Skip to content

Instantly share code, notes, and snippets.

Avatar
:octocat:

Dominique RIGHETTO righettod

:octocat:
View GitHub Profile
@righettod
righettod / portswigger-webacademy-status-check.ps1
Last active Sep 2, 2022
Quick PowerShell functions to identify any courses or labs missed from the Portswigger WebAcademy courses.
View portswigger-webacademy-status-check.ps1
function Test-WebAcademy-Labs-Status($sessionCookieValue){
$storageFile="$env:USERPROFILE\.webacademy-labs-status"
$session = New-Object Microsoft.PowerShell.Commands.WebRequestSession
$cookie = New-Object System.Net.Cookie
$cookie.Name = "SessionId"
$cookie.Value = $sessionCookieValue
$cookie.Domain = ".portswigger.net"
$session.Cookies.Add($cookie);
Write-Host "[i] Status storage file: $storageFile" -ForegroundColor Cyan
Write-Host "[+] Retrieving labs status from PortSwigger labs web page..." -ForegroundColor Yellow
@righettod
righettod / CVE-2022-21449.yaml
Last active Apr 27, 2022
Nuclei template to detect exposure to CVE-2022-21449 by the JWT validation API in place.
View CVE-2022-21449.yaml
id: CVE-2022-21449
info:
name: CVE-2022-21449 test exposure
description: The JDK 15-18 have a vulnerability in validation of ECDSA signature so this template detect exposure to CVE-2022-21449 by the JWT validation API in place.
author: righettod
severity: info
tags: cve,2022,java
reference: https://neilmadden.blog/2022/04/19/psychic-signatures-in-java
@righettod
righettod / log4shell-payloads.md
Last active Jul 25, 2022
List of log4shell payloads seen on my twitter feeds
View log4shell-payloads.md

Objective

This gist gather a list of log4shell payloads seen on my twitter feeds.

💨 I will update it every time I see new payloads.

The goal is to allows testing detection regexes defined in protection systems.

⚠️ ⚠️ ⚠️

@righettod
righettod / identify-log4j-class-location.sh
Last active Jan 17, 2022
Script to identify Log4J affected class for CVE-2021-44228 in a collection of ear/war/jar files
View identify-log4j-class-location.sh
#!/bin/bash
#########################################################################################################
# Script to identify Log4J affected class for CVE-2021-44228 in a collection of EAR/WAR/JAR files
# Based on this script:
# https://github.com/righettod/toolbox-pentest-web/blob/master/scripts/identify-class-location.sh
#########################################################################################################
if [ "$#" -lt 1 ]; then
script_name=$(basename "$0")
echo "Usage:"
echo " $script_name [BASE_SEARCH_FOLDER]"
@righettod
righettod / identify-class-location.sh
Last active Dec 13, 2021
Script to identify Log4J affected class for CVE-2021-44228 in a collection of jar files
View identify-class-location.sh
#!/bin/bash
#########################################################################################################
# Script to identify Log4J affected class for CVE-2021-44228 in a collection of jar files
# Based on this script:
# https://github.com/righettod/toolbox-pentest-web/blob/master/scripts/identify-class-location.sh
#########################################################################################################
if [ "$#" -lt 1 ]; then
script_name=$(basename "$0")
echo "Usage:"
echo " $script_name [APP_LIBS_FOLDER]"
@righettod
righettod / npm_report.py
Last active Nov 10, 2021
Quick script to format the results of a JSON scan report from NPM audit.
View npm_report.py
"""
Script was migrated below for better evolution and consistency:
https://github.com/righettod/toolbox-pentest-web/blob/master/scripts/generate-report-npm.py
"""
@righettod
righettod / PSD2StetHelper.java
Created Aug 1, 2021
Method to try to decrease the exploitability/interest of the SSRF by design exposed by HTTP Signature in PSD2 STET usage context.
View PSD2StetHelper.java
package eu.righettod;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.time.Duration;
import java.util.Arrays;
import java.util.Locale;
import java.util.Optional;
@righettod
righettod / venom_security_headers_tests_suite.yml
Last active Jul 28, 2022
VENOM sample HTTP security response headers test suites.
View venom_security_headers_tests_suite.yml
name: HTTP security response headers test suites
# TOOLS
# VENOM HOME: https://github.com/ovh/venom
# VENOM RELEASE: https://github.com/ovh/venom/releases
# VENOM ASSERTION KEYWORDS: https://github.com/ovh/venom#assertion
# REF AND RUN
# REF BASE: https://owasp.org/www-project-secure-headers/
# RUN CMD: venom run --var="target_site=https://righettod.eu" venom_security_headers_tests_suite.yml
# venom run --var="target_site=https://righettod.eu" --var="internet_facing=true" venom_security_headers_tests_suite.yml
# venom run --var="target_site=https://righettod.eu" --var="internet_facing=true" --var="logout_url=/logout" venom_security_headers_tests_suite.yml
@righettod
righettod / poc_clear-site-data_header.php
Created Feb 13, 2021
POC of usage of the "Clear-Site-Data" HTTP response header.
View poc_clear-site-data_header.php
<?php
//Local command to run example: "php -S localhost:8000"
//Get optional action: login / logout / random
$action="NA";
if (isset($_GET["a"])) {
$action=$_GET["a"];
}
switch ($action) {
//Login action fill session and local storage dummy data
case "login":
@righettod
righettod / venom_security_tests_suite.yml
Last active Feb 13, 2021
VENOM sample security tests suite
View venom_security_tests_suite.yml
name: Security authorization test suites
# HOME: https://github.com/ovh/venom
# TEST API: https://gorest.co.in/
vars:
target_host: ""
testcases:
- name: GetUserFromCollection
steps:
- type: http
method: GET