This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
***** Auto-finder by dorks tool with Google API & Bing API ***** | |
@author: z0rtecx | |
@release date: dec-2014 | |
@version: 1.0.12122014 | |
@poc: good dork for find web pages whit SQLi vulnerability in ID parameter, e.g. "inurl:details.php?id=" | |
@description: This tool is for save time for you. It is gathering dorks of a txt file, and search potential web pages with SQLi vulnerability. ONLY FOR MySQL errors. | |
@features: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
org: org_name | |
kibana content-length:217 | |
org:”Amazon” ssl:”target” | |
ssl:”target” | |
html:”Dashboard Jenkins” http.component:”jenkins” | |
http.title:”302 Found” | |
http.component%3A”java” | |
https://www.shodan.io/host/ip#9200 | |
https://www.shodan.io/host/ip | |
X-Redirect-By: WordPress ssl:”name” |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# !/usr/bin/env python | |
# sslChainDeetz.py | |
# | |
# Dependencies: | |
# - shodan | |
# - pyOpenSSL | |
# | |
# Installation: | |
# sudo easy_install shodan | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Get all the F5 IPs from Shodan | Get script here : https://gist.github.com/LuD1161/2087aea80e8771a4af069c33b4078570 | |
python3 shodan_query.py "http.favicon.hash:-335242539" results_f5.txt | tee -a output.txt | |
cat output.txt | grep -i "host :" | cut -d":" -f2 | cut -d" " -f2 | httpx -threads 400 -ports 80,443,8443,4443 -silent | nuclei -t cves/CVE-2020-5902.yaml -o results.txt | |
cut -d" " -f3 results.txt > targets.txt | |
sed -i -e "s/\.\;/\.\\\;/g" targets.txt # escape semicolon to pass to interlace | |
interlace -tL ./targets.txt -threads 100 -c "echo _target_; curl --insecure -v _target_ 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }'" -v | tee -a all_certs.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"proxy":{ | |
"ssl_pass_through":{ | |
"automatically_add_entries_on_client_ssl_negotiation_failure":false, | |
"rules":[ | |
{ | |
"enabled":true, | |
"host":".*\\.google\\.com", | |
"protocol":"any" | |
}, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import httplib | |
import urllib | |
http = httplib.HTTPSConnection('example.com', 443) | |
cookie = 'your=cookies'; | |
http.request("GET", "/api/v1/csrf", "", { | |
'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.146 Safari/537.36', | |
'referer': 'https://example.com/', |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from pydriller import RepositoryMining | |
import re | |
import base64 | |
foundSet = set() | |
for commit in RepositoryMining('./').traverse_commits(): | |
for mod in commit.modifications: | |
if mod.source_code_before != None: | |
regex = re.findall(r"<text encoding=\"base64\">[^>]+</text>", mod.source_code_before) | |
for result in regex: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code | |
https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code | |
https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code | |
https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code | |
https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code | |
https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code | |
https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI |