https://github.com/morkin1792/security-tests/blob/main/mobile/pinning.md
Vinícius morkin1792
- <img src onerror=alert(42)>
morkin1792
/ Android.md
Last active
March 2, 2024 00:49
Android Application Pentesting - Part 0 - Cheat Sheet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://github.com/morkin1792/security-tests/blob/main/subdomains.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env zsh | |
| # reference | |
| # https://wordlists.assetnote.io/ | |
| # https://github.com/danielmiessler/SecLists/ | |
| # https://github.com/fuzzdb-project/fuzzdb | |
| BASE=( | |
| 'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/common.txt' | |
| 'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Common-DB-Backups.txt' | |
| 'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Logins.fuzz.txt' |
- script tags
- attributes with event handler value (onload, onerror, ...)
- 2.1. some here
- 2.2. to discover others: search for events accepted by the app (use this list) and try to evolve to an xss
- 2.3.
alert(1) == location=window.atob`amF2YXNjcmlwdDphbGVydCgxKQoK`
- attributes with URL value
- 3.1. embed/src, iframe/src, object/data, a/href, button/formaction, form/action more in https://www.w3.org/TR/2017/REC-html52-20171214/fullindex.html#attributes-table
morkin1792
/ findGithubEmails.sh
Last active
July 22, 2023 22:25
This script finds GitHub users' emails
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function findGithubEmails() { | |
| username="$1" | |
| remove_fork="${2:-N}" | |
| if [ -z $ZSH_VERSION ]; then | |
| printf "$(hostname): Oops, this script requires zsh! \n$(whoami): Why?\n$(hostname): Well... there are some problems, one of them is https://stackoverflow.com/q/59289355 \n$(whoami): You convinced me, how can I install zsh? \n$(hostname): https://itsfoss.com/zsh-ubuntu/ or https://github.com/ohmyzsh/ohmyzsh/wiki/Installing-ZSH\n" | |
| return | |
| fi | |
| function checkRateLimit() { | |
| if $(printf "%s" "$1" | grep -q 'rate limit'); then |
morkin1792
/ MyCanvasScaler.cs
Last active
April 5, 2023 06:26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using UnityEngine; | |
| using UnityEngine.UI; | |
| [RequireComponent(typeof(Canvas))] | |
| [RequireComponent(typeof(CanvasScaler))] | |
| public class MyCanvasScaler : MonoBehaviour | |
| { | |
| [SerializeField] GameObject canvasContent; | |
| [SerializeField] bool keepProportions = true; | |
| Vector2 referenceResolution; |
morkin1792
/ game.js
Last active
November 11, 2022 19:18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var newhtml = ` | |
| <html> | |
| <head> | |
| <style> | |
| iframe { | |
| height: 100%; | |
| width: 100%; | |
| } | |
| body { | |
| background-color: black; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if [ -z $(which adb) ]; then | |
| echo -e 'adb not found\nexiting...' | |
| exit 0 | |
| fi | |
| serial=$(adb devices | grep -w device | awk '{print $1}') | |
| if [ -z "$serial" ]; then | |
| echo 'no device found via adb' | |
| exit 0 | |
| fi | |
| if [ $(echo $serial | wc -l) -ne 1 ]; then |
NewerOlder