This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
GET /wps/redirect HTTP/1.1 | |
Host: www.host.com | |
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0 | |
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 | |
Accept-Language: en-ZA,en-GB;q=0.8,en-US;q=0.5,en;q=0.3 | |
Accept-Encoding: gzip, deflate | |
Cookie: WASReqURL=http:///wps/ | |
Connection: keep-alive |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
""" | |
Python script to create a Connect-Connect tunnel. For those times ncat/socat can't be put on the box and python is available.. | |
Author: Etienne Stalmans <etienne@sensepost.com> | |
Version: 1.0 (22_01_2015) | |
Usage: python pyforw.py <targetIP> <targetPort> <jumpbox> <jumpboxPort> | |
python pyforw.py 10.1.1.1 3389 179.0.0.100 8081 | |
""" | |
from socket import * |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* Quick and dirty scanner of exposed MongoDB instances | |
Author: etienne@sensepost.com | |
Version: 04/02/2015 | |
*/ | |
var host = "127.0.0.1:27017"; | |
var d_collections = false; | |
var dx_collection = false; | |
var MongoClient = require('mongodb').MongoClient; | |
var limitsize = 10; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
NodeJS interface to memcache. Allows for extracting keys and specific values. | |
Author: etienne@sensepost.com | |
Version: 02/02/2015 v0.1 | |
*/ | |
var host = process.argv[2] | |
var port = 11211 | |
if(!process.argv[3]) | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
connect to and dump keyspace/tables/data from cassandra database | |
Usage: | |
Get keyspaces: node cassandra_dump.js -h 10.10.0.1 | |
Get Tables in Keyspace: node cassandra_dump.js -h 10.10.0.1 -k keyspacename | |
Get 10 rows from a table: node cassandra_dump.js -h 10.10.0.1 -k keyspacename -t tablename | |
Custom SQL/CQL statment: node cassandra_dump.js -h 10.10.0.1 -k keyspacename -s 'SELECT * FROM tablename LIMIT 5' | |
Author: etienne@sensepost.com | |
Version: 1.0 17 February 2015 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
Dump data from open Redis instance. | |
Usage: node redis_dump.js -h 10.10.0.1 | |
node redis_dump.js -n 10 #dumps the first 10 keys from the instance | |
node redis_dump.js -k keyname #dump the value of a specific key | |
Author: etienne@sensepost.com | |
Version: 1.0 12 February 2015 | |
*/ | |
var redis = require("redis") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* Connect to and extract values from Riak database. Default port 8087 | |
Author: etienne@sensepost.com | |
Version: 1.0 26 February 2015 | |
*/ | |
var argv = require('minimist')(process.argv.slice(2)); | |
var riak = require('riak-pb'); | |
if(process.argv.length < 2){ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Mana-toolkit from @sensepost | |
# | |
# VERSION 0.1 | |
FROM ubuntu | |
MAINTAINER Etienne Stalmans, etienne@sensepost.com | |
RUN apt-get update && apt-get install -y \ | |
unzip \ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var thrift = require('thrift'); | |
var util = require('util') | |
var HBase = require('./gen-nodejs/Hbase'); | |
var HBaseTypes = require('./gen-nodejs/Hbase_types'); | |
var port = 9090 | |
//var connection = thrift.createConnection(process.argv[2], port, { transport: thrift.TFramedTransport,protocol:thrift.TBinaryProtocol }); | |
var connection = thrift.createConnection(process.argv[2], port, { transport: thrift.TBufferedTransport, protocol:thrift.TBinaryProtocol }); | |
connection.on('connect', function () { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
""" | |
Simple tool to extract local users and passwords from most Huawei routers/firewalls. | |
Author: Etienne Stalmans (etienne@sensepost.com) | |
Version: 1.0 (15/01/2014) | |
""" | |
import os | |
import sys | |
import argparse |