This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# Joshua J. Drake (@jduck) of ZIMPERIUM zLabs | |
# Shout outs to our friends at Optiv (formerly Accuvant Labs) | |
# (C) Joshua J. Drake, ZIMPERIUM Inc, Mobile Threat Protection, 2015 | |
# www.zimperium.com | |
# | |
# Exploit for RCE Vulnerability CVE-2015-1538 #1 | |
# Integer Overflow in the libstagefright MP4 'stsc' atom handling | |
# | |
# Don't forget, the output of "create_mp4" can be delivered many ways! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import random | |
from routersploit.core.exploit import * | |
from routersploit.core.http.http_client import HTTPClient | |
class Exploit(HTTPClient): | |
__info__ = { | |
"name": "D-Link Router Credential Retrieval", | |
"description": """This module exploits a vulnerability in D-Link router httpd server. An unauthenticated attacker may retrieve plaintext authentication credentials from the system.""", | |
"authors": ( |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
########################################################################### | |
# ____ _____ _____ _ _ # | |
# / __ \ / ____/ ____| | | | # | |
# | | | |_ __ ___ _ __ | (___| (___ | |__| | # | |
# | | | | '_ \ / _ \ '_ \ \___ \\___ \| __ | # | |
# | |__| | |_) | __/ | | |____) |___) | | | | # | |
# \____/| .__/ \___|_| |_|_____/_____/|_| |_| # | |
# | | Username Enumeration # | |
# |_| # |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import sys | |
class DupStdout(object): | |
def __init__(self, log_path): | |
self.terminal = sys.stdout | |
self.log_file = open(log_path, "w") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import jwt | |
import base64 | |
import json | |
def extract_pub_key(session_cookie): | |
return base64.b64decode(json.loads(base64.b64decode((session_cookie.cookies.get_dict()['session'].split('.'))[1] + '=='))['pub']) | |
ip = "http://127.0.0.1" #change it |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python3 | |
# Exploit Title: Unauthenticated SQL Injection on CMS Made Simple <= 2.2.9 | |
# Date: 30-03-2019 | |
# Exploit Author: Daniele Scanu @ Certimeter Group | |
# Vendor Homepage: https://www.cmsmadesimple.org/ | |
# Software Link: https://www.cmsmadesimple.org/downloads/cmsms/ | |
# Version: <= 2.2.9 | |
# Tested on: Ubuntu 18.04 LTS | |
# CVE : CVE-2019-9053 | |
# Updated by Krishna Upadhyay for Python 3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
https://github.com/github/training-kit | |
https://github.com/AdguardTeam/AdGuardHome | |
https://github.com/TH3xACE/SUDO_KILLER | |
https://github.com/simbody/simbody | |
https://github.com/hktalent/scan4all |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Requirements: pip install tweepy fuzzywuzzy python-Levenshtein | |
import tweepy | |
import re | |
from fuzzywuzzy import fuzz | |
# Credentials go here (generate at: https://apps.twitter.com) | |
auth = tweepy.OAuthHandler('consumer_key', 'consumer_secret') | |
auth.set_access_token('access_token', 'access_token_secret') | |
# Connect to Twitter |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
14 apple.com | |
40 vk.com | |
44 github.com | |
49 tumblr.com | |
55 dropbox.com | |
85 medium.com | |
87 paypal.com | |
92 icloud.com | |
100 booking.com | |
112 weebly.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from starlette.applications import Starlette | |
from starlette.routing import Route | |
from starlette.responses import PlainTextResponse | |
import httpx | |
import aiohttp | |
HOST, PORT = "localhost", 8000 | |
URL = f"http://{HOST}:{PORT}/" |