| import random | |
| header_names = ['User-Agent'] | |
| ua = ['Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.62 Safari/537.36', 'Mozilla/5.0 (Linux; Android 6.0; CAM-L21 Build/HUAWEICAM-L21; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/62.0.3202.84 Mobile Safari/537.36', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36'] | |
| if (messageIsRequest): | |
| request = helpers.analyzeRequest(messageInfo) | |
| headers = request.getHeaders() | |
| for header_name in header_names: |
| # github.com/ndavison | |
| import requests | |
| import random | |
| import string | |
| from argparse import ArgumentParser | |
| parser = ArgumentParser(description="Attempts to find hop-by-hop header abuse potential against the provided URL.") | |
| parser.add_argument("-u", "--url", help="URL to target (without query string)") |
Install Android App Termux from APKPure or AppStore. If the app exists, just delete and re-install it to get the latest version, The APK can be downloaded from https://apkpure.com/termux/com.termux/ Install the APK using by running
adb install ~/Downloads/Termux_v0.73_apkpure.com.apk
| #!/bin/bash | |
| # Ref: https://blog.getpostman.com/2015/12/23/stream-any-log-file-to-slack-using-curl/ | |
| # define $MAGE_ENV env var in your .profile | |
| tail -n0 -F "$1" | while read LINE; do | |
| (echo "$LINE" | grep -e "$3") && curl -X POST --silent --data-urlencode \ | |
| "payload={\"text\": \"$MAGE_ENV $1\\n$(echo $LINE | sed "s/\"/'/g")\"}" "$2"; | |
| done |
| select | |
| da.ip_address, | |
| da.host_name, | |
| dos.name as OS, | |
| dos.version as OS_Version, | |
| dp.title as Policy_Title, | |
| dpr.title as Rule_Name, | |
| dpr.description as Rule_Description, | |
| dprs.description as Complaince_Status | |
| from fact_asset_policy_rule as fpr |
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
| #!/usr/bin/env python | |
| ''' | |
| Update/create a page containing a table w/ Confluence REST API | |
| ''' | |
| import requests | |
| import json | |
| # Get api credentials from local config file |
| WITH remediations AS ( | |
| SELECT DISTINCT fr.solution_id AS ultimate_soln_id, summary, fix, estimate, riskscore, dshs.solution_id AS solution_id | |
| FROM fact_remediation(10,'riskscore DESC') fr | |
| JOIN dim_solution ds USING (solution_id) | |
| JOIN dim_solution_highest_supercedence dshs ON (fr.solution_id = dshs.superceding_solution_id AND ds.solution_id = dshs.superceding_solution_id) | |
| ), | |
| assets AS ( |
An analysis of Censys Public Scan 20180807 (only port 22) to estimate the number of servers {potentially} vulnerable to the recent Libssh bug.
| // Called through: | |
| // http://127.0.0.1:3000/db?username=%27%20OR%20%271%27=%271 | |
| // Query username from URL parameter | |
| const username = req.query.username; | |
| // Create SQL query | |
| const sqlQuery = "SELECT * FROM c WHERE c.name='" + username + "'"; | |
| // -> SQL Query is: SELECT * FROM c WHERE c.name='' OR '1'='1' |