DanaEpp
/ sensitive_data_detector.py
Created
May 10, 2024 17:52
Sensitive Data Detector see: https://danaepp.com/sensitive-data-detection-using-ai-for-api-hackers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| import sys | |
| from typing import List | |
| from dataclasses import dataclass | |
| from presidio_analyzer import AnalyzerEngine, RecognizerResult | |
| import argparse | |
| from har_capture_reader import HarCaptureReader | |
| analyzer: AnalyzerEngine = AnalyzerEngine() |
DanaEpp
/ har_capture_reader.py
Created
May 10, 2024 17:49
HAR capture reader to use with Sensitive Data Detector. see: https://danaepp.com/sensitive-data-detection-using-ai-for-api-hackers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rom base64 import b64decode | |
| import os | |
| from typing import Iterator, Union | |
| import json_stream | |
| # This HAR capture reader was taken from mitmproxy2swagger and slightly modified to work for our needs. | |
| # See https://github.com/alufers/mitmproxy2swagger/blob/master/mitmproxy2swagger/har_capture_reader.py | |
| class HarFlowWrapper: | |
| def __init__(self, flow: dict): |
DanaEpp
/ txt_to_postman_b64_json.py
Created
March 27, 2024 20:58
A simple Python script that will convert and encode a Big List of Naughty Strings (BLNS) into a JSON file that Postman can use
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from argparse import ArgumentParser, Namespace | |
| import os | |
| import base64 | |
| import json | |
| def main(srcFile: str, dstFile:str) -> None: | |
| if not os.path.isfile(srcFile): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {{7*7}} | |
| ${7*7} | |
| <%= 7*7 %> | |
| ${{7*7}} | |
| #{7*7} | |
| *{7*7} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/env python3 | |
| """ | |
| request_logger.py | |
| A simple HTTP server that will dump the requests being mirrored from an implant on an API server | |
| WARNING: This will record all header and body content of a request to a JSON file. To reduce the risk of | |
| information disclosure, care should be placed in the ACL of the output file. |
DanaEpp
/ dump-endpoints.jq
Created
November 26, 2022 00:05
jq query and filter to dump the HTTP method, route and description of every endpoint in an OpenAPI 3.0 document. Usage: jq -r -f dump-endpoints.jq openapidoc.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .paths | to_entries | map(select(.key | test("^x-") | not)) | map ( .key as $path | .value | to_entries | map( select( .key | IN("get", "put", "post", "delete", "options", "head", "patch", "trace")) | { method: .key, path: $path, summary: .value.summary?, deprecated: .value.deprecated? })[] ) | map( .method + "\t" + .path + "\t" + .summary + (if .deprecated then " (deprecated)" else "" end)) [] |
DanaEpp
/ guid_reaper.py
Created
October 20, 2022 17:56
Tool to dump v1 GUIDs and generate a wordlist of GUIDs for use in bruteforce attacks against APIs with predictable GUIDs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/env python3 | |
| import argparse | |
| import datetime | |
| import re | |
| import sys | |
| import uuid | |
| ############################################################################### | |
| # Based off of Daniel Thatcher's guid tool |
DanaEpp
/ nosql-injection-payloads-for-postman.json
Created
September 20, 2022 22:18
NoSQL injection payloads for Postman
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| {"payload":"'"}, | |
| {"payload":"''"}, | |
| {"payload":";%00"}, | |
| {"payload":"--"}, | |
| {"payload":"-- -"}, | |
| {"payload":"\"\""}, | |
| {"payload":";"}, | |
| {"payload":"' OR '1"}, | |
| {"payload":"' OR 1 -- -"}, |
DanaEpp
/ thm-dump.py
Created
June 26, 2022 05:18
TryHackMe (THM) dump script to find rooms with open tasks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/env python3 | |
| import getpass | |
| import time | |
| import requests | |
| from requests.cookies import create_cookie | |
| from requests.adapters import HTTPAdapter | |
| from requests.packages.urllib3.util.retry import Retry | |
| import re | |
| from typing import List |
DanaEpp
/ exploit110.py
Last active
May 10, 2022 23:43
THM PWN 101 - Challenge 10 (optimized using pwntools native ROP() chains)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/env python3 | |
| import sys | |
| from pwn import * | |
| exe = "./pwn110.pwn110" | |
| elf = context.binary = ELF(exe, checksec=False) | |
| context.log_level = 'info' | |
| def start(argv=[], *a, **kw): |
NewerOlder