nudzo

import kubernetes.client
import kubernetes.config

CATTLE_NS = [
    "cattle-fleet-clusters-system",
    "cattle-fleet-local-system",
    "cattle-fleet-system",
    "cattle-global-data",
    "cattle-global-nt",
    "cattle-impersonation-system",

byt3bl33d3r

#! /usr/bin/env python3

'''
    Needs Requests (pip3 install requests)

    Author: Marcello Salvati, Twitter: @byt3bl33d3r
    License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License)

    
    This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021.

gwen001

curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu

# using linkfinder
function ejs() {
   URL=$1;
   curl -Lks $URL | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"\n##### %\";wget --no-check-certificate --quiet \"%\"; basename \"%\" | xargs -I \"#\" sh -c 'linkfinder.py -o cli -i #'"
}

# with file download (the new best one):
# but there is a bug if you don't provide a root url

typokign

Zoom Sucks

• Zoom abuses the installer flow on MacOS to bypass permissions dialogs (source)
• Zoom sends identifying device info to Facebook, even when users don't have a Facebook account (source) (fixed)
• A bug in Zoom sent identifying information (including email addresses and profile pictures) of thousands of users to strangers (source)
• Zoom claims that meetings are end-to-end encrypted in their white paper and marketing materials, but meetings are only encrypted in transit, and are available in plaintext to Zoom servers and employees. (source)
• zoomAutenticationTool can be used to escalat

abhisek

apiVersion: v1
kind: Pod
metadata:
  labels:
    run: attacker-pod
  name: attacker-pod
spec:
  hostPID: true
  hostIPC: true
  hostNetwork: true

Tenzer

LastPass Pwned Passwords checker

This is a script for checking if any of the passwords you have stored in LastPass have been exposed through previous data breaches.

To use the script you need to have Python 3 installed and you need a CSV export of your LastPass vault. The export can be generated from the LastPass CLI with:

lpass export > lastpass.csv

or can be extracted with the browser plugin by going to the LastPass icon → More Options → Advanced → Export → LastPass CSV File (note that I did have problems getting this to work).

mxschmitt

@echo off
echo Stdout
echo Stderr 1>&2

MarkBaggett

#!/usr/bin/env python

from lib.core.data import kb
from lib.core.enums import PRIORITY
import string

__priority__ = PRIORITY.NORMAL

def dependencies():
    pass

jessfraz

# Description: Boxstarter Script
# Author: Jess Frazelle <[email protected]>
# Last Updated: 2017-09-11
#
# Install boxstarter:
# 	. { iwr -useb http://boxstarter.org/bootstrapper.ps1 } | iex; get-boxstarter -Force
#
# You might need to set: Set-ExecutionPolicy RemoteSigned
#
# Run this boxstarter by calling the following from an **elevated** command-prompt:

binaryaaron

#!/bin/bash

if [ $# -ne 2 ]; then
  echo "Error: Please provide a branch name and repo name from which documentation will be built";
  exit 1
fi

BRANCH_NAME=$1
REPO_NAME=$2