mvelazc0

using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Security.Principal;

//Based on https://0x00-0x00.github.io/research/2018/10/17/Windows-API-and-Impersonation-Part1.html
namespace GetSystem
{
    class Program
    {

gwen001

curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu

# using linkfinder
function ejs() {
   URL=$1;
   curl -Lks $URL | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"\n##### %\";wget --no-check-certificate --quiet \"%\"; basename \"%\" | xargs -I \"#\" sh -c 'linkfinder.py -o cli -i #'"
}

# with file download (the new best one):
# but there is a bug if you don't provide a root url

byt3bl33d3r

#! /usr/bin/env python3

# 
# Requires Python 3.7+ & aiohttp (speedups recommended)
# pip3 install aiohttp[speedups]
#

import sys
import asyncio
import aiohttp

0xffhh

sub IsSafe {
	#http://sleep.dashnine.org/manual/index.html
	local('$pos');
	@badchars = @(";", "&", '$', "'");
	foreach $index => $value (@badchars)
	{
		$pos = indexOf($1, $value);
		if (-isnumber $pos)
		{
			println("Invalid char detected");

asolino

#!/usr/bin/env python
import argparse
import string
import sys

from impacket import nmb
from impacket.smb3 import SMB2_COMPRESSION_TRANSFORM_HEADER, SMB3, SMB2_DIALECT_311, SMB2_NEGOTIATE_SIGNING_REQUIRED, \
    SMB2_NEGOTIATE_SIGNING_ENABLED, STATUS_SUCCESS, SMB2_DIALECT_30, \
    SMB2_GLOBAL_CAP_ENCRYPTION, SMB2_DIALECT_WILDCARD, SMB2Negotiate_Response, SMB2_NEGOTIATE, \
    SMB2Negotiate, SMB311ContextData, SMB2NegotiateContext, SMB2_PREAUTH_INTEGRITY_CAPABILITIES, \

JPMinty

# Modified to include support for CommandLine, File Hashes, File Paths, Signing Certificates
# Copyright (c) 2020 Jai Minton. All rights reserved.
# Copyright (c) 2014 Atif Aziz. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#

dkasak

setTimeout(function() {
    Java.perform(function() {

        var TrustManagerImpl = Java.use('com.android.org.conscrypt.TrustManagerImpl');

        TrustManagerImpl.verifyChain.implementation = function(untrustedChain,
            trustAnchorChain, host, clientAuth, ocspData, tlsSctData) {
            return untrustedChain;
        }
    });

ophirharpaz

"""
The script generates and prints a graph of all function-call flows that start in exported functions and end
in the function being pointed at in IDA.
This functionality is useful when you need to trigger a function in a DLL and wish to know which exported function
leads to it.
"""

import idaapi
import idautils
import idc

rvrsh3ll

using System;
using System.IO;
using System.Net;
using System.Diagnostics;
using System.IO.Compression;
using System.Runtime.InteropServices;

public class Payload
{
    public Payload()

TheWover

Param([parameter(Mandatory=$true,
   HelpMessage="Directory to search for .NET Assemblies in.")]
   $Directory,
   [parameter(Mandatory=$false,
   HelpMessage="Whether or not to search recursively.")]
   [switch]$Recurse = $false,
   [parameter(Mandatory=$false,
   HelpMessage="Whether or not to include DLLs in the search.")]
   [switch]$DLLs = $false,
   [parameter(Mandatory=$false,