Skip to content

Instantly share code, notes, and snippets.

View adeptex's full-sized avatar
😎
I'll be back

Artëm Tsvetkov adeptex

😎
I'll be back
21 followers · 7 following
View GitHub Profile
@adeptex
adeptex / scanio.sh
Created February 10, 2022 22:55 — forked from haccer/scanio.sh
PoC script to mass-locate vulnerable subdomains using results from Rapid7's Project Sonar
#!/bin/bash
# Usage : ./scanio.sh <save file>
# Example: ./scanio.sh cname_list.txt
# Premium
function ech() {
spinner=( "|" "/" "-" "\\" )
while true; do
for i in ${spinner[@]}; do
echo -ne "\r[$i] $1"
@adeptex
adeptex / PwnedPasswords.md
Created August 22, 2021 02:18 — forked from simbo1905/PwnedPasswords.md
How To Load The HIBP Pwned Passwords Database Into Redis

How To Load The HIBP Pwned Passwords Database Into Redis

NIST recommends that when users are trying to set a password you should reject those that are commonly used or compromised:

When processing requests to establish and change memorized secrets, 
verifiers SHALL compare the prospective secrets against a list that 
contains values known to be commonly-used, expected, or compromised.

But how do you know what are the compromised passwords? Luckily Troy Hunter put a lot of effort into building the "Have I Been Pwned (HIBP)" database with the SHA1 hashes of 501,636,842 passwords that have been compromised on the internet. Sweet.