Skip to content

Instantly share code, notes, and snippets.

View LuD1161's full-sized avatar
👋
Hey ! Wassup 😃 Lets talk security 😎

Aseem Shrey LuD1161

👋
Hey ! Wassup 😃 Lets talk security 😎
View GitHub Profile
@LuD1161
LuD1161 / API-Minimal.policy
Created November 21, 2022 08:03
OWASP ZAP API-Minimal.policy
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<configuration>
<policy>API Minimal</policy>
<scanner>
<level>MEDIUM</level>
<strength>MEDIUM</strength>
</scanner>
<plugins>
<p6>
<enabled>false</enabled>
@LuD1161
LuD1161 / main.go
Created June 22, 2022 05:32
HTTP Request with Custom DNS Resolver & Transport
package main
import (
"context"
"crypto/tls"
"io/ioutil"
"log"
"net"
"net/http"
"net/url"
@LuD1161
LuD1161 / test_secret.txt
Last active May 30, 2022 13:13
Test Secret
We couldn’t find that file to show.
@LuD1161
LuD1161 / pegasus-project.txt
Created September 2, 2021 14:12
Pegasus Project
Reference links from the video : https://youtu.be/NtNkv5GFzEU
VirusTotal Link : https://www.virustotal.com/gui/file/ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5/detection
Malware Download Link : https://malshare.com/sample.php?action=detail&hash=7c3ad8fec33465fed6563bbfabb5b13d
@LuD1161
LuD1161 / gcp_enum.sh
Last active March 30, 2022 10:56 — forked from carnal0wnage/gcp_enum.sh
use the gcloud utilities to enumerate as much access as possible from a GCP service account json file. see blog post: <to insert>
# gcloud auth activate-service-account --key-file=85.json
# gcloud projects list
project="my-project"
space=""
echo "gcloud auth list"
gcloud auth list
echo -e "$space"
@LuD1161
LuD1161 / clean_ips.py
Last active March 23, 2022 07:10
Remove IPs which belong to cloudflare
import sys
import requests
from ipaddress import ip_network, ip_address
def output_valid_ips(ips):
ipvs4 = "https://www.cloudflare.com/ips-v4"
ipvs6 = "https://www.cloudflare.com/ips-v6"
ipranges = requests.get(ipvs4).text.split("\n")[:-1] # removing last trailing space
ipranges += requests.get(ipvs6).text.split("\n")[
@LuD1161
LuD1161 / f5_here_i_come.sh
Last active March 8, 2022 02:52
F5 Slapdash attempt
# Get all the F5 IPs from Shodan | Get script here : https://gist.github.com/LuD1161/2087aea80e8771a4af069c33b4078570
python3 shodan_query.py "http.favicon.hash:-335242539" results_f5.txt | tee -a output.txt
cat output.txt | grep -i "host :" | cut -d":" -f2 | cut -d" " -f2 | httpx -threads 400 -ports 80,443,8443,4443 -silent | nuclei -t cves/CVE-2020-5902.yaml -o results.txt
cut -d" " -f3 results.txt > targets.txt
sed -i -e "s/\.\;/\.\\\;/g" targets.txt # escape semicolon to pass to interlace
interlace -tL ./targets.txt -threads 100 -c "echo _target_; curl --insecure -v _target_ 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }'" -v | tee -a all_certs.txt
@LuD1161
LuD1161 / shodan_api_query.py
Created July 4, 2020 12:54
Query Shodan API : Plain and Simple
# -*- coding: utf-8 -*-
import requests
import time
import os
import json
import sys
headers = {
'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
@LuD1161
LuD1161 / yahoo_CIDR.sh
Created May 10, 2020 20:23
Patrick Fahrenbach's Yahoo CIDR scanning for phpinfo.php
#!/bin/bash
for ipa in 98.13{6..9}.{0..255}.{0..255}; do
wget -t 1 -T 5 http://${ipa}/phpinfo.php; done &
@LuD1161
LuD1161 / base_response.go
Created February 20, 2020 16:43
Standard Output Format for all API endpoint
package main
import "github.com/gin-gonic/gin"
// Response : BaseResponse
// To get const output format for all endpoint
type Response struct {
Meta interface{} `json:"meta"`
Error interface{} `json:"error"`
Data interface{} `json:"data"`