h4x0r-dz
/ Generic keys
Created
May 5, 2022 09:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k |
fnmsd
/ FindClass_dfs.java
Created
June 21, 2020 12:02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Author:fnmsd | |
| //Blog:https://blog.csdn.net/fnmsd | |
| import javax.servlet.http.HttpServletRequest; | |
| import javax.servlet.http.HttpServletResponse; | |
| import java.lang.reflect.Field; | |
| import java.util.HashSet; | |
| import java.util.Scanner; | |
| public class dfs { |
ykoster
/ qradar_deserialize.py
Created
April 16, 2020 08:12
Proof of concept for Java deserialization vulnerability in QRadar RemoteJavaScript Servlet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import json | |
| import random | |
| import urllib3 | |
| import requests | |
| import urllib.parse | |
| base_url='https://127.0.0.1/' | |
| username='admin' | |
| password='initial' |
1mm0rt41PC
/ disable-android-ssl-pinning.js
Last active
January 24, 2023 08:42
— forked from cubehouse/pinning.js
A Frida script to bypass SSL Pinning on Android and webview security. https://blog.jamie.holdings/2019/01/19/advanced-certificate-bypassing-in-android-with-frida/. An update has been done here => https://codeshare.frida.re/@akabe1/frida-multiple-unpinning/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // start with: | |
| // frida -U -l pinning.js -f [APP_ID] --no-pause | |
| Java.perform(function () { | |
| console.log('') | |
| console.log('===') | |
| console.log('* Injecting hooks into common certificate pinning methods *') | |
| console.log('===') | |
| var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager'); |
PsychoTea
/ PanicParser.py
Last active
June 11, 2023 19:54
A collection of useful iOS-related scripts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import json | |
| import re | |
| kslide = 0x0 | |
| if len(sys.argv) < 2: | |
| print("Usage: PanicParser.py [file path]") | |
| exit() |
ndavison
/ hbh-header-abuse-test.py
Last active
July 3, 2024 07:49
Attempts to find hop-by-hop header abuse potential against the provided URL.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # github.com/ndavison | |
| import requests | |
| import random | |
| import string | |
| from argparse import ArgumentParser | |
| parser = ArgumentParser(description="Attempts to find hop-by-hop header abuse potential against the provided URL.") | |
| parser.add_argument("-u", "--url", help="URL to target (without query string)") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # coding=utf-8 | |
| # python3 | |
| from urllib.parse import urlparse | |
| import requests | |
| import urllib3 | |
| from bs4 import BeautifulSoup |
0x4D31
/ libssh_server_fingerprints.md
Last active
February 3, 2024 18:51
[libssh server fingerprints] An analysis of Censys Public Scan 20180807 (only port 22) to estimate the number of servers {potentially} vulnerable to the recent Libssh bug #libssh #hassh
An analysis of Censys Public Scan 20180807 (only port 22) to estimate the number of servers {potentially} vulnerable to the recent Libssh bug.
NewerOlder