Skip to content

Instantly share code, notes, and snippets.

View nullenc0de's full-sized avatar

nullenc0de

221 followers · 0 following
View GitHub Profile
@nullenc0de
nullenc0de / Runbook
Created November 8, 2024 17:11
NetExec Runbook
# NetExec Runbook
## No Authentication (Anonymous)
### NFS Enumeration
```bash
netexec nfs TARGET_HOST -u "" -p "" --shares
netexec nfs TARGET_HOST -u "" -p "" --enum-shares
```
@nullenc0de
nullenc0de / prototype-pollution-gadget-detector.yaml
Created October 25, 2024 16:19
id: prototype-pollution-gadget-detector
info:
name: Prototype Pollution Gadget Detector
author: nullenc0de
severity: high
description: |
Detects potential prototype pollution gadgets in web applications that could lead to SSRF, RCE or information disclosure.
# References for the issue
reference:
@nullenc0de
nullenc0de / services.json
Last active October 24, 2024 13:05
misconfig-mapper -target "canva" -service "*" -headers "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" -delay 1000 -timeout 10000 |grep "Service:"
[
{
"id": 0,
"request": {
"method": "GET",
"baseURL": "https://{TARGET}.atlassian.net",
"path": [
"/secure/Signup!default.jspa"
],
"body": null
@nullenc0de
nullenc0de / openapi_summary.py
Created September 23, 2024 18:12
import json
import sys
from collections import Counter
def analyze_openapi_spec(spec):
endpoint_count = 0
request_count = 0
endpoints = []
method_counts = Counter()
parameter_counts = Counter()
@nullenc0de
nullenc0de / CVE-2024-38063.py
Created August 16, 2024 14:02
class IPv6Packet:
def __init__(self, main_header_length, extension_headers):
self.main_header_length = main_header_length
self.extension_headers = extension_headers
def process_packet(packet):
total_length = packet.main_header_length
# Vulnerable loop: doesn't check for integer underflow
for header_length in packet.extension_headers:
@nullenc0de
nullenc0de / suspicious-extensions-rce.yaml
Created August 16, 2024 13:21
id: suspicious-extensions-rce
info:
name: Suspicious File Extensions - Potential RCE
author: Nullenc0de
severity: medium
description: Detects files with potentially suspicious extensions that could be used for Remote Code Execution (RCE). Scan your AppData folder.
file:
- extensions:
@nullenc0de
nullenc0de / jumpproxy.sh
Created August 15, 2024 18:52
need access to an internal host for nessus.
#!/bin/bash
# Configuration
LOCAL_PORT=8834
JUMP_SERVER="[email protected]"
JUMP_KEY="./ssh.pem"
NESSUS_SERVER="[email protected]"
NESSUS_KEY="./ssh.pem"
NESSUS_PORT=8834
@nullenc0de
nullenc0de / aws-cognito-misconfiguration-markers.yaml
Created July 26, 2024 20:45
id: aws-cognito-misconfiguration-markers
info:
name: AWS Cognito Misconfiguration Markers
author: nullenc0de
severity: high
description: Detects potential AWS Cognito misconfigurations by searching for sensitive markers in JavaScript files.
reference: https://www.yassineaboukir.com/talks/NahamConEU2022.pdf
tags: aws,cognito,misconfiguration,javascript
@nullenc0de
nullenc0de / cloudflare
Created July 24, 2024 18:15
Cloudflare rules
(ip.src in {
4.0.0.0/8
9.0.0.0/8
13.0.0.0/8
20.0.0.0/8
23.96.0.0/13
40.0.0.0/8
51.0.0.0/8
52.0.0.0/8
57.0.0.0/8
@nullenc0de
nullenc0de / auto.sh
Last active June 16, 2024 02:51
bash -c "$(curl -fsSL https://gist.githubusercontent.com/nullenc0de/a14866ef55454abc6138d1d8afb08866/raw/ee5a5ef90440be0c7c0234199eabc51f16ebffc3/auto.sh)"
#!/bin/bash
# Function to add items to the todo list
add_to_todo() {
local item="$1"
echo "$item" >> "${folder_name}/todo.txt"
}
# Function to send alerts via webhook
send_alert() {