Spy0x7

import poe, sys

client = poe.Client("<POE_API_KEY_HERE>")
title=sys.argv[1]
path=sys.argv[2]
more=""
if len(sys.argv) > 3:
  more="\" and here is more information: "+sys.argv[3]

message="""generate a bug bounty report for me (hackerone.com), the title of the bug is """+title+""" and the vulnerability path is \""""+path+more+"""

Spy0x7

Fast Testing Checklist

A combination of my own methodology and the Web Application Hacker's Handbook Task checklist, as a Github-Flavored Markdown file

Contents

• Recon and analysis
• Test handling of access
• Test handling of input
• Test application logic
• Assess application hosting
• Miscellaneous tests

Spy0x7

POST /api/v2/accounts 
GET /api/v2/activities?since=cstest 
GET /api/v2/audit_logs?filter[source_type]=cstest&filter[source_id]=1&filter[actor_id]=1&filter[ip_address]=cstest&filter[created_at]=cstest&filter[action]=cstest&sort_by=cstest&sort_order=cstest&sort=cstest 
GET /api/v2/automations 
POST /api/v2/automations 
GET /api/v2/bookmarks 
POST /api/v2/bookmarks 
GET /api/v2/brands 
POST /api/v2/brands 
GET /api/v2/custom_objects 

Spy0x7

Pentesting-Exploitation

Pentesting-Exploitation Programs and Commands , Protocols Network / Ports

Table of Contents

• Table of Contents
• Recon
  • File enumeration
• Disk files

Spy0x7

#!/bin/bash
# Usage: ./download_apks.sh com.example.app

BUNDLE_FILES=$(adb shell pm path "$1")

for file in $BUNDLE_FILES; do
	CLEAN=$(echo "$file"|sed 's/[^:]*://')
	adb pull "$CLEAN" .
done

Spy0x7

console.log("[*] SSL Pinning Bypasses");
console.log(`[*] Your frida version: ${Frida.version}`);
console.log(`[*] Your script runtime: ${Script.runtime}`);

/**
 * by incogbyte
 * Common functions 
 * thx apkunpacker, NVISOsecurity, TheDauntless
 * Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
 * !!! THIS SCRIPT IS NOT A SILVER BULLET !!

Spy0x7

(?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k

Spy0x7

#!/usr/bin/env python


## $ ports.py nmap.xml
## 8.8.8.8:80
## 8.8.8.8:443
## 8.8.8.8:3305

#install requirements: pip install python-libnmap
#uses python 2

Spy0x7

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
   <system.webServer>
      <handlers accessPolicy="Read, Script, Write">
         <add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" />         
      </handlers>
      <security>
         <requestFiltering>
            <fileExtensions>
               <remove fileExtension=".config" />

Spy0x7

Exploit JMX-RMI

search?query=X-Blackboard-product%3A+Blackboard+Learn

Application	CVE	Infos	Port
APACHE CASSANDRA 3.8 / ZooKEEPER	CVE-2018-8016	LINK	7199
NI