aashishrbhandari
/ Security Learning
Created
October 24, 2021 10:10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SQL Injection Types: Ref: https://www.imperva.com/learn/application-security/sql-injection-sqli/ | |
| In-band SQLi: | |
| Use same communication channel to both launch the attack and gather results. | |
| SubTypes: | |
| Error-based SQLi: | |
| relies on error messages thrown by the database server to obtain information about the structure of the database. | |
| Union-based SQLi: | |
| UNION SQL operator to combine the results of two or more SELECT statements into a single result which is then returned as part of the HTTP response. | |
| Inferential (Blind) SQLi | |
| No data is actually transferred via the web application and the attacker would not be able to see the result of an attack in-band (which is why such attacks are commonly referred to as “Blind SQL Injection Attacks”). |
aashishrbhandari
/ Script_Quicky
Created
October 24, 2021 10:04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Linux CLI Quicky | |
| echo -n "Ashish" | md5sum | cut -d" " -f1 | |
| # Python Quicky One | |
| python3 -c 'import hashlib; print(hashlib.md5(b"Ashish").hexdigest())' | |
| # LDAP | |
| ldapsearch -x -h 127.0.0.1 -b "dc=domain,dc=com" -D user@domain -W | |
aashishrbhandari
/ Img_analysis_py_v1.py
Created
October 24, 2021 10:00
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Python3 | |
| How to Install | |
| apt-get update && apt-get install -y python3-opencv | |
| pip3 install --upgrade pip # Important | |
| pip3 install sklearn matplotlib numpy opencv-python scikit-image |
aashishrbhandari
/ Blocklist_Db_Creation_v1
Created
October 24, 2021 09:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat BL/socialnet/domains | awk '{ OFS = ","; print "56",$1,"*" }' >> data_set2.txt | |
| cat BL/forum/domains | awk '{ OFS = ","; print "19",$1,"*" }' >> data_set2.txt | |
| cat BL/finance/banking/domains | awk '{ OFS = ","; print "5",$1,"*" }' >> data_set2.txt | |
| cat BL/finance/realestate/domains | awk '{ OFS = ","; print "49",$1,"*" }' >> data_set2.txt | |
| cat BL/finance/banking/domains | awk '{ OFS = ","; print "18",$1,"*" }' >> data_set2.txt | |
| cat BL/finance/realestate/domains | awk '{ OFS = ","; print "18",$1,"*" }' >> data_set2.txt | |
| cat BL/finance/insurance/domains | awk '{ OFS = ","; print "18",$1,"*" }' >> data_set2.txt | |
| cat BL/finance/moneylending/domains | awk '{ OFS = ","; print "18",$1,"*" }' >> data_set2.txt |
aashishrbhandari
/ SafeSquid_Testing_v1
Last active
October 24, 2021 10:05
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat 3000_unique_domains.txt | xargs -P 30 -n 1 -I{} curl "{}" -s -x 10.139.232.245:8080 --max-time 6.0 -w "Status: %{response_code}, Total-Time: %{time_total}\n" | tee -a test_4-cc30-17_50-4_may_2021-log.txt | |
| cat pi_blocklist_porn_top1m.list | xargs -P 30 -n 1 -I{} curl "{}" -s -x 10.139.232.245:8080 --max-time 6.0 -w "Status: %{response_code}, Total-Time: %{time_total}, Url: %{url_effective}, Socket: %{local_ip}:%{local_port} \n" -o /dev/null| tee -a test_4-cc30-17_50-4_may_2021-log.txt | |
| cat pi_blocklist_porn_top1m.list | xargs -P 30 -n 1 -I{} curl "{}" -s -x 10.139.232.245:8080 --max-time 6.0 -w "Status: %{response_code}, Total-Time: %{time_total}, Url: %{url_effective}, Socket: %{local_ip}:%{local_port} \n" -o /dev/null| tee -a test_4-cc30-17_50-4_may_2021-log.txt | |
| COUNTER_1=0; cat pi_blocklist_porn_top1m.list | xargs -P 30 -n 1 -I{} curl "{}" -s -x 10.139.232.245:8080 --max-time 6.0 -w "Status: %{response_code}, Total-Time: %{time_total}, Url: %{url_effective}, Socket: %{local_ip}:%{local_port} \n" -o /de |
aashishrbhandari
/ Security_Terms
Created
October 24, 2021 09:57
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CSRF: | |
| Cross-Site Request Forgery - Cross-Site Request Forgery (CSRF) is a malicious attack that tricks the user’s web browser to perform undesired actions so that they appear as if an authorized user is performing those actions. | |
| OWASP: | |
| Open Web Application Security Project | |
aashishrbhandari
/ Caching_v1
Created
October 24, 2021 09:50
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Caching at the Object Level | |
| 1. Cache ASide | |
| Easiest one used by me | |
| Check the Cache | |
| IF Cache Found -> Return | |
| Else -> Ask DB | |
| IF DB Found -> Add To Cache and Return | |
| Else -> Do NOT Cache and Return NULL |
aashishrbhandari
/ SafeSquid_Reporting_Tables_Beta1
Created
October 24, 2021 09:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ---------------------- | |
| Report Table Creation | |
| ---------------------- | |
| website_name, download_size, upload_size, request_count, elapsed_time | |
| username, website_name, download_size, upload_size, request_count, elapsed_time | |
| ============= | |
| Single Table |
aashishrbhandari
/ SafeSquid_Fields
Created
October 24, 2021 09:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| record_id | |
| client_id | |
| request_id | |
| date_time | |
| elapsed_time | |
| status | |
| size | |
| upload | |
| download | |
| bypassed |
aashishrbhandari
/ Python: File Reading
Last active
November 3, 2022 11:41
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Best Practise | |
| # Reference: https://stackoverflow.com/questions/11482342/read-a-large-zipped-text-file-line-by-line-in-python/11482347 | |
| # If Reading a Zipped/Compressed File | |
| import zipfile | |
| with zipfile.ZipFile(zip_file) as z: | |
| with z.open(zip_file) as f: |