tmux new [-s name] [cmd]
(:new
) - new session
tmux ls
(:ls
) - list sessionstmux switch [-t name]
(:switch
) - switches to an existing session
Exploit/description | Path |
---|---|
Microsoft Office Online Server SSRF (relay) | /op/view.aspx |
CVE-2017-11317 CVE-2019-18935 | /Telerik.Web.Ui.WebResource.axd?type=rau |
CVE-2017-11317 CVE-2019-18935 | /Telerik.Web.UI.DialogHandler.aspx |
CVE-2020-17519 | /jobmanager/logs/ |
CVE-2017-7615 | /verify.php?id=1&confirm_hash= |
CVE-2018-1000130 | /jolokia |
CVE-2018-1000130 | /actuator/jolokia |
leak | /actuator/env |
As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.
(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))
**1.
echo -n "Target list (google.com, 192.168.1.1/24): " | |
read IP | |
echo "Treat all hosts as online -- skip host discovery (Y/N)?" | |
read answer | |
PN="" | |
if [ "$answer" != "${answer#[Yy]}" ] ; then | |
PN="-Pn"; | |
fi |
_ _ _ ____ _ _ | |
| | | | __ _ ___| | __ | __ ) __ _ ___| | _| | | |
| |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / | | |
| _ | (_| | (__| < | |_) | (_| | (__| <|_| | |
|_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_) | |
A DIY Guide for those without the patience to wait for whistleblowers | |
--[ 1 ]-- Introduction |