mzet mzet-
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/bin/bash | |
| INPUT="$1" | |
| while read l; do | |
| IP=$(cut -d' ' -f2 <<< "$l"); | |
| httpPorts1=$(echo "$l" | grep -P -o '[0-9]{1,5}/open/tcp//http//.*?/') | |
| httpPorts2=$(echo "$l" | grep -P -o '[0-9]{1,5}/open/tcp//ssl\|http//.*?/') | |
| httpPorts3=$(echo "$l" | grep -P -o '[0-9]{1,5}/open/tcp//ssl\|https//.*?/') | |
| httpPorts4=$(echo "$l" | grep -P -o '[0-9]{1,5}/open/tcp//ssl\|https\?//.*?/') |
mzet-
/ tlsScrape.sh
Last active
May 21, 2021 10:24
Inspired by https://github.com/cheetz/sslScrape tool. Significantly shorter and slightly faster version.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| TARGETS="$1" | |
| PORT=443 | |
| # if file "$TARGETS" exists use its content as a target specification otherwise treat input as a cidr | |
| if [ -f "$TARGETS" ]; then | |
| IPs="$(masscan -oL - -iL "$TARGETS" -p "$PORT" 2>/dev/null | grep -v "^#.*" | cut -d' ' -f4)" | |
| else | |
| IPs="$(masscan -oL - "$TARGETS" -p "$PORT" 2>/dev/null | grep -v "^#.*" | cut -d' ' -f4)" |
mzet-
/ s3bucket-test.sh
Created
December 23, 2018 12:43
Simple script for testing S3 bucket issues based on this research: https://labs.detectify.com/2017/07/13/a-deep-dive-into-aws-s3-access-controls-taking-full-control-over-your-assets/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/bin/bash | |
| ## Testing approach | |
| # | |
| # 0. Idenitfy buckets (not covered in this script) | |
| # - those owned and used by the target | |
| # - those used by the target | |
| # 1. With list of buckets in hand check for common misconfigurations (test cases based on this research: https://labs.detectify.com/2017/07/13/a-deep-dive-into-aws-s3-access-controls-taking-full-control-over-your-assets/) | |
| # | |
| ## Theory | |
| # |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -----BEGIN PGP SIGNED MESSAGE----- | |
| Hash: SHA512 | |
| Date: 21.08.2017 | |
| For a number of reasons, I have recently set up a new OpenPGP key, | |
| and will be transitioning away from my old one. | |
| The old key will continue to be valid for some short time, but I prefer all | |
| future correspondence to come to the new one. I would also like this |
mzet-
/ gist:55ac82c671b2dfc30016
Created
November 12, 2015 21:47
Exploit for CVE-2014-3704 aka 'Drupageddon'
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| import requests | |
| from requests.exceptions import * | |
| import urllib | |
| import random | |
| import string | |
| import hashlib | |
| import base64 | |
| import re |