MrMoshkovitz MrMoshkovitz
| // Obsidian Plugin Sorter by Downloads: | |
| // This script will sort the plugins by downloads amount and print them in the console. | |
| // The script should be able to run in the browser console. | |
| // The Obsidian Plugin List Sorter by Downloads Amount script will sort the plugins by downloads amount in your browser html view and print them in the console. | |
| // The obsidian Plugins URL: https://obsidian.md/plugins | |
| // Solution: | |
| // 1. Get all the plugins divs |
Github Search is a quite powerful and useful feature that can be used to search for sensitive data on repositories. Collection of Github dorks can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pen-testing of systems.
github-dork.py is a simple python tool that can search through your repository or your organization/user repositories. It's not a perfect tool at the moment but provides basic functionality to automate the search on your repositories against the dorks specified in the text file.
A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.
- This script (optionally) accepts GCP user/service account credentials and a keyword.
- Then, a list of permutations will be generated from that keyword which will then be used to scan for the existence of Google Storage buckets with those names.
- If credentials are supplied, the majority of enumeration will still be performed while unauthenticated, but for any bucket that is discovered via unauthenticated enumeration, it will attempt to enumerate the bucket permissions using the TestIamPermissions API with the supplied credentials. This will help find buckets that are accessible while authenticated, but not while unauthenticated.
- Regardless if credentials are supplied or not, the script will then try to enumerate the bucket permissions using the TestIamPermissions API while unauthenticated. This means that if you don't enter credentials, you will only
MFA Authenticator for the command line.
This script gives a MFA code after 30 seconds from a given Secret key seed (QR code)
- Install pyotp (https://github.com/pyotp/pyotp) as:
pip install pyotp - Usage:
python mfacode.py SEED-HERE
CloudScraper is a Tool to spider and scrape targets in search of cloud resources. Plug in a URL and it will spider and search the source of spidered pages for strings such as 's3.amazonaws.com', 'windows.net' and 'digitaloceanspaces'. AWS, Azure, Digital Ocean resources are currently supported.
Non-Standard Python Libraries:
| #!/bin/bash | |
| # + -- --=[GooHak v1.4 by 1N3 | |
| # + -- --=[http://crowdshield.com | |
| # | |
| # ABOUT: | |
| # GooHak is a shell script to automatically launch google hacking queries | |
| # against a target domain to find vulnerabilities and enumerate a target. | |
| # | |
| # DEPENDENCIES: | |
| # iceweasel |
AWSBucketDump is a tool to quickly enumerate AWS S3 buckets to look for loot. It's similar to a subdomain bruteforcer but is made specifically for S3 buckets and also has some extra features that allow you to grep for delicious files as well as download interesting files if you're not afraid to quickly fill up your hard drive.
Non-Standard Python Libraries:
- xmltodict
| var i = 0; | |
| var num_of_items = 0; | |
| var stop = false; | |
| function startCheck(max) | |
| { | |
| i++; | |
| //document.querySelectorAll('div.h-a-Kd.a-Hd-mb')[0]; | |
| var bottom = document.querySelectorAll('div.h-a-Hd-mb.a-Hd-mb')[0]; | |
| bottom.scrollIntoView(); |