- List package in order to find application package name:
adb shell pm list packages
- Display package path:
adb shell pm path [PACKAGE_NAME]
- Download APK:
adb pull [PACKAGE_PATH]
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import colorama | |
import os | |
import git | |
import argparse | |
import shutil | |
import json | |
from git import Repo | |
from termcolor import colored |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# -*- coding: utf-8 -*- | |
""" | |
Script to verify, for a set of CVE, if the MITRE has released them | |
and if a link to the security advisory on the CVE owner site has been added. | |
Dependencies: pip install requests | |
""" | |
import requests | |
import collections |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Simple dirty script to fuzz a SOAP request using the Burp Sniper approach: | |
# See https://portswigger.net/burp/documentation/desktop/tools/intruder/positions | |
# Dependencies: | |
# pip install lxml requests_ntlm requests tabulate tqdm | |
import requests | |
import urllib3 | |
from requests_ntlm import HttpNtlmAuth | |
from lxml import etree as ET | |
from tabulate import tabulate | |
from hashlib import sha1 |
The code has been transformed to the following project
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import json | |
import binascii | |
import hashlib | |
import argparse | |
from tabulate import tabulate | |
""" | |
Python3 script to find common entries in 2 export of a iOS device keychain performed via objection. | |
The objective is to help performing the following test of the OWASP MSTG: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* Function to validate that a ZIP file do not contains "ZIP SLIP" payload entries. | |
* @param string $zipFilePath Path to the ZIP to test. | |
* @return bool TRUE only if the archive do not contains ZIP SLIP payload entries. | |
* @link https://snyk.io/research/zip-slip-vulnerability | |
* @link https://stackoverflow.com/a/3599093/451455 (inspired from) | |
*/ | |
function isZipValid($zipFilePath){ | |
$isValid = false; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Security authorization test suites | |
# HOME: https://github.com/ovh/venom | |
# TEST API: https://gorest.co.in/ | |
vars: | |
target_host: "" | |
testcases: | |
- name: GetUserFromCollection | |
steps: | |
- type: http | |
method: GET |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
//Local command to run example: "php -S localhost:8000" | |
//Get optional action: login / logout / random | |
$action="NA"; | |
if (isset($_GET["a"])) { | |
$action=$_GET["a"]; | |
} | |
switch ($action) { | |
//Login action fill session and local storage dummy data | |
case "login": |
OlderNewer