This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rspec ./spec/lib/msf/util/exe_spec.rb:65 # Msf::Util::EXE.to_executable_fmt with platform=linux returns an executable when given arch=mipsbe, fmt=elf | |
rspec ./spec/lib/msf/util/exe_spec.rb:65 # Msf::Util::EXE.to_executable_fmt with platform=linux returns an executable when given arch=mipsle, fmt=elf | |
rspec ./spec/lib/rex/socket/range_walker_spec.rb:29 # Rex::Socket::RangeWalker.new with an invalid hostname should not be valid | |
rspec ./spec/lib/rex/socket/range_walker_spec.rb:34 # Rex::Socket::RangeWalker.new with an invalid hostname and CIDR should not be valid | |
Failure/Error: verify_bin_fingerprint(format_hash, bin) | |
expected: /ELF 32-bit MSB executable, MIPS/ | |
got: "/dev/stdin: ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, corrupted section header size\n" (using =~) | |
Diff: | |
@@ -1,2 +1,2 @@ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- ../Gemfile.lock 2014-04-25 21:35:15.353280736 +0000 | |
+++ Gemfile.lock 2014-04-25 23:05:47.249280736 +0000 | |
@@ -1,27 +1,27 @@ | |
GEM | |
remote: https://rubygems.org/ | |
specs: | |
- activemodel (3.2.14) | |
- activesupport (= 3.2.14) | |
+ activemodel (3.2.17) | |
+ activesupport (= 3.2.17) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
msf > openvas_report_import 1 11 | |
[*] Importing report to database. | |
[-] Error while running command openvas_report_import: getaddrinfo: Name or service not known | |
Call stack: | |
/home/nick/metasploit-framework/lib/rex/socket.rb:181:in `gethostbyname' | |
/home/nick/metasploit-framework/lib/rex/socket.rb:181:in `getaddresses' | |
/home/nick/metasploit-framework/lib/rex/socket.rb:165:in `getaddress' | |
/home/nick/metasploit-framework/lib/msf/core/db_manager/host.rb:93:in `normalize_host' | |
/home/nick/metasploit-framework/lib/msf/core/db_manager/host.rb:160:in `block in report_host' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<report content_type='text/xml' extension='xml' format_id='a994b278-1f62-11e1-96ac-406186ea4fc5' id='7fa042b4-55ee-4ece-a647-7f2288e24b5c' type='scan'><owner><name/></owner><name>2015-01-12T01:24:46Z</name><comment/><creation_time>2015-01-12T01:24:46Z</creation_time><modification_time>2015-01-12T01:32:42Z</modification_time><writable>0</writable><in_use>0</in_use><report id='7fa042b4-55ee-4ece-a647-7f2288e24b5c'><report_format/><sort><field>type<order>descending</order></field></sort><filters id='0'><term>sort-reverse=ROWID result_hosts_only=1 min_cvss_base= levels=hmlgd autofp=0 notes=0 overrides=0 first=1 rows=-1 delta_states=cgns</term>hmlgd<phrase/><autofp>0</autofp><notes>0</notes><overrides>0</overrides><apply_overrides>0</apply_overrides><result_hosts_only>1</result_hosts_only><min_cvss_base/><filter>High</filter><filter>Medium</filter><filter>Low</filter><filter>Log</filter><filter>Debug</filter></filters><severity_class id='d4c74cda-89e1-11e3-9c29-406186ea4fc5'><name>nist</name><full_name>NVD Vulnera |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# searches for {{{ or }}} in all .handlebars or .hbs files | |
# {{{ and }}} signify unsafe template parameters in EmberJS | |
# tested on OS X 10.10 | |
egrep -r --include "*.handlebars" --include "*.hbs" "\{\{\{|\}\}\}" . |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# this command searches all PHP files in a directory for vulnerable shell functions | |
egrep -r --include "*.php" -e "(system|exec|popen|pcntl_exec|proc_open)\(" . | |
# this command searches all PHP files in a directory for certain vulnerable php execution functions | |
egrep -r --include "*.php" -e "(eval|assert|preg_replace)\(" . | |
# this command returns instances where variables are echoed out without htmlspecialchars() | |
# it can be useful for finding XSS vulnerabilities in PHP code | |
egrep -r --include "*.php" -e "echo\s*\\$.*;" . |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# this command will return instances where the child_process module is loaded. | |
# that module is generally a good signal that the application is shelling out | |
egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "require(\s*)\((\s*)'child_process'(\s*))" . | |
# this command will return instances where code is dynamically executed. | |
egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "eval(\s*)\(" . | |
# this command will check common dangerous functions and report when strings are arguments | |
egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "(setInterval|setTimeout|new(\s*)Function)(\s*)\((\s*)\".*\"" . |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# this command will return places where the application shells out or dynamically executes code: | |
egrep -r --include "*.py" -e "exec\(|eval\(|subprocess|popen" . | |
# DJANGO: find places where HTML encoding is turned off via the "safe" attribute: | |
grep -r --include "*.py" --include "*.html" -e "|safe" . | |
# DJANGO: find places where unsafe SQL queries are executed: | |
egrep -r --include "*.py" -e "\.(raw|execute)\(" . | |
# Non zero values indicate that some sort of CSRF protection is probably enabled. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function rewrite(text) { | |
var obs = ""; | |
for (var i = 0; i < text.length; i++) { | |
obs += "(function() { return String.fromCharCode(" + text[i].charCodeAt(0) + "); })() + "; | |
} | |
obs += ' ""'; | |
return obs; | |
} | |
var n = rewrite('console.log("test")'); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ | |
{ | |
"name": "a", | |
"start": "<a>", | |
"end": "</a>" | |
}, | |
{ | |
"name": "abbr", | |
"start": "<abbr>", | |
"end": "</abbr>" |
OlderNewer