Skip to content

Instantly share code, notes, and snippets.

View righettod's full-sized avatar
👨‍💻
In learning mode...

Dominique RIGHETTO righettod

👨‍💻
In learning mode...
View GitHub Profile
@righettod
righettod / clear-sensitive-info-from-clipboard.html
Last active May 29, 2024 13:09
POC to remove a "sensitive" information from the clipboard after a short period of time.
<!DOCTYPE html>
<html>
<!--
POC to remove a "sensitive" information from the clipboard after a short period of time.
It is used, as an hardening measure, for a legit feature to copy the info into the clipboard.
Here the info taken is an IBAN for the example.
https://developer.mozilla.org/en-US/docs/Web/API/Clipboard
-->
@righettod
righettod / find-javaee-jws-methods-without-authz.sh
Created July 28, 2023 08:49
Script to identify classes defining JavaEE JWS web accessible methods without an authorization annotation on them.
#!/bin/bash
echo "Folder:"
pwd
for line in $(grep -rFc "@WebMethod" * | grep -v ":0")
do
services_count=$(echo $line | cut -d':' -f2)
java_class_file=$(echo $line | cut -d':' -f1)
auth_annot_count=$(grep -rFc "@RolesAllowed" $java_class_file)
if [ "$services_count" != "$auth_annot_count" ]
then
@righettod
righettod / SecurityUtils.java
Last active May 24, 2024 16:32
Provides different utilities methods to apply processing from a security perspective.
package eu.righettod.snippet;
import org.apache.pdfbox.Loader;
import org.apache.pdfbox.pdmodel.PDDocument;
import org.apache.pdfbox.pdmodel.PDDocumentCatalog;
import org.apache.pdfbox.pdmodel.PDDocumentInformation;
import org.apache.pdfbox.pdmodel.PDDocumentNameDictionary;
import org.apache.pdfbox.pdmodel.common.PDMetadata;
import org.apache.pdfbox.pdmodel.interactive.action.*;
import org.apache.pdfbox.pdmodel.interactive.annotation.AnnotationFilter;
@righettod
righettod / portswigger-webacademy-status-check.ps1
Last active September 2, 2022 16:48
Quick PowerShell functions to identify any courses or labs missed from the Portswigger WebAcademy courses.
function Test-WebAcademy-Labs-Status($sessionCookieValue){
$storageFile="$env:USERPROFILE\.webacademy-labs-status"
$session = New-Object Microsoft.PowerShell.Commands.WebRequestSession
$cookie = New-Object System.Net.Cookie
$cookie.Name = "SessionId"
$cookie.Value = $sessionCookieValue
$cookie.Domain = ".portswigger.net"
$session.Cookies.Add($cookie);
Write-Host "[i] Status storage file: $storageFile" -ForegroundColor Cyan
Write-Host "[+] Retrieving labs status from PortSwigger labs web page..." -ForegroundColor Yellow
@righettod
righettod / CVE-2022-21449.yaml
Last active December 18, 2023 06:50
Nuclei template to detect exposure to CVE-2022-21449 by the JWT validation API in place.
id: CVE-2022-21449
info:
name: CVE-2022-21449 test exposure
description: The JDK 15-18 have a vulnerability in validation of ECDSA signature so this template detect exposure to CVE-2022-21449 by the JWT validation API in place.
author: righettod
severity: info
tags: cve,2022,java
reference: https://neilmadden.blog/2022/04/19/psychic-signatures-in-java
@righettod
righettod / log4shell-payloads.md
Last active December 18, 2023 06:41
List of log4shell payloads seen on my twitter feeds

Objective

This gist gather a list of log4shell payloads seen on my twitter feeds.

💨 I will update it every time I see new payloads.

The goal is to allows testing detection regexes defined in protection systems.

⚠️ ⚠️ ⚠️

@righettod
righettod / identify-log4j-class-location.sh
Last active January 17, 2022 12:01
Script to identify Log4J affected class for CVE-2021-44228 in a collection of ear/war/jar files
#!/bin/bash
#########################################################################################################
# Script to identify Log4J affected class for CVE-2021-44228 in a collection of EAR/WAR/JAR files
# Based on this script:
# https://github.com/righettod/toolbox-pentest-web/blob/master/scripts/identify-class-location.sh
#########################################################################################################
if [ "$#" -lt 1 ]; then
script_name=$(basename "$0")
echo "Usage:"
echo " $script_name [BASE_SEARCH_FOLDER]"
@righettod
righettod / identify-class-location.sh
Last active December 13, 2021 19:16
Script to identify Log4J affected class for CVE-2021-44228 in a collection of jar files
#!/bin/bash
#########################################################################################################
# Script to identify Log4J affected class for CVE-2021-44228 in a collection of jar files
# Based on this script:
# https://github.com/righettod/toolbox-pentest-web/blob/master/scripts/identify-class-location.sh
#########################################################################################################
if [ "$#" -lt 1 ]; then
script_name=$(basename "$0")
echo "Usage:"
echo " $script_name [APP_LIBS_FOLDER]"
@righettod
righettod / npm_report.py
Last active November 10, 2021 09:18
Quick script to format the results of a JSON scan report from NPM audit.
"""
Script was migrated below for better evolution and consistency:
https://github.com/righettod/toolbox-pentest-web/blob/master/scripts/generate-report-npm.py
"""
@righettod
righettod / PSD2StetHelper.java
Created August 1, 2021 17:46
Method to try to decrease the exploitability/interest of the SSRF by design exposed by HTTP Signature in PSD2 STET usage context.
package eu.righettod;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.time.Duration;
import java.util.Arrays;
import java.util.Locale;
import java.util.Optional;