XML RPC method exposed:
- system.multicall
- system.methodSignature
- system.getCapabilities
- system.listMethods
- system.methodHelp
Request template:
<?xml version="1.0"?>
function Test-WebAcademy-Labs-Status($sessionCookieValue){ | |
$storageFile="$env:USERPROFILE\.webacademy-labs-status" | |
$session = New-Object Microsoft.PowerShell.Commands.WebRequestSession | |
$cookie = New-Object System.Net.Cookie | |
$cookie.Name = "SessionId" | |
$cookie.Value = $sessionCookieValue | |
$cookie.Domain = ".portswigger.net" | |
$session.Cookies.Add($cookie); | |
Write-Host "[i] Status storage file: $storageFile" -ForegroundColor Cyan | |
Write-Host "[+] Retrieving labs status from PortSwigger labs web page..." -ForegroundColor Yellow |
#!/bin/bash | |
######################################################################################################### | |
# Script to identify Log4J affected class for CVE-2021-44228 in a collection of EAR/WAR/JAR files | |
# Based on this script: | |
# https://github.com/righettod/toolbox-pentest-web/blob/master/scripts/identify-class-location.sh | |
######################################################################################################### | |
if [ "$#" -lt 1 ]; then | |
script_name=$(basename "$0") | |
echo "Usage:" | |
echo " $script_name [BASE_SEARCH_FOLDER]" |
#!/bin/bash | |
######################################################################################################### | |
# Script to identify Log4J affected class for CVE-2021-44228 in a collection of jar files | |
# Based on this script: | |
# https://github.com/righettod/toolbox-pentest-web/blob/master/scripts/identify-class-location.sh | |
######################################################################################################### | |
if [ "$#" -lt 1 ]; then | |
script_name=$(basename "$0") | |
echo "Usage:" | |
echo " $script_name [APP_LIBS_FOLDER]" |
""" | |
Script was migrated below for better evolution and consistency: | |
https://github.com/righettod/toolbox-pentest-web/blob/master/scripts/generate-report-odc.py | |
""" |
""" | |
Script was migrated below for better evolution and consistency: | |
https://github.com/righettod/toolbox-pentest-web/blob/master/scripts/generate-report-npm.py | |
""" |
""" | |
Script was migrated below for better evolution and consistency: | |
https://github.com/righettod/toolbox-pentest-web/blob/master/scripts/generate-report-retirejs.py | |
""" |
package eu.righettod; | |
import java.net.URI; | |
import java.net.http.HttpClient; | |
import java.net.http.HttpRequest; | |
import java.net.http.HttpResponse; | |
import java.time.Duration; | |
import java.util.Arrays; | |
import java.util.Locale; | |
import java.util.Optional; |
XML RPC method exposed:
Request template:
<?xml version="1.0"?>
<?php | |
//Local command to run example: "php -S localhost:8000" | |
//Get optional action: login / logout / random | |
$action="NA"; | |
if (isset($_GET["a"])) { | |
$action=$_GET["a"]; | |
} | |
switch ($action) { | |
//Login action fill session and local storage dummy data | |
case "login": |
name: Security authorization test suites | |
# HOME: https://github.com/ovh/venom | |
# TEST API: https://gorest.co.in/ | |
vars: | |
target_host: "" | |
testcases: | |
- name: GetUserFromCollection | |
steps: | |
- type: http | |
method: GET |