- List package in order to find application package name:
adb shell pm list packages - Display package path:
adb shell pm path [PACKAGE_NAME] - Download APK:
adb pull [PACKAGE_PATH]
Dominique RIGHETTO righettod
👨💻
righettod
/ rp_session_cookie.py
Created
April 25, 2014 06:21
Function to obtain an session cookie from the reverse proxy Microsoft ISA.
righettod
/ git_repos_full_backup.py
Last active
October 13, 2018 15:47
Clone or update all local clones of GitHub public repositories and gists for the target specified user.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import colorama | |
| import os | |
| import git | |
| import argparse | |
| import shutil | |
| import json | |
| from git import Repo | |
| from termcolor import colored |
righettod
/ check_cve_state.py
Last active
March 24, 2019 09:39
Script to verify, for a set of CVE, if the MITRE has released them and if a link to the security advisory on the CVE owner site has been added (python 3).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # -*- coding: utf-8 -*- | |
| """ | |
| Script to verify, for a set of CVE, if the MITRE has released them | |
| and if a link to the security advisory on the CVE owner site has been added. | |
| Dependencies: pip install requests | |
| """ | |
| import requests | |
| import collections |
righettod
/ ws_soap_fuzz.py
Last active
October 5, 2019 08:28
Simple dirty script to fuzz a SOAP request using the BURP Sniper approach using Windows authentication.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Simple dirty script to fuzz a SOAP request using the Burp Sniper approach: | |
| # See https://portswigger.net/burp/documentation/desktop/tools/intruder/positions | |
| # Dependencies: | |
| # pip install lxml requests_ntlm requests tabulate tqdm | |
| import requests | |
| import urllib3 | |
| from requests_ntlm import HttpNtlmAuth | |
| from lxml import etree as ET | |
| from tabulate import tabulate | |
| from hashlib import sha1 |
righettod
/ GetApkFromSmartphoneWithADB.md
Last active
October 5, 2019 08:28
Retrieve Android APK from Smartphone using ADB.
righettod
/ Android-Utils.md
Last active
January 2, 2020 09:31
Utility PowerShell module when manipulating APK on Windows
The code has been transformed to the following project
righettod
/ keychain_data_persistence_mstg_check.py
Created
July 21, 2020 06:28
Python3 script to find common entries in 2 export of a iOS device keychain performed via objection.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| import binascii | |
| import hashlib | |
| import argparse | |
| from tabulate import tabulate | |
| """ | |
| Python3 script to find common entries in 2 export of a iOS device keychain performed via objection. | |
| The objective is to help performing the following test of the OWASP MSTG: |
righettod
/ zipslip_validation.php
Last active
December 9, 2020 15:06
Function to validate that a ZIP file do not contains "ZIP SLIP" payload entries.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Function to validate that a ZIP file do not contains "ZIP SLIP" payload entries. | |
| * @param string $zipFilePath Path to the ZIP to test. | |
| * @return bool TRUE only if the archive do not contains ZIP SLIP payload entries. | |
| * @link https://snyk.io/research/zip-slip-vulnerability | |
| * @link https://stackoverflow.com/a/3599093/451455 (inspired from) | |
| */ | |
| function isZipValid($zipFilePath){ | |
| $isValid = false; |
righettod
/ venom_security_tests_suite.yml
Last active
February 13, 2021 14:54
VENOM sample security tests suite
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Security authorization test suites | |
| # HOME: https://github.com/ovh/venom | |
| # TEST API: https://gorest.co.in/ | |
| vars: | |
| target_host: "" | |
| testcases: | |
| - name: GetUserFromCollection | |
| steps: | |
| - type: http | |
| method: GET |
righettod
/ poc_clear-site-data_header.php
Created
February 13, 2021 14:55
POC of usage of the "Clear-Site-Data" HTTP response header.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| //Local command to run example: "php -S localhost:8000" | |
| //Get optional action: login / logout / random | |
| $action="NA"; | |
| if (isset($_GET["a"])) { | |
| $action=$_GET["a"]; | |
| } | |
| switch ($action) { | |
| //Login action fill session and local storage dummy data | |
| case "login": |
OlderNewer