This document has references and notes from the OWASP Global AppSec 2024 talk; "GraphQL Exploitation: Secondary Context Attacks and Business Logic Vulnerabilities".
- Github: BuffaloWill
- LinkedIn: Will Vandevanter
BuffaloWill
/ Notes from GraphQL Exploitation: Secondary Context Attacks and Business Logic Vulnerabilities.md
Created
September 26, 2024 15:52
Notes from GraphQL Exploitation: Secondary Context Attacks and Business Logic Vulnerabilities
BuffaloWill
/ soft_404_check.py
Last active
June 7, 2022 18:25
Checks if the provided URL(s) are likely soft 404s
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| import sys | |
| import requests | |
| import soft404 | |
| ### | |
| # usage: | |
| # - The script prints the URL to stdout if it is unlikely to be a soft 404. |
BuffaloWill
/ file_extensions.txt
Created
April 19, 2019 16:00
File Extension Dictionary (decent) Bruteforcing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aw | |
| atom | |
| atomcat | |
| atomsvc | |
| ccxml | |
| cdmia | |
| cdmic | |
| cdmid | |
| cdmio | |
| cdmiq |
BuffaloWill
/ content-type-list.json
Created
April 19, 2019 15:58
File Content-Type Extension Bruteforce Dictionary (from https://raw.githubusercontent.com/stretchr/filetypes.js/master/src/filetypes.js)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| {"desc":"Andrew Toolkit","mime":["application/andrew-inset"],"ext":["N/A"]}, | |
| {"desc":"Applixware","mime":["application/applixware"],"ext":["aw"]}, | |
| {"desc":"Atom Syndication Format","mime":["application/atom+xml"],"ext":["atom"]}, | |
| {"desc":"Atom Publishing Protocol","mime":["application/atomcat+xml"],"ext":["atomcat"]}, | |
| {"desc":"Atom Publishing Protocol Service Document","mime":["application/atomsvc+xml"],"ext":["atomsvc"]}, | |
| {"desc":"Voice Browser Call Control","mime":["application/ccxml+xml,"],"ext":["ccxml"]}, | |
| {"desc":"Cloud Data Management Interface (CDMI) - Capability","mime":["application/cdmi-capability"],"ext":["cdmia"]}, | |
| {"desc":"Cloud Data Management Interface (CDMI) - Contaimer","mime":["application/cdmi-container"],"ext":["cdmic"]}, | |
| {"desc":"Cloud Data Management Interface (CDMI) - Domain","mime":["application/cdmi-domain"],"ext":["cdmid"]}, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # from https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types | |
| application/1d-interleaved-parityfec | |
| application/3gpdash-qoe-report+xml | |
| application/3gpp-ims+xml | |
| application/a2l | |
| application/activemessage | |
| application/alto-costmap+json | |
| application/alto-costmapfilter+json | |
| application/alto-directory+json |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| irb --simple-prompt --noecho | |
| require 'ipaddr' | |
| # RFC 1918 | |
| # 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 | |
| #IPAddr.new("10.0.0.0/8").to_range.to_a.each{ |ip| puts ip } | |
| #IPAddr.new("172.16.0.0/12").to_range.to_a.each{ |ip| puts ip } | |
| #IPAddr.new("192.168.0.0/16").to_range.to_a.each{ |ip| puts ip } | |
| # prints up to NUM ips from the range |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 00 | |
| 01 | |
| 02 | |
| 03 | |
| 04 | |
| 05 | |
| 06 | |
| 07 | |
| 08 | |
| 09 |
BuffaloWill
/ censys_cert_search.rb
Last active
September 1, 2021 16:34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/ruby | |
| # deps | |
| # gem install curb dnsruby | |
| # | |
| # might need on ubuntu: | |
| # sudo apt-get install libcurl4-openssl-dev | |
| require 'json' | |
| require 'curb' |
BuffaloWill
/ reset_pass.sh
Created
September 3, 2016 17:27
Reset Password for a User with Installed version
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| cmd=`basename $0` | |
| CWD=`pwd` | |
| SCRIPTDIR=/opt/Serpico/embedded/bin | |
| EMBEDDED=/opt/Serpico/embedded | |
| SERPDIR=/opt/Serpico/Serpico | |
| uname=$1 | |
| pass=$2 |
BuffaloWill
/ gist:c475a823c81b869a45848358c62e5624
Last active
June 6, 2017 16:59
Serpico Dockerfile
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Author: https://github.com/ncolyer-r7 | |
| FROM ubuntu:14.04 | |
| MAINTAINER Todo | |
| # Packages & Environment Variables | |
| ENV SRP_ROOT /Serpico | |
| ENV GEM /usr/local/rvm/rubies/ruby-2.1.5/bin/gem | |
| ENV BUILD_PACKAGES bash sudo curl vim git gawk g++ gcc make libc6-dev libreadline6-dev zlib1g-dev libssl-dev libyaml-dev libsqlite3-dev sqlite3 autoconf libgmp-dev libgdbm-dev libncurses5-dev automake libtool bison pkg-config libffi-dev |
NewerOlder