- List package in order to find application package name:
adb shell pm list packages - Display package path:
adb shell pm path [PACKAGE_NAME] - Download APK:
adb pull [PACKAGE_PATH]
Dominique RIGHETTO righettod
👨💻
righettod
/ rp_session_cookie.py
Created
April 25, 2014 06:21
Function to obtain an session cookie from the reverse proxy Microsoft ISA.
righettod
/ GetApkFromSmartphoneWithADB.md
Last active
October 5, 2019 08:28
Retrieve Android APK from Smartphone using ADB.
righettod
/ git_repos_full_backup.py
Last active
October 13, 2018 15:47
Clone or update all local clones of GitHub public repositories and gists for the target specified user.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import colorama | |
| import os | |
| import git | |
| import argparse | |
| import shutil | |
| import json | |
| from git import Repo | |
| from termcolor import colored |
righettod
/ rpc-req.md
Last active
February 16, 2021 19:08
Request template to test XML RPC service exposed from CMS like Drupal, Wordpress...
XML RPC method exposed:
- system.multicall
- system.methodSignature
- system.getCapabilities
- system.listMethods
- system.methodHelp
Request template:
<?xml version="1.0"?>
righettod
/ check_cve_state.py
Last active
March 24, 2019 09:39
Script to verify, for a set of CVE, if the MITRE has released them and if a link to the security advisory on the CVE owner site has been added (python 3).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # -*- coding: utf-8 -*- | |
| """ | |
| Script to verify, for a set of CVE, if the MITRE has released them | |
| and if a link to the security advisory on the CVE owner site has been added. | |
| Dependencies: pip install requests | |
| """ | |
| import requests | |
| import collections |
righettod
/ payloads.txt
Last active
February 10, 2024 12:22
Payloads to try to discover blind SQLi when no error is returned.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # The situation is the following: | |
| # Your enter ab in a feature and it return data to you but when your enter ab' it indicate that there is not data found. | |
| # | |
| # So, does it means that there is no SQLi because ab' is well handled OR the error is catched | |
| # and a "not data found message" is returned? | |
| # | |
| # The goal here is to submit a payload that, if interpreted by the SQL DB, will give ab and then data will be returned | |
| # then indicating that there is a SQLi because the payload is interpreted. | |
| ab';# | |
| ab';-- |
righettod
/ ws_soap_fuzz.py
Last active
October 5, 2019 08:28
Simple dirty script to fuzz a SOAP request using the BURP Sniper approach using Windows authentication.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Simple dirty script to fuzz a SOAP request using the Burp Sniper approach: | |
| # See https://portswigger.net/burp/documentation/desktop/tools/intruder/positions | |
| # Dependencies: | |
| # pip install lxml requests_ntlm requests tabulate tqdm | |
| import requests | |
| import urllib3 | |
| from requests_ntlm import HttpNtlmAuth | |
| from lxml import etree as ET | |
| from tabulate import tabulate | |
| from hashlib import sha1 |
righettod
/ clickjacking-payload-template.html
Created
October 5, 2019 08:27
Payload template for Clickjaking attack.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <head> | |
| <!-- Big up to https://portswigger.net/web-security/clickjacking labs :) --> | |
| <style> | |
| .target_website { | |
| position:relative; | |
| width:800px; | |
| height:400px; | |
| #Set opacity to 0.5 to see overlay allowing preparation of the attack | |
| #Set opacity to 0.00001 to made the target frame site transparent and bypass some browser protection on opacity like one in chrome for example | |
| #See https://www.w3schools.com/css/css_image_transparency.asp |
righettod
/ pdf_metadata_cleanup.md
Last active
May 23, 2023 14:21
Java and C# code to cleanup the metadata from a PDF document.
righettod
/ Android-Utils.md
Last active
January 2, 2020 09:31
Utility PowerShell module when manipulating APK on Windows
The code has been transformed to the following project
OlderNewer