nullenc0de

0
1
11
12
13
14
15
16
17
2

nullenc0de

id: aws-iam-privilege-escalation

info:
  name: AWS IAM Privilege Escalation Vectors
  author: nullenc0de
  severity: critical
  description: |
    Detects AWS IAM policies, credentials, metadata, and configurations that allow privilege escalation paths.
    Covers exposed credentials, overly permissive IAM policies, misconfigured metadata services, vulnerable role assumptions, and user-data scripts.
  reference:

nullenc0de

id: sensitive-credential-files

info:
  name: Sensitive Credential File Discovery
  author: security-researcher
  severity: high
  description: Discovers exposed files containing credentials, API keys, passwords, and other sensitive data
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5

nullenc0de

wget https://gist.githubusercontent.com/nullenc0de/bb16be959686295b3b1caff519cc3e05/raw/2016dc0e692821ec045edd5ae5c0aba5ec9ec3f1/api-linkfinder.yaml
echo https://stripe.com/docs/api | hakrawler -t 500 -d 10 |nuclei -t ./linkfinder.yaml -o api.txt
cat api.txt |grep url_params |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_params.txt
cat api.txt |grep relative_links |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_link_finder.txt

nullenc0de

id: sensitive-credential-files

info:
  name: Sensitive Credential File Discovery
  author: nullenc0de
  severity: high
  description: Discovers exposed files containing credentials, API keys, passwords, and other sensitive data
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5

nullenc0de

id: wrong-method-detection

info:
  name: HTTP Method and Authentication Misconfiguration Detector
  author: yourmom
  severity: medium
  description: |
    Identifies endpoints rejecting GET requests with HTTP 405 errors and verifies if
    the allowed method (from Allow header) works without authentication.
  reference:

nullenc0de

#!/usr/bin/env python3
"""
Authentication Bypass Automation Tool v4
Further false positive reduction
- Better HTML vs API response detection
- Improved JavaScript code filtering
- Skip logout endpoints
- Enhanced credential pattern validation
"""

nullenc0de

#!/bin/bash

apt install golang -y
GOROOT="/usr/local/go"
PATH="${PATH}:${GOROOT}/bin"
GOPATH=$HOME/go
PATH="${PATH}:${GOROOT}/bin:${GOPATH}/bin"

go install github.com/projectdiscovery/asnmap/cmd/asnmap@latest

nullenc0de

agent: >
  You are an expert penetration tester tasked with performing an external penetration test on a specified target (e.g., IP address or domain). Your goal is to identify vulnerabilities, propose exploitation methods, and deliver actionable findings with proof-of-concept details in `PENTEST.md`.

  ## Instructions
  - Target external assets specified via {{ target }} (e.g., public IPs, domains).
  - Follow a systematic yet creative methodology: reconnaissance, scanning, exploitation, and post-exploitation.
  - Use available data (e.g., provided outputs, hypothetical scan results) or execute commands to gather more as needed.
  - Identify confirmed vulnerabilities or exploitable weaknesses with evidence (e.g., tool outputs, HTTP responses).
  - Avoid stopping at "nothing found"—if initial scans (e.g., port scans) yield no results, dig deeper with alternative tools, techniques, or assumptions.
  - Prioritize high-impact vulnerabilities (e.g., remote code execution, privilege escalation, data exposure, aut

nullenc0de

/
$$$lang-translate.service.js.aspx
$367-Million-Merger-Blocked.html
$defaultnav
${idfwbonavigation}.xml
$_news.php
$search2
£º
.0