emadshanab
/ xss-image.svg
Created
May 14, 2024 15:48
— forked from rudSarkar/xss-image.svg
SVG Image XSS File
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
emadshanab
/ dorks.txt
Created
March 2, 2024 00:57
— forked from HaseebCh-Hack/dorks.txt
List of Google Dorks for sites that have responsible disclosure program / bug bounty program
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| inurl /bug bounty | |
| inurl : / security | |
| inurl:security.txt | |
| inurl:security "reward" | |
| inurl : /responsible disclosure | |
| inurl : /responsible-disclosure/ reward | |
| inurl : / responsible-disclosure/ swag | |
| inurl : / responsible-disclosure/ bounty | |
| inurl:'/responsible disclosure' hoodie | |
| responsible disclosure swag r=h:com |
emadshanab
/ reconftw.cfg
Created
December 28, 2023 04:20
— forked from jhaddix/reconftw.cfg
reconFTW config file: NO google/osint, wordlist creation, nuclei js analysis
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################################# | |
| # reconFTW config file # | |
| ################################################################# | |
| # General values | |
| tools=~/Tools # Path installed tools | |
| SCRIPTPATH="$( cd "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" # Get current script's path | |
| profile_shell=".$(basename $(echo $SHELL))rc" # Get current shell profile | |
| reconftw_version=$(git rev-parse --abbrev-ref HEAD)-$(git describe --tags) # Fetch current reconftw version | |
| generate_resolvers=false # Generate custom resolvers with dnsvalidator |
emadshanab
/ httpie.mailgun.sh
Created
December 26, 2023 15:56
— forked from james2doyle/httpie.mailgun.sh
Test the mailgun API with HTTPIE
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| DOMAIN="example.com" | |
| EMAIL="[email protected]" | |
| http -a 'api:key-00000000000000000000000000000000' \ | |
| -f POST "https://api.mailgun.net/v3/$DOMAIN/messages" \ | |
| from="Excited User <postmaster@$DOMAIN>" \ | |
| to="$EMAIL" \ | |
| subject="Hello" \ |
emadshanab
/ formalms-authbypass.yaml
Created
December 18, 2023 06:50
— forked from hacktivesec/formalms-authbypass.yaml
FormaLMS Authentication Bypass - Nuclei Template
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: formalms-auth-bypass | |
| info: | |
| name: Formalms Auth Bypass | |
| author: Cristian `void` Giustini | |
| severity: high | |
| reference: https://blog.hacktivesecurity.com/index.php/2021/10/05/the-evil-default-value-that-leads-to-authentication-bypass-on-formalms/ | |
| tags: formalms | |
| cve: CVE-2021-43136 |
emadshanab
/ CVE-2019-18935.yaml
Created
December 18, 2023 06:50
— forked from ripp3rdoc/CVE-2019-18935.yaml
Telerik UI Insecure Deserialization — Nuclei Template
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: CVE-2019-18935 | |
| info: | |
| name: Deserialization Vulnerability in Telerik UI for ASP.NET AJAX. | |
| author: Talson | |
| severity: critical | |
| description: | | |
| Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. | |
| remediation: | | |
| As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation. | |
| reference: |
emadshanab
/ error-based-sql-injection.yaml
Created
December 18, 2023 06:50
Error Based SQLi Template
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: error-based-sql-injection | |
| info: | |
| name: Error based SQL injection | |
| author: geeknik | |
| severity: high | |
| description: Detects the possibility of SQL injection in 29 database engines. Inspired by https://github.com/sqlmapproject/sqlmap/blob/master/data/xml/errors.xml. | |
| tags: sqli | |
| requests: |
emadshanab
/ CVE-2021-44228.nuclei.yaml
Created
December 18, 2023 06:50
— forked from hazcod/CVE-2021-44228.nuclei.yaml
Nuclei template to scan for log4shell (CVE-2021-44228).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: CVE-2021-44228 | |
| info: | |
| name: Log4J RCE | |
| author: iNvist / hazcod | |
| severity: critical | |
| description: CVE-2021-44228 | |
| requests: | |
| - raw: |
emadshanab
/ apache-webdav-directory-listing.yaml
Created
December 18, 2023 06:50
— forked from ihebski/apache-webdav-directory-listing.yaml
nuclei template for Apache WebDAV Module PROPFIND Arbitrary Directory Listing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: apache-webdav-dir-listing | |
| info: | |
| name: Apache WebDAV Module PROPFIND Arbitrary Directory Listing | |
| author: segfolt | |
| severity: Medium | |
| # https://vuldb.com/?id.16000 | |
| requests: | |
| - raw: |
emadshanab
/ CVE-2020-14818.yaml
Created
December 18, 2023 06:50
— forked from rootsploit/CVE-2020-14818.yaml
Nuclei Template for CVE-2020-14818: Oracle Business Intelligence - Reflected XSS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: cve-2020-14818 | |
| info: | |
| name: Oracle BI - XSS by @HackerOn2Wheels | |
| author: RootSploit | |
| severity: medium | |
| description: Reflected Cross-site scripting (XSS) on Oracle Business Intelligence | |
| requests: | |
| - method: GET |