The code has been transformed to the following project
Dominique RIGHETTO righettod
👨💻
righettod
/ poc_clear-site-data_header.php
Created
February 13, 2021 14:55
POC of usage of the "Clear-Site-Data" HTTP response header.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| //Local command to run example: "php -S localhost:8000" | |
| //Get optional action: login / logout / random | |
| $action="NA"; | |
| if (isset($_GET["a"])) { | |
| $action=$_GET["a"]; | |
| } | |
| switch ($action) { | |
| //Login action fill session and local storage dummy data | |
| case "login": |
righettod
/ venom_security_tests_suite.yml
Last active
February 13, 2021 14:54
VENOM sample security tests suite
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Security authorization test suites | |
| # HOME: https://github.com/ovh/venom | |
| # TEST API: https://gorest.co.in/ | |
| vars: | |
| target_host: "" | |
| testcases: | |
| - name: GetUserFromCollection | |
| steps: | |
| - type: http | |
| method: GET |
righettod
/ poc_uuidv1_sandwich_attack.py
Last active
January 23, 2024 16:45
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import uuid | |
| import binascii | |
| from datetime import datetime | |
| """ | |
| Python3 script trying to reproduce the "Sandwich Attack: A New Way Of Brute Forcing UUIDs" | |
| described on "https://versprite.com/blog/universally-unique-identifiers/". | |
| """ | |
righettod
/ odc_report.py
Last active
November 10, 2021 09:18
Quick script to format the result of a OWASP Dependency Check (ODC) JSON report
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Script was migrated below for better evolution and consistency: | |
| https://github.com/righettod/toolbox-pentest-web/blob/master/scripts/generate-report-odc.py | |
| """ |
righettod
/ zipslip_validation.php
Last active
December 9, 2020 15:06
Function to validate that a ZIP file do not contains "ZIP SLIP" payload entries.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Function to validate that a ZIP file do not contains "ZIP SLIP" payload entries. | |
| * @param string $zipFilePath Path to the ZIP to test. | |
| * @return bool TRUE only if the archive do not contains ZIP SLIP payload entries. | |
| * @link https://snyk.io/research/zip-slip-vulnerability | |
| * @link https://stackoverflow.com/a/3599093/451455 (inspired from) | |
| */ | |
| function isZipValid($zipFilePath){ | |
| $isValid = false; |
righettod
/ keychain_data_persistence_mstg_check.py
Created
July 21, 2020 06:28
Python3 script to find common entries in 2 export of a iOS device keychain performed via objection.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| import binascii | |
| import hashlib | |
| import argparse | |
| from tabulate import tabulate | |
| """ | |
| Python3 script to find common entries in 2 export of a iOS device keychain performed via objection. | |
| The objective is to help performing the following test of the OWASP MSTG: |
righettod
/ ios-detect-screen-capture-and-screen-recording.swift
Created
July 17, 2020 08:48
Code to detect when a user perform a screen capture or screen recording of an application in order to prevent it when possible
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import UIKit | |
| //Inspired from the code below: | |
| //https://github.com/takashings/ScreenCapturedSample/blob/master/ScreenCapturedSample/ForScreenCapturedViewController.swift | |
| //https://www.hackingwithswift.com/example-code/uikit/how-to-detect-when-the-user-takes-a-screenshot | |
| @UIApplicationMain | |
| class AppDelegate: UIResponder, UIApplicationDelegate { | |
| func application(_ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool { | |
| //Define a listener to handle the case when a screen recording is launched |
righettod
/ retirejs_report.py
Last active
November 10, 2021 09:17
Quick script to format the results of a JSON scan report from RetireJS.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Script was migrated below for better evolution and consistency: | |
| https://github.com/righettod/toolbox-pentest-web/blob/master/scripts/generate-report-retirejs.py | |
| """ |
righettod
/ Android-Utils.md
Last active
January 2, 2020 09:31
Utility PowerShell module when manipulating APK on Windows
righettod
/ pdf_metadata_cleanup.md
Last active
May 23, 2023 14:21
Java and C# code to cleanup the metadata from a PDF document.