https://github.com/morkin1792/security-tests/blob/main/mobile/pinning.md
- <imgsrconerror=alert(42)>
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
https://github.com/morkin1792/security-tests/blob/main/subdomains.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env zsh | |
# reference | |
# https://wordlists.assetnote.io/ | |
# https://github.com/danielmiessler/SecLists/ | |
# https://github.com/fuzzdb-project/fuzzdb | |
BASE=( | |
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/common.txt' | |
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Common-DB-Backups.txt' | |
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Logins.fuzz.txt' |
- script tags
- attributes with event handler value (onload, onerror, ...)
- 2.1. some here
- 2.2. to discover others: search for events accepted by the app (use this list) and try to evolve to an xss
- 2.3.
alert(1) == location=window.atob`amF2YXNjcmlwdDphbGVydCgxKQoK`
- attributes with URL value
- 3.1. embed/src, iframe/src, object/data, a/href, button/formaction, form/action more in https://www.w3.org/TR/2017/REC-html52-20171214/fullindex.html#attributes-table
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function findGithubEmails() { | |
username="$1" | |
remove_fork="${2:-N}" | |
if [ -z $ZSH_VERSION ]; then | |
printf "$(hostname): Oops, this script requires zsh! \n$(whoami): Why?\n$(hostname): Well... there are some problems, one of them is https://stackoverflow.com/q/59289355 \n$(whoami): You convinced me, how can I install zsh? \n$(hostname): https://itsfoss.com/zsh-ubuntu/ or https://github.com/ohmyzsh/ohmyzsh/wiki/Installing-ZSH\n" | |
return | |
fi | |
function checkRateLimit() { | |
if $(printf "%s" "$1" | grep -q 'rate limit'); then |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using UnityEngine; | |
using UnityEngine.UI; | |
[RequireComponent(typeof(Canvas))] | |
[RequireComponent(typeof(CanvasScaler))] | |
public class MyCanvasScaler : MonoBehaviour | |
{ | |
[SerializeField] GameObject canvasContent; | |
[SerializeField] bool keepProportions = true; | |
Vector2 referenceResolution; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var newhtml = ` | |
<html> | |
<head> | |
<style> | |
iframe { | |
height: 100%; | |
width: 100%; | |
} | |
body { | |
background-color: black; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
if [ -z $(which adb) ]; then | |
echo -e 'adb not found\nexiting...' | |
exit 0 | |
fi | |
serial=$(adb devices | grep -w device | awk '{print $1}') | |
if [ -z "$serial" ]; then | |
echo 'no device found via adb' | |
exit 0 | |
fi | |
if [ $(echo $serial | wc -l) -ne 1 ]; then |
NewerOlder