| /** | |
| * run the script to a running app: frida -U "appName" -l flutter_ios.js --no-pause | |
| * start app direct with the script: frida -Uf bundleIdentifier -l flutter_ios.js --no-pause | |
| */ | |
| // ############################################# | |
| // HELPER SECTION START | |
| var colors = { | |
| "resetColor": "\x1b[0m", | |
| "green": "\x1b[32m", | |
| "yellow": "\x1b[33m", |
There are at least two valid, signed TLS certificates that are bundled with publicly available Netgear device firmware.
These certificates are trusted by browsers on all platforms, but will surely be added to revocation lists shortly.
The firmware images that contained these certificates along with their private keys were publicly available for download through Netgear's support website, without authentication; thus anyone in the world could have retrieved these keys.
| Filter | Description | Example |
|---|---|---|
| allintext | Searches for occurrences of all the keywords given. | allintext:"keyword" |
| intext | Searches for the occurrences of keywords all at once or one at a time. | intext:"keyword" |
| inurl | Searches for a URL matching one of the keywords. | inurl:"keyword" |
| allinurl | Searches for a URL matching all the keywords in the query. | allinurl:"keyword" |
| intitle | Searches for occurrences of keywords in title all or one. | intitle:"keyword" |
| /* | |
| typedef struct { | |
| int size; | |
| char* data; | |
| } test_struct; | |
| void some_func(test_struct **s); |
| #!/bin/bash | |
| # Usage : ./scanio.sh <save file> | |
| # Example: ./scanio.sh cname_list.txt | |
| # Premium | |
| function ech() { | |
| spinner=( "|" "/" "-" "\\" ) | |
| while true; do | |
| for i in ${spinner[@]}; do | |
| echo -ne "\r[$i] $1" |
GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.
You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.
$ python githubcloner.py --org organization -o /tmp/output
| Product | Version | FQDN | URL | |
|---|---|---|---|---|
| VMwareESXi | 6.0 | ESXi | /ui | |
| VMwareESXi | 6.5 | ESXi | /ui | |
| VMwareESXi | 6.0 | ESXi | /sdk | |
| VMwareESXi | 6.5 | ESXi | /sdk/vimService.wsdl | |
| vSphereWebClient | 5.1 | vCenter | :9443/vsphere-client | |
| vSphereWebClient | 5.5 | vCenter | :9443/vsphere-client | |
| vSphereWebClient | 6.0 | vCenter | /vsphere-client | |
| vSphereWebClient | 6.0 | vCenter | :9443 | |
| vSphereWebClient | 6.5 | vCenter | /vsphere-client |
| import java.io.IOException; | |
| import java.net.URISyntaxException; | |
| import java.nio.file.Files; | |
| import java.nio.file.Paths; | |
| import java.security.KeyFactory; | |
| import java.security.NoSuchAlgorithmException; | |
| import java.security.PrivateKey; | |
| import java.security.interfaces.RSAPublicKey; | |
| import java.security.spec.InvalidKeySpecException; | |
| import java.security.spec.PKCS8EncodedKeySpec; |
