tool to dump v1 GUIDs and generate a wordlist of GUIDs for use in bruteforce attacks against APIs with predictable GUIDs
#!/bin/env python3
import argparse
import datetime
import re
import sys
import uuid
###############################################################################
# Based off of Daniel Thatcher's guid tool
@DanaEpp
DanaEpp / nosql-injection-payloads-for-postman.json
Created September 20, 2022 22:18
NoSQL injection payloads for Postman
[
{"payload":"'"},
{"payload":"''"},
{"payload":";%00"},
{"payload":"--"},
{"payload":"-- -"},
{"payload":"\"\""},
{"payload":";"},
{"payload":"' OR '1"},
{"payload":"' OR 1 -- -"},
@DanaEpp
DanaEpp / txt_to_postman_b64_json.py
Created March 27, 2024 20:58
A simple Python script that will convert and encode a Big List of Naughty Strings (BLNS) into a JSON file that Postman can use
#!/usr/bin/env python3
from argparse import ArgumentParser, Namespace
import os
import base64
import json
def main(srcFile: str, dstFile:str) -> None:
if not os.path.isfile(srcFile):