| #!/bin/bash | |
| echo "[+] Installing scanners block rules with logging..." | |
| LOGTAG="SCANNERS_BLOCK" | |
| ######################################## | |
| # Censys IPv4 ranges | |
| ######################################## | |
| CENSYS_V4=( |
| #!/usr/bin/env python3 | |
| # -*- coding: utf-8 -*- | |
| from pwn import * | |
| import sys | |
| import os | |
| # ==================== CONFIGURAÇÃO DO EXPLOIT ==================== | |
| class HeapExploit: | |
| def __init__(self, binary_path, libc_path=None, remote_host=None, remote_port=None): |
| pag. | |
| pagamento. | |
| buy. | |
| registro. | |
| registra. | |
| registrado. | |
| registrar. | |
| compra. | |
| pay. | |
| day. |
A regex collection to help quickly perform static analysis on decompiled Android APKs. Designed for detection of security controls (root / tamper / hooking), secrets, Raw SQL usage, Native library, WebView configurations, and more.
Usage: Decompile the APK, and search using these regex patterns to quickly locate relevant code.
Regex:
| import frida | |
| import sys | |
| def on_message(message, data): | |
| if message['type'] == 'send': | |
| print(message['payload']) | |
| elif message['type'] == 'error': | |
| print(message['stack']) | |
| else: | |
| print(message) |
| if [ $# != 2 ]; then | |
| echo "Usage: $0 /path/to/input_ipa /path/to/output_ipa" | |
| exit 1 | |
| fi | |
| if ! [ -f $1 ]; then | |
| echo "'$1' does not exist" | |
| exit 1 | |
| fi |
| #!/bin/sh | |
| # func to do the search w/ curl | |
| # syntax `perform_search anti-fur_APIKEY gh_APIKEYAPIKEYAPIKEY` | |
| perform_search() { | |
| local search_term="$1" | |
| local api_key="$2" | |
| curl -s -H "Authorization: token $api_key" "https://api.github.com/search/repositories?q=$search_term" | jq '.items[].html_url' | |
| } |
| WordPress: /wp-admin | |
| Drupal: /admin | |
| Joomla: /administrator | |
| Magento: /admin | |
| Concrete5: /dashboard | |
| SilverStripe: /admin | |
| Textpattern: /textpattern | |
| MODX: /manager | |
| Radiant CMS: /admin | |
| Contao: /contao |
| #!/usr/bin/env python3 | |
| ''' | |
| Greetings bug-slaying brothers of the pythonian blood. This script takes my httpx output after slamming in a bunch of subdomains | |
| and organizes it so its a bit easier to read and work with. | |
| The HTTPX payload I use first is: | |
| httpx -sc -cl -title -bp -server -td -ip -cname -asn -cdn -vhost -fhr | anew httpx-quicc | |
| This script will organize the data by status code and then from smallest to largest for each status code |
| #!/usr/bin/env python3 | |
| ''' | |
| Get the excellent GoLinkFinder tool via github.com/0xsha/GoLinkFinder | |
| ... based on my boy here: https://github.com/GerbenJavado/LinkFinder | |
| Anyways, this gives an excellent clean and parsed output after running GoLinkFinder on a gang of urls. | |
| use this like: | |
| python3 golinkfinderx.py urls.txt | |
| ''' |