Chase Jensen ruevaughn

🧰 DEFCON29 Recon Village Resources

Talks videos 🎬 Watch here

Tips & advice related to GitHub specific features of git, gpg, and development.

	Logo
	Aravo
	Assess your third parties at scale with SecurityScorecard insights in Aravo.


	Logo
	CFGI
	CFGI delivers 'Security Risk Monitoring Services' to clients to improve their security posture and to continuously monitor third parties.

	git clone --recursive https://github.com/screetsec/Sudomy.git
	git clone https://bitbucket.org/LaNMaSteR53/recon-ng.git
	git clone https://github.com/0ang3el/aem-hacker.git
	git clone https://github.com/0xinfection/tidos-framework.git
	git clone https://github.com/1N3/BlackWidow.git
	git clone https://github.com/1N3/Goohak.git
	git clone https://github.com/1N3/IntruderPayloads
	git clone https://github.com/1N3/Sn1per.git
	git clone https://github.com/Alfresco/prowler.git
	git clone https://github.com/Arr0way/linux-local-enumeration-script.git

	../wiki/ImageDatabaseSummary.md
	./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
	/..
	/...
	/../
	/.DS_Store
	/.codepushrelease
	/0-.
	/10000000
	/3-

	https://medium.com/android-news/hacking-android-app-with-frida-a85516f4f8b7
	https://cmrodriguez.me/blog/frida-scripting-guide/
	https://notsosecure.com/pentesting-android-apps-using-frida/
	https://11x256.github.io/Frida-hooking-android-part-1
	https://payatu.com/blog/amit/Getting%20_started_with_Frida
	https://zhuanlan.zhihu.com/p/157604388
	https://corellium.com/blog/android-frida-finding-hooks
	https://frida.re/docs/javascript-api/
	https://www.fatalerrors.org/a/java-runtime-for-advanced-usage-of-frida-hook-android-app.html
	https://www.nowsecure.com/blog/2017/04/27/owasp-ios-crackme-tutorial-frida/

	wget https://gist.githubusercontent.com/nullenc0de/bb16be959686295b3b1caff519cc3e05/raw/2016dc0e692821ec045edd5ae5c0aba5ec9ec3f1/api-linkfinder.yaml
	echo https://stripe.com/docs/api \| hakrawler -t 500 -d 10 \|nuclei -t ./linkfinder.yaml -o api.txt
	cat api.txt \|grep url_params \|cut -d ' ' -f 7 \|tr , '\n' \| tr ] '\n' \| tr [ '\n' \|tr -d '"' \|tr -d "'" \|sort -u > api_params.txt
	cat api.txt \|grep relative_links \|cut -d ' ' -f 7 \|tr , '\n' \| tr ] '\n' \| tr [ '\n' \|tr -d '"' \|tr -d "'" \|sort -u > api_link_finder.txt

	FROM ubuntu:20.04

	ENV TZ Europe/Berlin
	RUN DEBIAN_FRONTEND="noninteractive" && \
	apt-get update && \
	apt-get upgrade -y && \
	apt-get autoclean -y && \
	apt-get autoremove -y && \
	apt-get install -y sudo apt-utils tzdata && \
	dpkg-reconfigure --frontend noninteractive tzdata && \

	import json, boto3
	import ast
	import urllib.request
	import pandas as pd
	import numpy as np
	import brevityscope.scope
	import brevityprogram.programs

	def lambda_handler(event, context):

	#!/bin/bash
	#Requirements: KXSS(https://github.com/Emoe/kxss), Dalfox (https://github.com/hahwul/dalfox), QSreplace(https://github.com/tomnomnom/qsreplace)
	#Preparation: subfinder -d target.tld -all -silent \| httpx -silent \| gauplus --random-agent -b eot,jpg,jpeg,gif,css,tif,tiff,png,ttf,otf,woff,woff2,ico,pdf,svg,txt -t 100 -o params.txt && cat params.txt \| gf xss \| sed "s/'/ /g" \| sed "s/(/ /g" \| sed "s/)/ /g" \| qsreplace "FUZZ" 2> /dev/null \| anew -q testparams.txt
	#Usage: ./inxss.sh testparams.txt target.tld
	lists=$1
	mkout=$(echo -e "$2_$(date +%F_%H_%M_%S)")
	mkdir -p $mkout
	echo -e "Total $(cat $1 \| wc -l) targets loaded"
	sleep 6s
	echo -e "[$(date +"%F %H:%M:%S")] Starting scan..."