The below table represents results of tests launched against F5 Big-IP ASM WAF appliance in it's XX version of YY and ZZ version of XY
Below names are to be passed to the --tamper= parameter of sqlmap.
The column Violation Rating represents most dominant rating of topmost 20 Requests observed by F5 in it's Security>>Event Logs:Application:Requests view.
The scale is 0-5.
| #!/usr/bin/python | |
| # | |
| # Pickle deserialization RCE payload. | |
| # To be invoked with command to execute at it's first parameter. | |
| # Otherwise, the default one will be used. | |
| # | |
| import cPickle | |
| import sys | |
| import base64 |
| #!/bin/bash | |
| # Forticlient SSL VPN Client launching script utilizing expect. | |
| # -------------------------------------------- | |
| # CONFIGURATION | |
| # If empty - script will take some simple logic to locate appropriate binary. | |
| FORTICLIENT_PATH="" |
XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.
The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.
| # | |
| # Script intended to ease malicious JS deobfuscation. | |
| # | |
| # Deobfuscates Locky Javascript transformations to a human readable JS | |
| # (most likely it will work with other malware obfuscation transformations as well) | |
| # | |
| # Try this out with: | |
| # $ python translate.py -f locky.js -s deobfuscate.py Deobfuscate | |
| # |
| #!/usr/bin/python3 | |
| # | |
| # SMTP Server configuration black-box testing/audit tool, capable of auditing | |
| # SPF/Accepted Domains, DKIM, DMARC, SSL/TLS, SMTP services, banner, Authentication (AUTH, X-EXPS) | |
| # user enumerations (VRFY, EXPN, RCPT TO), and others. | |
| # | |
| # Currently supported tests: | |
| # 01) 'spf' - SPF DNS record test | |
| # - 'spf-version' - Checks whether SPF record version is valid | |
| # - 'all-mechanism-usage' - Checks whether 'all' mechanism is used correctly |
| ### Original script and research by commial | |
| ### https://github.com/commial/experiments/tree/master/windows-defender | |
| ### Set LUADec_Path to binary | |
| ### https://github.com/viruscamp/luadec | |
| import struct | |
| import argparse | |
| import sys | |
| import os | |
| import io | |
| import subprocess |
| # | |
| # Simple Powershell script that removes ClickOnce deployments entirely from file system and registry. | |
| # Attempts to remove both installed and online-only deployments. | |
| # | |
| # Authored: Mariusz Banach / mgeeky, <mb [at] binary-offensive.com> | |
| # | |
| # Usage: | |
| # PS> . .\Cleanup-ClickOnce.ps1 | |
| # PS> Cleanup-ClickOnce -Name MyAppName | |
| # |
| #!/usr/bin/python3 | |
| # | |
| # CVE-2018-10993 libSSH authentication bypass exploit | |
| # | |
| # The libSSH library has flawed authentication/connection state-machine. | |
| # Upon receiving from connecting client the MSG_USERAUTH_SUCCESS Message | |
| # (as described in RFC4252, sec. 5.1.) which is an authentication response message | |
| # that should be returned by the server itself (not accepted from client) | |
| # the libSSH switches to successful post-authentication state. In such state, |
