Skip to content

Instantly share code, notes, and snippets.

@nudzo
nudzo / rancher_cleanup.py
Last active November 2, 2022 00:27
Script for cleanup of leftover Rancher resources after uninstall.
import kubernetes.client
import kubernetes.config
CATTLE_NS = [
"cattle-fleet-clusters-system",
"cattle-fleet-local-system",
"cattle-fleet-system",
"cattle-global-data",
"cattle-global-nt",
"cattle-impersonation-system",
@byt3bl33d3r
byt3bl33d3r / log4j_rce_check.py
Created December 10, 2021 06:02
Python script to detect if an HTTP server is potentially vulnerable to the log4j 0day RCE (https://www.lunasec.io/docs/blog/log4j-zero-day/)
#! /usr/bin/env python3
'''
Needs Requests (pip3 install requests)
Author: Marcello Salvati, Twitter: @byt3bl33d3r
License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License)
This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021.
@gwen001
gwen001 / ejs.sh
Last active July 7, 2024 07:33
onliner to extract endpoints from JS files of a given host
curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu
# using linkfinder
function ejs() {
URL=$1;
curl -Lks $URL | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"\n##### %\";wget --no-check-certificate --quiet \"%\"; basename \"%\" | xargs -I \"#\" sh -c 'linkfinder.py -o cli -i #'"
}
# with file download (the new best one):
# but there is a bug if you don't provide a root url
@typokign
typokign / zoomsucks.md
Last active September 8, 2023 05:06
Zoom Sucks

Zoom Sucks

  • Zoom abuses the installer flow on MacOS to bypass permissions dialogs (source)
  • Zoom sends identifying device info to Facebook, even when users don't have a Facebook account (source) (fixed)
  • A bug in Zoom sent identifying information (including email addresses and profile pictures) of thousands of users to strangers (source)
  • Zoom claims that meetings are end-to-end encrypted in their white paper and marketing materials, but meetings are only encrypted in transit, and are available in plaintext to Zoom servers and employees. (source)
  • zoomAutenticationTool can be used to escalat
@abhisek
abhisek / pod-to-node.yml
Created March 17, 2020 04:35
Kubernetes Pod hostPath Volume Mount
apiVersion: v1
kind: Pod
metadata:
labels:
run: attacker-pod
name: attacker-pod
spec:
hostPID: true
hostIPC: true
hostNetwork: true
@Tenzer
Tenzer / 000-README.md
Last active July 16, 2024 10:19
LastPass Pwned Passwords checker

LastPass Pwned Passwords checker

This is a script for checking if any of the passwords you have stored in LastPass have been exposed through previous data breaches.

To use the script you need to have Python 3 installed and you need a CSV export of your LastPass vault. The export can be generated from the LastPass CLI with:

lpass export > lastpass.csv

or can be extracted with the browser plugin by going to the LastPass icon → More Options → Advanced → Export → LastPass CSV File (note that I did have problems getting this to work).

@mxschmitt
mxschmitt / cmd.bat
Last active April 18, 2024 21:48
Golang example of cmd stderr / stdout merge to a single channel
@echo off
echo Stdout
echo Stderr 1>&2
@MarkBaggett
MarkBaggett / custom_caesar.py
Last active July 16, 2023 14:57
Python - SQLMAP - Tamper Script for Custom Caesar Cypher
#!/usr/bin/env python
from lib.core.data import kb
from lib.core.enums import PRIORITY
import string
__priority__ = PRIORITY.NORMAL
def dependencies():
pass
@jessfraz
jessfraz / boxstarter.ps1
Last active October 8, 2024 17:58
Boxstarter Commands for a new Windows box.
# Description: Boxstarter Script
# Author: Jess Frazelle <[email protected]>
# Last Updated: 2017-09-11
#
# Install boxstarter:
# . { iwr -useb http://boxstarter.org/bootstrapper.ps1 } | iex; get-boxstarter -Force
#
# You might need to set: Set-ExecutionPolicy RemoteSigned
#
# Run this boxstarter by calling the following from an **elevated** command-prompt:
@binaryaaron
binaryaaron / build_sphinx_docs.sh
Last active January 9, 2018 17:39
github pages sphinx building script
#!/bin/bash
if [ $# -ne 2 ]; then
echo "Error: Please provide a branch name and repo name from which documentation will be built";
exit 1
fi
BRANCH_NAME=$1
REPO_NAME=$2