Pawel Rzepa xep624
xep624
/ sqli_in_lambda.js
Created
February 27, 2020 14:59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let filename = decodeURIComponent(s3.object.key.replace(/\+/g,'%20')); | |
| connection.query( | |
| 'INSERT INTO uploaded_files_table (`file`) VALUES ("' + filename + '")', | |
| (error, results) => {} | |
| ); |
xep624
/ gist:4c91c828da2312b092c93ff8eaf3ab5c
Last active
April 25, 2019 09:21
IAM Permission Enumerator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """IAM Permission Enumerator. | |
| This is a quickly modified, but working version of the following script: https://gist.github.com/darkarnium/1df59865f503355ef30672168063da4e | |
| This code provides a mechanism to attempt to validate the permissions assigned | |
| to a given set of AWS tokens. | |
| """ | |
| import re | |
| import sys | |
| import logging | |
| import datetime |
xep624
/ entropy.py
Created
July 12, 2018 21:07
This is a script which counts a character entropy in a single string.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/env python | |
| import math | |
| import sys | |
| ''' | |
| This is a script which counts a character entropy in a single string. | |
| Usage: entropy.py STRING |
xep624
/ content_discovery_all.txt
Created
June 7, 2018 12:41
— forked from jhaddix/content_discovery_all.txt
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ` | |
| ~/ | |
| ~ | |
| ×™× | |
| ___ | |
| __ | |
| _ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # This script requires installed drozer on your computer (https://github.com/mwrlabs/drozer) | |
| # and agent.apk on your device/emulator ($ adb install agent.apk) | |
| # Before running this script, you should firstly invoke these commands: | |
| # $ virtualenv drozer_env | |
| # $ source drozer_env/bin/activate | |
| # $ ./drozer_env.sh | |
| # | |
| # Problem description: |