This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Directory path containing the JSON files | |
directory="." | |
# Print column titles | |
# not pretty and doesn't scale well but who cares | |
echo -e "URL\tStatus\tLength\tWords\tLines" | |
# Iterate over each JSON file in the directory |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Turn HTML page into Markdown (.md) | |
import requests | |
import html2text | |
def download_html(url): | |
response = requests.get(url) | |
return response.text | |
def convert_to_markdown(html): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
''' | |
parses impacket-exchanger output to put useful results in a table | |
https://github.com/fortra/impacket/blob/master/examples/exchanger.py | |
''' | |
import click | |
from rich.console import Console | |
from rich.table import Table | |
import re |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python3 | |
import argparse | |
import http.server | |
import socketserver | |
import sys | |
class ThreadedHTTPServer(socketserver.ThreadingMixIn, http.server.HTTPServer): | |
pass | |
def main(argv): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# source: https://github.com/rushter/blog_code/blob/master/ssh/check.py | |
import logging | |
import socket | |
import sys | |
import paramiko.auth_handler | |
import requests | |
import argparse | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# github.com/ndavison | |
import requests | |
import random | |
import string | |
from argparse import ArgumentParser | |
parser = ArgumentParser(description="Attempts to find hop-by-hop header abuse potential against the provided URL.") | |
parser.add_argument("-u", "--url", help="URL to target (without query string)") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
#Purpose: To check for and reveal AD user accounts that share passwords using a hashdump from a Domain Controller | |
#Script requires a command line argument of a file containing usernames/hashes in the format of user:sid:LMHASH:NTLMHASH::: | |
# ./check_hashes.py <hash_dump> | |
import argparse | |
import re | |
parser = argparse.ArgumentParser(description="Check user hashes against each other to find users that share passwords") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
A tiny Flask web server ready to shoot reflective CORS Access-Control-Allow-Origin headers to accept connections from an XSS affected victim while hosting your evil JS payload | |
""" | |
# Stolen from https://twitter.com/snovvcrash/status/1511702029403631620 | |
from flask import Flask, send_file | |
from flask_cors import CORS | |
app = Flask(__name__) | |
CORS(app) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### | |
# Dumps GitLab's user base to CSV form. | |
# Source: https://www.rapid7.com/blog/post/2022/03/03/cve-2021-4191-gitlab-graphql-api-user-enumeration-fixed/ | |
# Requires GraphqlClient: pip install python-graphql-client | |
### | |
from python_graphql_client import GraphqlClient | |
import json | |
import sys | |
import argparse |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Tired of having random notes and shit floatin around. Most of this will probably exist elsewhere in my notes, but I'd like to have it here to remember | |
# Console Table. Update as needed | |
`console.table([...document.querySelectorAll('.fatitem table .athing')].map(el => [el.textContent.trim(), el.nextSibling.textContent.trim()]).sort(([,a], [,b]) => parseInt(b) - parseInt(a)))` | |
# No clue. From Outlook headers | |
https://webshell.suite.office.com/iframe/TokenFactoryIframe?origin=https://Foutlook.office.com&shsid=[GUID]&apiver=oneshell&cshver=20220227.1&upn=[REDACTED] |
NewerOlder