websecresearch
websecresearch
/ connection-state-attack.bambda
Created
October 21, 2025 20:09
— forked from albinowax/connection-state-attack.bambda
Connection state attack Custom Action for Burp Repeater
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // For context check out https://portswigger.net/web-security/host-header/exploiting#connection-state-attacks | |
| var connectionId = utilities().randomUtils().randomString(8); | |
| var options = RequestOptions.requestOptions().withConnectionId(connectionId).withHttpMode(HttpMode.HTTP_1); | |
| // Send a simple GET / HTTP/1.1 to the target as the precusor request | |
| var url = requestResponse.request().url(); | |
| var precursorRequest = HttpRequest.httpRequestFromUrl(url); | |
| precursorRequest = precursorRequest.withPath("/").withHeader("Connection", "keep-alive"); | |
| // Send the attack in the repeater, and update the response pane |
websecresearch
/ get-shodan-favicon-hash.py
Created
July 8, 2020 15:54
— forked from yehgdotnet/get-shodan-favicon-hash.py
Get Shodan FAVICON Hash
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://twitter.com/brsn76945860/status/1171233054951501824 | |
| pip install mmh3 | |
| ----------------------------- | |
| # python 2 | |
| import mmh3 | |
| import requests | |
| response = requests.get('https://cybersecurity.wtf/favicon.ico') | |
| favicon = response.content.encode('base64') |
websecresearch
/ HezarSploit.py
Created
July 8, 2020 15:50
— forked from Voorivex/HezarSploit.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # -*- coding: utf-8 -*- | |
| import ssl | |
| import socket | |
| import os | |
| import sys | |
| from argparse import ArgumentParser | |
| from argparse import RawTextHelpFormatter | |
| from threading import Thread |
websecresearch
/ bountyscan_setup.sh
Created
January 29, 2020 15:04
— forked from jhaddix/bountyscan_setup.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| export DEBIAN_FRONTEND=noninteractive; | |
| echo "[*] Starting Install... [*]" | |
| echo "[*] Upgrade installed packages to latest [*]" | |
| echo -e "\nRunning a package upgrade...\n" | |
| apt-get -qq update && apt-get -qq dist-upgrade -y | |
| apt full-upgrade -y | |
| apt-get autoclean | |
| echo "[*] Install stuff I use all the time [*]" |
websecresearch
/ Github bash generated search links (from hunter.sh)
Created
January 29, 2020 13:41
— forked from jhaddix/Github bash generated search links (from hunter.sh)
Github bash generated search links (from hunter.sh)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "" | |
| echo "************ Github Dork Links (must be logged in) *******************" | |
| echo "" | |
| echo " password" | |
| echo "https://github.com/search?q=%22$1%22+password&type=Code" | |
| echo "https://github.com/search?q=%22$without_suffix%22+password&type=Code" | |
| echo "" | |
| echo " npmrc _auth" |
websecresearch
/ params.txt
Created
January 29, 2020 13:41
— forked from random-robbie/params.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | |
| 1 | |
| 11 | |
| 12 | |
| 13 | |
| 14 | |
| 15 | |
| 16 | |
| 17 | |
| 2 |
websecresearch
/ cors.txt
Created
January 29, 2020 13:41
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Issue detected : CORS misconfiguration amazonlive-portal.amazon.com Payload Send Origin response contains Access-Control-Allow-Origin: null | |
| Issue detected : CORS misconfiguration amazonlive-portal.amazon.com Payload Send Origin response contains Access-Control-Allow-Origin: https://doesnot.exists | |
| Issue detected : CORS misconfiguration dexr.amazon.com Payload Send Origin response contains Access-Control-Allow-Origin: null | |
| Issue detected : CORS misconfiguration dexr.amazon.com Payload Send Origin response contains Access-Control-Allow-Origin: https://doesnot.exists | |
| Issue detected : CORS misconfiguration internal.campfire.amazon.com Payload Send Origin response contains Access-Control-Allow-Origin: null | |
| Issue detected : CORS misconfiguration internal-gamma.campfire.amazon.com Payload Send Origin response contains Access-Control-Allow-Origin: null | |
| Issue detected : CORS misconfiguration internal.campfire.amazon.com Payload Send Origin response contains Access-Control-Allow-Origin: https://doesnot.exists | |
| Issue dete |
websecresearch
/ null-find.sh
Created
January 29, 2020 13:41
— forked from random-robbie/null-find.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| wget https://gist.github.com/jhaddix/86a06c5dc309d08580a018c66354a056/raw/96f4e51d96b2203f19f6381c8c545b278eaa0837/all.txt | |
| amass enum -config config.ini -brute -w all.txt | |
| wget https://gist.github.com/nullenc0de/96fb9e934fc16415fbda2f83f08b28e7/raw/146f367110973250785ced348455dc5173842ee4/content_discovery_nullenc0de.txt | |
| gobuster -u http://example.com -w content_discovery_nullenc0de.txt |
websecresearch
/ content_nullenc0de.txt
Created
January 29, 2020 13:41
— forked from random-robbie/content_nullenc0de.txt
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| !.gitignore | |
| !.htaccess | |
| !.htpasswd | |
| !access_setup.asp | |
| !Admin | |
| !archiv | |
| !Archive | |
| !backup | |
| !bin/ads/google | |
| !c.php |
websecresearch
/ Dockerfile
Created
January 29, 2020 13:41
— forked from random-robbie/Dockerfile
Burp Browser Docker
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM ubuntu:latest | |
| ENV DEBIAN_FRONTEND noninteractive | |
| RUN apt-get update -y && \ | |
| apt-get install -y \ | |
| git \ | |
| xvfb \ | |
| x11vnc \ | |
| wget \ |
NewerOlder