Skip to content

Instantly share code, notes, and snippets.

View z0rs's full-sized avatar

z0rs

11 followers · 0 following
View GitHub Profile
@z0rs
z0rs / Penetration Test Report of Findings.md
Last active May 20, 2024 19:03
@z0rs
z0rs / host-domain
Created February 24, 2024 17:40
cloudamqp.com
cloudkarafka.com
elephantsql.com
cloudmqtt.com
aax.com
achmea.nl
syntrus.com
woonfonds.nl
fbto.nl
averoachmea.nl
@z0rs
z0rs / Host-domain_Filtering.md
Last active February 24, 2024 16:57

This Bash gist is a nifty command to find WordPress domains from a bug bounty program list provided by Project Discovery. First, it uses curl to fetch the bug bounty program list from a GitHub repository. Then, it utilizes jq to select domains from programs that have a bounty, followed by sorting to ensure uniqueness. After that, it employs httpx to test if these domains are running WordPress. Finally, the output is filtered and saved into the host-wordpress file. The second version of this command also removes https, http, www, and other characters from the URLs, providing cleaner results. Pretty cool, right?

curl -s "https://raw.githubusercontent.com/projectdiscovery/public-bugbounty-programs/master/chaos-bugbounty-list.json" | jq -r '.programs[] | select(.bounty==true) | .domains[]' | sort -u | httpx -td -ms WordPress | sed -e 's/\s.*$//' | tee host-wordpress

For sort unique

curl -s "https://raw.githubusercontent.com/projectdiscovery/public-bugbounty-programs/master/chaos-bugbo
@z0rs
z0rs / nuclei.md
Created February 4, 2024 13:28 
name: Recon

on:
  push:
    branches: [master]

jobs:
  scan-and-deploy:
    runs-on: ubuntu-latest
@z0rs
z0rs / Fuzzing_Urls.md
Created February 2, 2024 11:25 
#!/bin/bash
## this tool to take parameters that have '=' and add 'FUZZ' at the end of '=' the ultimate goal of this tool is to perform fuzzing and checking of vulnerable parameters
domain=$1
url="https://web.archive.org/cdx/search/cdx?url=*."$domain"/*&output=txt&fl=original&collapse=urlkey&page=/"

if [[ -z "$domain" ]]; then
    echo "Include the domain as an argument"
    exit 1
fi
@z0rs
z0rs / CloudSek CTF Challenge.md
Last active August 26, 2023 18:15

Serialization Saga CTF Challenge

  • Challenge: Serialization Saga
  • Points: 100
  • Category: Insecure Deserialization

Challenge Description

This challenge is a CTF designed to test the ability to identify and exploit insecure deserialization vulnerabilities. Participants are required to perform certain functions by exploiting these vulnerabilities and obtaining flags as a result.

Steps

@z0rs
z0rs / Security-Posture-Assessment.md
Last active January 24, 2024 03:43

Project Details:

  • Client: [Client Name]
  • Project Name: [Project Name]
  • Testing Period: [Start Date] - [End Date]

Executive Summary

In this report, we provide an overview of the security posture of the target system, detailing findings and their respective severities. The assessment is based on a comprehensive analysis of potential vulnerabilities and risks using the CVSS 3.0 and 3.1 scoring frameworks. Each finding is described along with its associated risk score and recommendations for remediation.

Scope and Methodology

@z0rs
z0rs / CVE-2021-43062.md
Created August 7, 2023 14:04

Vulnerability Assessment Report - CVE-2021-43062

Executive Summary:

I am happy to share vulnerability findings on Fortinet FortiMail, focusing on versions v7.0.1, v7.0.0, v6.4.5 & below, v6.3.7 & below, and v6.0.11 & below. During this assessment, I was able to identify an unpatched XSS (Cross-Site Scripting) vulnerability, tagged as CVE-2021-43062. The vulnerability allowed arbitrary code execution via a specially crafted HTTP GET request to the FortiGuard URI protection service.

Product Fortinet FortiMail
Vendor Fortinet
Severity Medium
Affected Versions v7.0.1, v7.0.0, v6.4.5 & below, v6.3.7 & below, v6.0.11 & below
@z0rs
z0rs / CVE-2023-22731.md
Last active January 24, 2024 03:44
title date
Server Side Template Injection via Twig Security Extension
2023-04-15

Overview:

Shopware is an e-commerce platform that is open source and built on the Symfony Framework and Vue.js. The default storefront of Shopware 6, called Shopware 6 Storefront, is based on Twig and Bootstrap. Users can customize the appearance of their storefront by using extensions (previously known as plugins) to override the default Twig template files. These custom themes can be enabled using the included Shopware 6 Administration panel.

Summary:

Please note that this is a bypass of CVE-2023-22731, which is being tracked as issue NEXT-24667 by Shopware.

@z0rs
z0rs / Recon.md
Created May 10, 2023 08:38
#!/usr/bin/env zsh
# Download JSON file containing a list of bug bounty programs and their domains
curl -O "https://raw.githubusercontent.com/projectdiscovery/public-bugbounty-programs/master/chaos-bugbounty-list.json"
# Create folders for each bug bounty program
cat chaos-bugbounty-list.json | jq -r '.programs[] | select(.bounty==true) | .name' | while read folder; do mkdir -p "$folder" -v; done
# For each bug bounty program, get the domains and save them to a file
for (( i=0; i < $(cat chaos-bugbounty-list.json | jq -r '.programs | length'); i++ ))