The following content is generated using a preview release of Swimlane's pyattck.
This snippet of data is scoped to the following actor groups:
- APT33
- APT34
- APT39
- Charming Kitten
prosecurity
prosecurity
/ st8out.sh
Created
May 18, 2020 18:37
— forked from dwisiswant0/st8out.sh
St8out - Extra one-liner for reconnaissance
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ##### | |
| # | |
| # St8out - Extra one-liner for reconnaissance | |
| # | |
| # Usage: ./st8out.sh target.com | |
| # | |
| # Resources: | |
| # - https://github.com/j3ssie/metabigor |
prosecurity
/ iranian_apit_groups_possible_commands.md
Created
February 21, 2020 22:17
— forked from MSAdministrator/iranian_apit_groups_possible_commands.md
Iranian APT Groups & Possible Commands Used By These Groups
prosecurity
/ phone-search.py
Created
February 12, 2020 15:58
— forked from DevonThomas/phone-search.py
OSINT Phone Search tool inspired by Michael Bazzell's previously public tool.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import webbrowser | |
| areaCode = input("What is the area code of the phone number? ") | |
| middle3 = input("What are the middle 3 digits? ") | |
| last4 = input("What are the last 4 digits? ") | |
| phoneNumber = str(areaCode) + str(middle3) + str(last4) | |
| fourOneOne = "https://www.411.com/phone/" + "1-" + str(areaCode) + "-" + str(middle3) + "-" + str(last4) | |
| webbrowser.open(fourOneOne) |
prosecurity
/ alexa.txt
Created
September 10, 2019 01:28
— forked from random-robbie/alexa.txt
alex top 500 dork
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| site:*.Google.com inurl:'&' | |
| site:*.Youtube.com inurl:'&' | |
| site:*.Facebook.com inurl:'&' | |
| site:*.Baidu.com inurl:'&' | |
| site:*.Wikipedia.org inurl:'&' | |
| site:*.Yahoo.com inurl:'&' | |
| site:*.Google.co.in inurl:'&' | |
| site:*.Amazon.com inurl:'&' | |
| site:*.Qq.com inurl:'&' | |
| site:*.Google.co.jp inurl:'&' |
prosecurity
/ [email protected]
Created
September 10, 2019 01:27
— forked from berzerk0/[email protected]
A Few WebApp File Upload Vulnerabilities Explained - CTF Writeup: Zorz
The official version is found at https://berzerk0.github.io/GitPage/CTF-Writeups/ZorZ-Vulnhub.html
This is "CTF" is more of a vulnerability sandbox than a true Capture the Flag challenge. However, it is a great way to explore some WebApp Upload vulnerabilities.
The VulnHub description says:
prosecurity
/ aq.sh
Created
September 10, 2019 00:58
— forked from random-robbie/aq.sh
aq put it in /bin/ and chmod 777 it
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| aquatone-discover -d $1 --threads 10 | |
| aquatone-scan -d $1 --ports huge --threads 10 | |
| DEBUG=nightmare xvfb-run -a aquatone-gather -d $1 --threads 10 | |
| aquatone-takeover -d $1 --threads 10 |
prosecurity
/ bucket_list.sh
Created
September 9, 2019 17:58
— forked from random-robbie/bucket_list.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "[*] Now Checking for Open S3 Buckets for listing dirs....[*]" | |
| aws s3 ls s3://$1 --acl public-read >/dev/null 2>/dev/null | |
| RESULT=$? | |
| if [ $RESULT -eq 0 ]; then | |
| echo "[*] Bucket has Dirlistings Enabled [*]" | |
| echo "[*] Bucket has Dirlistings Enabled https://$1.s3.amazonaws.com [*]" >> /home/tools/mass-bounty/s3-results/$1-dirlistings.txt |
prosecurity
/ bucket_upload.sh
Created
September 9, 2019 17:57
— forked from random-robbie/bucket_upload.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "[*] Now Checking for Open S3 Buckets to upload POC to....[*]" | |
| aws s3 cp poc.txt s3://$1 --acl public-read >/dev/null 2>/dev/null | |
| RESULT=$? | |
| if [ $RESULT -eq 0 ]; then | |
| echo "[*] POC Uploaded to https://$1.s3.amazonaws.com/poc.txt [*]" | |
| echo "[*] POC Uploaded to https://$l.s3.amazonaws.com/poc.txt [*]" >> /home/tools/mass-bounty/s3-results/$1-uploads.txt | |
| else |
prosecurity
/ bucket-takeover.sh
Created
September 9, 2019 17:57
— forked from random-robbie/bucket-takeover.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| aws s3api create-bucket --bucket $1 --acl public-read --region us-east-1 | |
| aws s3api put-bucket-website --bucket $1 --website-configuration file://redirect.json |
NewerOlder