emadshanab
/ xss-image.svg
Created
May 14, 2024 15:48
— forked from rudSarkar/xss-image.svg
SVG Image XSS File
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
emadshanab
/ swagger-ui nuclei module
Created
August 28, 2022 08:03
— forked from kannthu/swagger-ui nuclei module
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: swagger-ui | |
| info: | |
| name: Swagger UI | |
| author: vidocsecurity | |
| severity: low | |
| description: Swagger UI exposes information about endpoints and sometimes it is vulnerable tu XSS | |
| tags: swagger-ui,exposure | |
| requests: |
emadshanab
/ dorks.txt
Created
March 2, 2024 00:57
— forked from HaseebCh-Hack/dorks.txt
List of Google Dorks for sites that have responsible disclosure program / bug bounty program
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| inurl /bug bounty | |
| inurl : / security | |
| inurl:security.txt | |
| inurl:security "reward" | |
| inurl : /responsible disclosure | |
| inurl : /responsible-disclosure/ reward | |
| inurl : / responsible-disclosure/ swag | |
| inurl : / responsible-disclosure/ bounty | |
| inurl:'/responsible disclosure' hoodie | |
| responsible disclosure swag r=h:com |
emadshanab
/ goip-default-login.yaml
Created
October 30, 2022 21:59
— forked from drfabiocastro/goip-default-login.yaml
GoIP GSM VoIP Gateway Default Login
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: goip-default-login | |
| info: | |
| name: GoIP GSM VoIP Gateway Default Login | |
| author: drfabiocastro | |
| severity: high | |
| description: GoIP GSM VoIP Gateway default login and password | |
| metadata: | |
| shodan-query: 'HTTP/1.0 401 Please Authenticate\r\nWWW-Authenticate: Basic realm="Please Login"' | |
| tags: voip,gateway,gsm |
emadshanab
/ reconftw.cfg
Created
December 28, 2023 04:20
— forked from jhaddix/reconftw.cfg
reconFTW config file: NO google/osint, wordlist creation, nuclei js analysis
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################################# | |
| # reconFTW config file # | |
| ################################################################# | |
| # General values | |
| tools=~/Tools # Path installed tools | |
| SCRIPTPATH="$( cd "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" # Get current script's path | |
| profile_shell=".$(basename $(echo $SHELL))rc" # Get current shell profile | |
| reconftw_version=$(git rev-parse --abbrev-ref HEAD)-$(git describe --tags) # Fetch current reconftw version | |
| generate_resolvers=false # Generate custom resolvers with dnsvalidator |
emadshanab
/ httpie.mailgun.sh
Created
December 26, 2023 15:56
— forked from james2doyle/httpie.mailgun.sh
Test the mailgun API with HTTPIE
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| DOMAIN="example.com" | |
| EMAIL="contact@personalemail.com" | |
| http -a 'api:key-00000000000000000000000000000000' \ | |
| -f POST "https://api.mailgun.net/v3/$DOMAIN/messages" \ | |
| from="Excited User <postmaster@$DOMAIN>" \ | |
| to="$EMAIL" \ | |
| subject="Hello" \ |
emadshanab
/ formalms-authbypass.yaml
Created
December 18, 2023 06:50
— forked from hacktivesec/formalms-authbypass.yaml
FormaLMS Authentication Bypass - Nuclei Template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: formalms-auth-bypass | |
| info: | |
| name: Formalms Auth Bypass | |
| author: Cristian `void` Giustini | |
| severity: high | |
| reference: https://blog.hacktivesecurity.com/index.php/2021/10/05/the-evil-default-value-that-leads-to-authentication-bypass-on-formalms/ | |
| tags: formalms | |
| cve: CVE-2021-43136 |
emadshanab
/ CVE-2019-18935.yaml
Created
December 18, 2023 06:50
— forked from ripp3rdoc/CVE-2019-18935.yaml
Telerik UI Insecure Deserialization — Nuclei Template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: CVE-2019-18935 | |
| info: | |
| name: Deserialization Vulnerability in Telerik UI for ASP.NET AJAX. | |
| author: Talson | |
| severity: critical | |
| description: | | |
| Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. | |
| remediation: | | |
| As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation. | |
| reference: |
emadshanab
/ error-based-sql-injection.yaml
Created
December 18, 2023 06:50
Error Based SQLi Template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: error-based-sql-injection | |
| info: | |
| name: Error based SQL injection | |
| author: geeknik | |
| severity: high | |
| description: Detects the possibility of SQL injection in 29 database engines. Inspired by https://github.com/sqlmapproject/sqlmap/blob/master/data/xml/errors.xml. | |
| tags: sqli | |
| requests: |
emadshanab
/ CVE-2021-44228.nuclei.yaml
Created
December 18, 2023 06:50
— forked from hazcod/CVE-2021-44228.nuclei.yaml
Nuclei template to scan for log4shell (CVE-2021-44228).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: CVE-2021-44228 | |
| info: | |
| name: Log4J RCE | |
| author: iNvist / hazcod | |
| severity: critical | |
| description: CVE-2021-44228 | |
| requests: | |
| - raw: |
NewerOlder