Dzmitry Savitski dzmitry-savitski
dzmitry-savitski
/ vh.py
Last active
December 13, 2019 09:05
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Author: Dzmitry Savitski | |
| # Get a new version at: https://github.com/dzmitry-savitski/vhost_bruteforcer | |
| from __future__ import print_function | |
| import requests | |
| import urllib3 | |
| import argparse | |
| import netaddr | |
| from termcolor import colored |
dzmitry-savitski
/ domain_checker.sh
Last active
March 19, 2019 11:02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| for domain in $(cat $1); | |
| do | |
| # -L - follow redirect | |
| # echo [http://$domain] - $(curl -w '%{size_download}' --output /dev/null -s http://$domain); | |
| echo [https://$domain] - $(curl -w '%{size_download}' -L --insecure --max-time 2 --output /tmp/out/$domain.https.html -s https://$domain); | |
| done; |
dzmitry-savitski
/ xpath_bruter_or.py
Last active
March 1, 2019 07:08
Modified XPath injection module for recon-ng for 'OR' injections.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from __future__ import print_function | |
| from recon.core.module import BaseModule | |
| import urllib | |
| import sys | |
| # List of modifications: | |
| # - swaped from and to or condition | |
| # - added option to invers True/False strings | |
| # - headers are now also checked for unique string | |
| # - connection exceptions are handled |
dzmitry-savitski
/ ShellController.java
Created
January 29, 2018 11:33
Spring MVC shell using controller and AsyncContext
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package com.dsavitski.vulnerable.controllers; | |
| import org.springframework.stereotype.Controller; | |
| import org.springframework.web.bind.annotation.RequestMapping; | |
| import org.springframework.web.bind.annotation.RequestMethod; | |
| import org.springframework.web.bind.annotation.ResponseBody; | |
| import javax.servlet.AsyncContext; | |
| import javax.servlet.ServletInputStream; | |
| import javax.servlet.ServletOutputStream; |
NewerOlder