This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| hello |
ihebski
/ CVE-2002-0561.yaml
Created
September 23, 2020 09:51
nuclei template for [CVE-2002-0561] Oracle 9iAS PL/SQL Gateway Web Admin Interface Null Authentication
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: CVE-2002-0561 | |
| info: | |
| name: Oracle 9iAS PL/SQL Gateway Web Admin Interface Null Authentication | |
| author: Segfolt | |
| severity: High | |
| requests: | |
| - method: GET | |
| path: |
ihebski
/ apache-webdav-directory-listing.yaml
Last active
December 18, 2023 06:50
nuclei template for Apache WebDAV Module PROPFIND Arbitrary Directory Listing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: apache-webdav-dir-listing | |
| info: | |
| name: Apache WebDAV Module PROPFIND Arbitrary Directory Listing | |
| author: segfolt | |
| severity: Medium | |
| # https://vuldb.com/?id.16000 | |
| requests: | |
| - raw: |
ihebski
/ hp-ilo4-CVE-2017-12542.yaml
Created
September 22, 2020 11:51
nuclei template for [CVE-2017-12542] iLO 4 < 2.53 - Add New Administrator User
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: CVE-2017-12542 | |
| info: | |
| name: iLO 4 < 2.53 - Add New Administrator User | |
| author: segfolt | |
| severity: High | |
| # Exploit Source: https://www.exploit-db.com/exploits/44005 | |
| # Reference: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf03769en_us | |
| requests: | |
| - raw: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # @ih3bski | |
| from flask import Flask | |
| from flask_sqlalchemy import SQLAlchemy | |
| import uuid | |
| from loguru import logger | |
| import sys | |
| app = Flask(__name__) |
ihebski
/ Reflected xss
Last active
August 18, 2020 00:23
catch reflected xss -> check if FUZZ is reflected
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo subdomains | grep '=' | qsreplace FUZZ\" -a | while read url;do target=$(curl -s -l $url | egrep -o '(FUZZ"|FUZZ\\")'); echo -e "Target:\e[1;33m $url\e[0m" "$target" "\n-------"; done | sed 's/FUZZ"/[Xss Possible] Reflection Found/g' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat domains.txt | parallel -j250 'nmap -Pn --top-ports 100 -T4 -vv --open -oN results.txt {}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat subdomains.txt | parallel -j250 'host {} | grep "has address" | cut -d " " -f1,4' | sort -u |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat hosts.txt | parallel -j255 'netcat -znv -w 1 {} 80 443 8080 25' &> nc-scan.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Usage : | |
| # $ echo "host1 host2 host3" | ./scanner | |
| # $ cat myservers | ./scanner | |
| # | |
| servers="$(cat)" | |
| for servers in $servers; do | |
| host $servers | host $servers | cut -d ' ' -f1,4 |