Magno Logan magnologan
magnologan
/ aws-us-east-1-iplist.sh
Created
February 17, 2021 00:22
— forked from joswr1ght/aws-us-east-1-iplist.sh
Get AWS IP Addresses for a Specified Area
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wget -qO- https://ip-ranges.amazonaws.com/ip-ranges.json | jq '.prefixes[] | if .region == "us-east-1" then .ip_prefix else empty end' -r | head -3 |
magnologan
/ AWS API calls that return credentials.md
Created
February 20, 2021 14:52
— forked from kmcquade/AWS API calls that return credentials.md
AWS API calls that return credentials
magnologan
/ GatheringEmailLinkedin.php
Created
March 16, 2021 10:35
— forked from MrCl0wnLab/GatheringEmailLinkedin.php
Email Information Gathering in Post Linkedin
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $targets = array_unique(explode("\n",file_get_contents("posts.targets"))); | |
| $user_agent = 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0'; | |
| foreach ($targets as $key => $url_target) { | |
| #REQUEST PEGANDO ID | |
| exec("curl -kg --user-agent '{$user_agent}' '{$url_target}'>tmp"); | |
| #GREP ID |
magnologan
/ API_checklist.csv
Created
March 25, 2021 00:46
— forked from juniotee/API_checklist.csv
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ID | Test name | Domain | Owasp API Top Ten | |
|---|---|---|---|---|
| 1 | Test user enumeration (if applicable) | Authorization | A1, A3 | |
| 2 | Exploit vulnerabilities to gain unauthorized access | Authorization | A2 | |
| 3 | Transmission of sensitive information (token, credentials, etc.) in an insecure manner | Integrity/Confidentiality | A1 | |
| 4 | Test for specific data entry vulnerabilities | Data validation | A8 | |
| 5 | Perform fuzzing on all request parameters (sending malicious information, for example) | Data validation | A8 | |
| 6 | Test for injection vulnerabilities (SQLi, LDAP, XML, Xpath, XXE if applicable) | Data validation | A8 | |
| 7 | Testing for buffer overflow vulnerabilities | Data validation | A8 | |
| 8 | Test for logic failures (if applicable) | Data validation | A6 | |
| 9 | Test how the application behaves by receiving incomplete information | Data validation | A6 |
magnologan
/ unfollow.py
Created
March 31, 2021 00:57
— forked from perpetual-hydrofoil/unfollow.py
Twitter Unfollow Example (python)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python | |
| # how to unfollow everyone who isn't following you | |
| # By Jamieson Becker (Public Domain/no copyright, do what you will) | |
| # Easy instructions, even if you don't know Python | |
| # | |
| # 1. Install pip (apt-get install python-pip) and then | |
| # pip install tweepy, which is the python twitter client | |
| # |
magnologan
/ regular_expression_engine_comparison.md
Created
May 7, 2021 02:45
— forked from CMCDragonkai/regular_expression_engine_comparison.md
Regular Expression Engine Comparison Chart
Many different applications claim to support regular expressions. But what does that even mean?
Well there are lots of different regular expression engines, and they all have different feature sets and different time-space efficiencies.
The information here is just copied from: http://regular-expressions.mobi/refflavors.html
magnologan
/ CVE-2019-11253-poc.sh
Created
May 7, 2021 17:19
— forked from bgeesaman/CVE-2019-11253-poc.sh
CVE-2019-11253 Kubernetes API Server YAML Parsing Remote Denial of Service PoC aka "Billion Laughs"
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # CVE-2019-11253 | |
| # https://github.com/kubernetes/kubernetes/issues/83253 | |
| # Shout out: @raesene for poc collab, @iancoldwater + @mauilion for | |
| # HONKing inspiration and other guidance. | |
| # Description: In Kubernetes 1.13 and below, the default configuration | |
| # is that system:anonymous can request a selfsubjectaccessreview | |
| # via mechanisms such as "kubectl auth can-i". This request can | |
| # include POSTed YAML, and just the act of trying to parse it causes |
| Resource | Description |
|---|---|
| Kube Academy | https://kube.academy/ |
| kuernetes-101 | https://kube.academy/courses/kubernetes-101/ |
| Docs Home | https://kubernetes.io/docs/home/ |
| CKS CKA CKAD Simulator | https://killer.sh/ |
| udemy | https://www.udemy.com/topic/certified-kubernetes-administrator-cka/ |
| dev.to | https://dev.to/liptanbiswas/ckad-practice-questions-4mpn |
magnologan
/ copilot-risk-assessment.md
Created
July 14, 2021 03:35
— forked from 0xabad1dea/copilot-risk-assessment.md
Risk Assessment of GitHub Copilot
this is a rough draft and may be updated with more examples
GitHub was kind enough to grant me swift access to the Copilot test phase despite me @'ing them several hundred times about ICE. I would like to examine it not in terms of productivity, but security. How risky is it to allow an AI to write some or all of your code?
Ultimately, a human being must take responsibility for every line of code that is committed. AI should not be used for "responsibility washing." However, Copilot is a tool, and workers need their tools to be reliable. A carpenter doesn't have to
magnologan
/ malleable_c2_profiles
Created
July 22, 2021 13:59
— forked from MHaggis/malleable_c2_profiles
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| spawnto | |
| https://raw.githubusercontent.com/kphongagsorn/c2-profiles/29fe50eaad655ddd0028fca06a9c7785e3ffaf41/amazon.profile | |
| https://raw.githubusercontent.com/kvcallfield/Cobalt-Strike-C2-profiles/cae44634d57c0d8a099e50f6d4e9b73acaaab9d6/amazon2.profile | |
| https://raw.githubusercontent.com/KevinCooper/24AF-CyberChallenge/67f531777f7912c7129f633f43e06fba79c5f3e2/CobaltStrike/cobalt.profile | |
| https://raw.githubusercontent.com/webcoderz/agressor-scripts-/950064776853cf4dd7403d0f75b5306fe275fcc3/Malleable-C2-Profiles-master/APT/meterpreter.profile | |
| https://raw.githubusercontent.com/hadesangel/Malleable-C2-Profiles/390937aec01e0bcdaf23312277e96e57ac925f7b/APT/meterpreter.profile | |
| https://raw.githubusercontent.com/ianxtianxt/Malleable-C2-Profiles/07fd3b45c4166c9aecdcfa54cddc905c22f6ff85/APT/meterpreter.profile | |
| https://raw.githubusercontent.com/seclib/Malleable-C2-Profiles/390937aec01e0bcdaf23312277e96e57ac925f7b/APT/meterpreter.profile | |
| https://raw.githubusercontent.com/rsmudge/Malleable-C2-Profiles/390937aec01e0bcdaf2331227 |