Ryan Dewhurst ethicalhack3r

## info.text
Get your API token from wpvulndb.com if you also want the vulnerabilities associated with the detected plugin displaying.

For all plugins with known vulnerabilities:

wpscan --url example.com -e vp --plugins-detection mixed --api-token YOUR_TOKEN

For all plugins in our database (could take a very long time):

wpscan --url example.com -e ap --plugins-detection mixed --api-token YOUR_TOKEN

## ids.txt
> select id from vulnerabilities where poc != '';
+------+
| id   |
+------+
| 6028 |
| 6219 |
| 6499 |
| 6548 |
| 7680 |
| 7710 |

## is_wordpress.rb
#!/usr/bin/env ruby

require 'wpscan'
require 'uri'

filename = ARGV[0]

def check_wordpress( website )
  WPScan::Browser.instance( disable_tls_checks: true )

## mad5.txt
Yes, this is a joke. But we will really be releasing a WordPress plugin. Let us know if you find any vulnerabilities ;)
9f10c5276812e8fdabc2c4e5bb75f836

## http_ntlm__auth_brute.rb
#!/usr/bin/env ruby

require 'typhoeus'

target_url = ARGV[0]
usernames  = File.read(ARGV[1]).split("\n")
passwords  = File.read(ARGV[2]).split("\n")

hydra = Typhoeus::Hydra.new

## wp_php_object_injection.rb
java_import 'burp.IBurpExtender'
java_import 'burp.IScannerCheck'
java_import 'burp.IScanIssue'

require 'java'
java_import 'java.util.Arrays'
java_import 'java.util.ArrayList'

#
# You will need to download JRuby's Complete.jar file from http://jruby.org/download and configure Burp Extender with its path.

## html_test.html
<a onafterprint="console.log(244599)" onbeforeprint="console.log(309354)" onbeforeunload="console.log(879813)" onerror="console.log(949564)" onhashchange="console.log(575242)" onload="console.log(301053)" onmessage="console.log(976974)" onoffline="console.log(796090)" ononline="console.log(432638)" onpagehide="console.log(504345)" onpageshow="console.log(696619)" onpopstate="console.log(398418)" onresize="console.log(943097)" onstorage="console.log(882233)" onunload="console.log(929443)" onblur="console.log(932104)" onchange="console.log(102339)" oncontextmenu="console.log(761265)" onfocus="console.log(188946)" oninput="console.log(143653)" oninvalid="console.log(304208)" onreset="console.log(318472)" onsearch="console.log(778420)" onselect="console.log(942035)" onsubmit="console.log(603589)" onkeydown="console.log(650647)" onkeypress="console.log(579383)" onkeyup="console.log(821763)" onclick="console.log(284098)" ondblclick="console.log(477370)" ondrag="console.log(439095)" ondragend="console.log(546684)" o

## magento_version.rb
#!/usr/bin/env ruby

require 'typhoeus'
require 'json'
require 'uri'
require 'digest/md5'

# https://raw.githubusercontent.com/gwillem/magento-version-identification/master/version_hashes.json

target  = ARGV[0]

## events.txt
loadedstart
onabort
onafterprint
onanimationend
onanimationiteration
onanimationstart
onautocomplete
onautocompleteerror
onbeforecopy
onbeforecut

## euskalhack.md

      
        
          
            
              
              1 file
            
          
          
            
              
              0 forks
            
          
          
            
              
              0 comments
            
          
          
            
              
              1 star
            
          
        
        
          
              
          
          
            
                ethicalhack3r
                / euskalhack.md
            
            
              Created
              February 29, 2016 15:36
            
              
                [CFP] EuskalHack (San Sebastian / Donostia) 2016
              
          
        
      
        
  
      
    Introduction
EuskalHack Security Congress is the first Ethical Hacking association in Euskadi, with the aim of promoting the community and culture in digital security to anyone who may be interested.
This exclusive conference is shaping up to be the most relevant in the Basque Country, with an estimated 125 attendees for the first edition.
The participants include specialised companies, state security organisations, professionals, hobbyists and students in the area of security and Information Technology.
Estimated date and location
	Get your API token from wpvulndb.com if you also want the vulnerabilities associated with the detected plugin displaying.

	For all plugins with known vulnerabilities:

	wpscan --url example.com -e vp --plugins-detection mixed --api-token YOUR_TOKEN

	For all plugins in our database (could take a very long time):

	wpscan --url example.com -e ap --plugins-detection mixed --api-token YOUR_TOKEN
	> select id from vulnerabilities where poc != '';
	+------+
	\| id \|
	+------+
	\| 6028 \|
	\| 6219 \|
	\| 6499 \|
	\| 6548 \|
	\| 7680 \|
	\| 7710 \|
	#!/usr/bin/env ruby

	require 'wpscan'
	require 'uri'

	filename = ARGV[0]

	def check_wordpress( website )
	WPScan::Browser.instance( disable_tls_checks: true )
	Yes, this is a joke. But we will really be releasing a WordPress plugin. Let us know if you find any vulnerabilities ;)
	9f10c5276812e8fdabc2c4e5bb75f836
	#!/usr/bin/env ruby

	require 'typhoeus'

	target_url = ARGV[0]
	usernames = File.read(ARGV[1]).split("\n")
	passwords = File.read(ARGV[2]).split("\n")

	hydra = Typhoeus::Hydra.new
	java_import 'burp.IBurpExtender'
	java_import 'burp.IScannerCheck'
	java_import 'burp.IScanIssue'

	require 'java'
	java_import 'java.util.Arrays'
	java_import 'java.util.ArrayList'

	#
	# You will need to download JRuby's Complete.jar file from http://jruby.org/download and configure Burp Extender with its path.
	#!/usr/bin/env ruby

	require 'typhoeus'
	require 'json'
	require 'uri'
	require 'digest/md5'

	# https://raw.githubusercontent.com/gwillem/magento-version-identification/master/version_hashes.json

	target = ARGV[0]
	loadedstart
	onabort
	onafterprint
	onanimationend
	onanimationiteration
	onanimationstart
	onautocomplete
	onautocompleteerror
	onbeforecopy
	onbeforecut