Rafal Janicki bl4de

## cloud_metadata.txt
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories

http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key

## breadcrumbComponent.js
'use strict';
angular.module('breadcrumb-component', [])
    .component('breadcrumb', {
        restrict: 'E',
        bindings: {
            path: '<'
        },
        controller: class breadcrumbCtrl {
            constructor() {}
            $onInit() {}

## breadcrumbComponent.js
'use strict';
angular.module('gbreadcrumb-component', [])
    .component('breadcrumb', {
        restrict: 'E',
        bindings: {
            path: '<',
            active: '<'
        },
        controller: class breadcrumbCtrl {
            constructor() {}

## ip_encoder.py
import sys


def to_octets(ip):
    return [int(i) for i in ip.split('.')]


def dotless_decimal(ip):
    octets = to_octets(ip)
    result = octets[0] * 16777216 + octets[1] * \

## exploit.py

#!/usr/bin/env python


# XXXX.asp time-based SQL injection PoC exploit
# Rafal 'bl4de' Janicki

import requests

# base url

## h1_report_tpl.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              2 stars
            
          
                bl4de
                / h1_report_tpl.md
            
            
              Last active
              November 16, 2023 07:53
            
              
                HackerOne report template
              
          
    Intro

Any information required by PROGRAM, like 'keywords' used by Concrete5, Phabricator etc.
Summary

summary of the vulnerability - where, what, why :)
Steps to reproduce


## wordlist.txt
api
api_key
api_secret_key
secret_key
secret
BEGIN
PRIVATE
private
PRIVATE_KEY
private_key

## annotated.js
(
  [
    ,
    ウ,                          // "o"
    ,
    ,
    ,
    ア                           // "c"
  ] =

## waybackurls.py
import requests
import sys
import json


def waybackurls(host, with_subs):
    if with_subs:
        url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host
    else:
        url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host

## tools.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              5 stars
            
          
                bl4de
                / tools.md
            
            
              Created
              July 25, 2017 10:16
            
              
                Tools from @jhaddix TBHMv2 #LevelUp @bugcrowd (from https://github.com/DaniLabs/tools-tbhm)
              
          
    Tools of The Bug Hunters Methodology V2

NOTE: The following list has been created based on the PPT "The Bug Hunters Methodology V2 by @jhaddix"
Discovery


Sublist3r (Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT).
Brutesubs (An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose).
Cloudflare_enum (Cloudflare DNS Enumeration Tool for Pentesters).
Censys.py (Quick and Dirty script to use the Censys API to query subdomains of a target domain).
massdns (A high-performance DNS stub resolver).
	## AWS
	# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories

	http://169.254.169.254/latest/user-data
	http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
	http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
	http://169.254.169.254/latest/meta-data/ami-id
	http://169.254.169.254/latest/meta-data/reservation-id
	http://169.254.169.254/latest/meta-data/hostname
	http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
	'use strict';
	angular.module('breadcrumb-component', [])
	.component('breadcrumb', {
	restrict: 'E',
	bindings: {
	path: '<'
	},
	controller: class breadcrumbCtrl {
	constructor() {}
	$onInit() {}
	'use strict';
	angular.module('gbreadcrumb-component', [])
	.component('breadcrumb', {
	restrict: 'E',
	bindings: {
	path: '<',
	active: '<'
	},
	controller: class breadcrumbCtrl {
	constructor() {}
	import sys


	def to_octets(ip):
	return [int(i) for i in ip.split('.')]


	def dotless_decimal(ip):
	octets = to_octets(ip)
	result = octets[0] * 16777216 + octets[1] * \

	#!/usr/bin/env python


	# XXXX.asp time-based SQL injection PoC exploit
	# Rafal 'bl4de' Janicki

	import requests

	# base url
	api
	api_key
	api_secret_key
	secret_key
	secret
	BEGIN
	PRIVATE
	private
	PRIVATE_KEY
	private_key
	import requests
	import sys
	import json


	def waybackurls(host, with_subs):
	if with_subs:
	url = 'http://web.archive.org/cdx/search/cdx?url=.%s/&output=json&fl=original&collapse=urlkey' % host
	else:
	url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host