Skip to content

Instantly share code, notes, and snippets.

Avatar
🏠
Working from home

Akhil Reni akhil-reni

🏠
Working from home
View GitHub Profile
View sample.py
from mainAPI.models import Organization, OrganizationMember, User, Asset, Bug, CWE, CVE, Package, Mobile, Web, Code, Port, Cloud, Endpoint, Network, AssetHealth, Team, Permissions
import numpy as np
import random
import pandas as pd
import os
class Dummy:
def __init__(self):
self.create_organization()
@akhil-reni
akhil-reni / check_cve.py
Last active Jul 5, 2020
Check CVE-2020-5902 on a list of IPs
View check_cve.py
import requests
import logging
from concurrent.futures import ThreadPoolExecutor
import asyncio
from urllib3.exceptions import InsecureRequestWarning
# Suppress only the single warning from urllib3 needed.
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
@akhil-reni
akhil-reni / README.md
Created May 31, 2020
Recon using spyse
View README.md

Search ASN number using organization name

curl -X GET "https://api.spyse.com/v2/data/as/search?limit=100&search_params=%7B%22as_org%22%3A%5B%7B%22operator%22%3A%22contains%22%2C%22value%22%3A%22Oath%20Holdings%20Inc.%22%7D%5D%7D" -H "accept: application/json" -H "Authorization: Bearer token"

Fetch domains using ASN

curl -X GET "https://api.spyse.com/v2/data/as/domain?limit=100&asn=10310" -H "accept: application/json" -H "Authorization: Bearer token"
@akhil-reni
akhil-reni / SCAN_TO_ES.md
Last active May 23, 2020
An example how to normalise scan outputs and send to ES
View SCAN_TO_ES.md

Index per scan

elasticdump \
    --input="./output.json" \
    --output="http://127.0.0.1:9200" \
    --output-index="subfinder" \
    --limit=10000 \
    --type=data \
    --transform="doc._source=Object.assign({},doc)"
@akhil-reni
akhil-reni / payload_generator.py
Last active Apr 27, 2020
payload_generator.py
View payload_generator.py
def payload_generator(context):
payloads = []
if context == 'attribname':
payloads = []
comb = {}
# check for escaping < >
comb['payload'] = "\"><svg onload=prompt`812132`>"
comb['find'] = "//svg[@onload[contains(.,812132)]]"
payloads.append(comb)
@akhil-reni
akhil-reni / context_analyzer.py
Last active May 9, 2020
context_analyzer.py
View context_analyzer.py
from lxml import html
import re
class ContextAnalyzer:
def __init__(self, response_text, search_string):
self.get_contexts(response_text, search_string)
@staticmethod
@akhil-reni
akhil-reni / create_insertions.py
Created Apr 26, 2020
Create insertion points in a HTTP raw request
View create_insertions.py
import copy
class GetInsertionPoints:
def __init__(self, request):
self.request = request
self.requests = []
self.params(append=True)
self.body(append=True)
@akhil-reni
akhil-reni / request_parser.py
Last active Mar 25, 2021
Raw HTTP Request parser
View request_parser.py
from __future__ import absolute_import, unicode_literals
from http.server import BaseHTTPRequestHandler
from io import BytesIO
from urllib import parse
class Request:
def __init__(self):
self.headers = None
View gist:1eb4dd38549f81d0e108488e40e023ae
<html>
<script>
function bindEvent(element, eventName, eventHandler) {
if (element.addEventListener){
element.addEventListener(eventName, eventHandler, false);
} else if (element.attachEvent) {
element.attachEvent('on' + eventName, eventHandler);
}
}
bindEvent(window, 'message', function (e) {
@akhil-reni
akhil-reni / cidrtoips.py
Created Nov 9, 2019
cat cidr.txt | python3 cidrtoips.py
View cidrtoips.py
import ipaddress
import fileinput
ips = []
for line in fileinput.input():
try:
ips.extend(list(ipaddress.ip_network(line.strip())))
except:
pass