Skip to content

Instantly share code, notes, and snippets.

View unl1k3ly's full-sized avatar

unl1k3ly

  • SCV-Security
View GitHub Profile
@iann0036
iann0036 / gist:b473bbb3097c5f4c656ed3d07b4d2222
Last active April 28, 2024 11:47
List of expensive / long-term effect AWS IAM actions
route53domains:RegisterDomain
route53domains:RenewDomain
route53domains:TransferDomain
ec2:ModifyReservedInstances
ec2:PurchaseHostReservation
ec2:PurchaseReservedInstancesOffering
ec2:PurchaseScheduledInstances
rds:PurchaseReservedDBInstancesOffering
dynamodb:PurchaseReservedCapacityOfferings
s3:PutObjectRetention
@gwen001
gwen001 / ejs.sh
Last active April 24, 2024 07:25
onliner to extract endpoints from JS files of a given host
curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu
# using linkfinder
function ejs() {
URL=$1;
curl -Lks $URL | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"\n##### %\";wget --no-check-certificate --quiet \"%\"; basename \"%\" | xargs -I \"#\" sh -c 'linkfinder.py -o cli -i #'"
}
# with file download (the new best one):
# but there is a bug if you don't provide a root url
@thehappydinoa
thehappydinoa / CVE_2017_7529.py
Last active November 27, 2022 18:07
Nginx - Remote Integer Overflow Vulnerability
#!/usr/bin/env python
# -*- coding:utf-8 -*-
# Nginx - Remote Integer Overflow Vulnerability
# CVE-2017-7529
import sys
import logging
import argparse
@nullenc0de
nullenc0de / auto_git_query
Last active January 6, 2024 15:08
Automated Github Queries (Can open 29 tabs at a time)
https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code
https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code
https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code
https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code
https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI
@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active April 29, 2024 14:36
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@jobertabma
jobertabma / attack.xml
Created June 13, 2017 17:39 — forked from janmartendeboer/attack.xml
XXE attack using PHP
<!DOCTYPE scan [
<!ENTITY test SYSTEM "target.xml">
]><scan>&test;</scan>
@PaulSec
PaulSec / aws_scan.py
Created May 10, 2017 08:05
Quick script to scan for AWS (S3 Buckets) and retrieves bunch of info out of it
import subprocess
import argparse
import re
import sys
import requests
def do_dig(domain):
command = "dig {} | grep IN".format(domain)
try:
output = subprocess.check_output(command, shell=True, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
@kingspp
kingspp / logging.py
Created April 22, 2017 07:14
Python Comprehensive Logging using YAML Configuration
import os
import yaml
import logging.config
import logging
import coloredlogs
def setup_logging(default_path='logging.yaml', default_level=logging.INFO, env_key='LOG_CFG'):
"""
| **@author:** Prathyush SP
| Logging Setup
@nl5887
nl5887 / readme.md
Last active October 12, 2020 16:11
Install oclHashCat on Ubuntu 16.04 
apt-get clean && apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y

apt-get install build-essential

sh ./NVIDIA-Linux-x86_64-367.27.run

# this will remove nouveau module during boot

update-initramfs -u
@makenova
makenova / pritunlMigration.md
Last active April 20, 2024 21:50
move pritunl between servers

Migrating your pritunl install between servers

This is a small write up about how to migrate your pritunl install between servers. It's not especially detailed because I'm lazy and your migration story will most likely be different. All this can be avoided by using a remote/hosted mongo instance(compose.io, mongolab, etc.) and simply pointing your pritunl instance at that. If you want more details ask, and I'll do my best to answer and update this write-up accordingly. Also, feel free to criticize my grammar and spelling.