queencitycyber
/ crlf_scan.py
Created
July 26, 2024 13:39
identify and exploit potential CRLF injection vulnerabilities in web applications
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ```python | |
| import asyncio | |
| import aiohttp | |
| from typing import List, Dict | |
| import click | |
| from rich.console import Console | |
| from rich.progress import Progress | |
| from rich.table import Table | |
| import json | |
| import re |
queencitycyber
/ cstiscan.py
Created
July 25, 2024 15:56
identify and exploit potential Client-Side Template Injection (CSTI) vulnerabilities in web applications
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import asyncio | |
| import aiohttp | |
| from typing import List | |
| import click | |
| from rich.console import Console | |
| from rich.progress import Progress | |
| from rich.table import Table | |
| from bs4 import BeautifulSoup | |
| import re |
queencitycyber
/ domclob.py
Created
July 25, 2024 12:58
identify and exploit potential DOM (Document Object Model) clobbering vulnerabilities in web applications
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import asyncio | |
| import aiohttp | |
| from typing import List | |
| import click | |
| from rich.console import Console | |
| from rich.progress import Progress | |
| from rich.table import Table | |
| from bs4 import BeautifulSoup | |
| import re | |
| import json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import asyncio | |
| import json | |
| import os | |
| import re | |
| from typing import List, Dict | |
| import aiohttp | |
| import click | |
| from bs4 import BeautifulSoup | |
| from rich.console import Console |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Directory path containing the JSON files | |
| directory="." | |
| # Print column titles | |
| # not pretty and doesn't scale well but who cares | |
| echo -e "URL\tStatus\tLength\tWords\tLines" | |
| # Iterate over each JSON file in the directory |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Turn HTML page into Markdown (.md) | |
| import requests | |
| import html2text | |
| def download_html(url): | |
| response = requests.get(url) | |
| return response.text | |
| def convert_to_markdown(html): |
queencitycyber
/ exparser.py
Created
January 21, 2023 19:37
dumb python script to parse exchanger output
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| parses impacket-exchanger output to put useful results in a table | |
| https://github.com/fortra/impacket/blob/master/examples/exchanger.py | |
| ''' | |
| import click | |
| from rich.console import Console | |
| from rich.table import Table | |
| import re |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| import argparse | |
| import http.server | |
| import socketserver | |
| import sys | |
| class ThreadedHTTPServer(socketserver.ThreadingMixIn, http.server.HTTPServer): | |
| pass | |
| def main(argv): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # source: https://github.com/rushter/blog_code/blob/master/ssh/check.py | |
| import logging | |
| import socket | |
| import sys | |
| import paramiko.auth_handler | |
| import requests | |
| import argparse | |
queencitycyber
/ hbh-header-abuse-test.py
Created
May 11, 2022 18:48
— forked from ndavison/hbh-header-abuse-test.py
Attempts to find hop-by-hop header abuse potential against the provided URL.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # github.com/ndavison | |
| import requests | |
| import random | |
| import string | |
| from argparse import ArgumentParser | |
| parser = ArgumentParser(description="Attempts to find hop-by-hop header abuse potential against the provided URL.") | |
| parser.add_argument("-u", "--url", help="URL to target (without query string)") |
NewerOlder