gabemarshall / brosec Goto Github PK
View Code? Open in Web Editor NEWBrosec - An interactive reference tool to help security professionals utilize useful payloads and commands.
Brosec - An interactive reference tool to help security professionals utilize useful payloads and commands.
Using latest debian testing, brosec does not copy the output in clipboard, so i have to select it myself and copy it each time. Thats how it goes :
`4. Obtain a TTY via Python
=> python -c 'import pty;pty.spawn("/bin/bash")'
Choose a payload: (1-4) or enter "back" to return to the main menu: 4
python -c 'import pty;pty.spawn("/bin/bash")'`
So it just write it in terminal after i choose it, instead of copying it.
Template Literal is fastest, smallest and simplest template engine, because it use JS's literal template feature.
It's 55 times faster than EJS, and it also use less CPU and RAM ressources, so it may be a good idea to use it instead of EJS ๐
Hi,
Is there a way to 'back' to main menu for Mac OS X(El capitan)? Delete or FN + Delete is not working.
Wonderful utility! 10/10!
If you are up to it, maybe consider adding metasploit payloads as well? http://netsec.ws/?p=331
If not, close this issue as you like
Cheers!
I see that many of the payloads
have been inspired by resources in SecLists.
What if we can seed a local MongoDB or SQLite with all the payloads from SecLists upon initialization of brosec
; that way the user would have a comprehensive list of payloads, rather than just a select few?
When prompted to open a netcat listener with text "(Y/n)" hitting enter doesn't seem to default to yes, despite prompt saying so with the capital Y convention.
Choose a payload: (1-5) or enter "back" to return to the main menu: 1
Enter the type of shell to use (/bin/sh, cmd.exe, etc: :: /bin/sh/
Should I start a netcat listener for you? (Y/n) :: ::
How do you feel about using Standard?
Advantages:
/Users/jumpman/Desktop/Dev/Security/Brosec/payloads/injection.js:52
returnToPrepare(result.)
^
TypeError: Cannot read property '' of undefined
at /Users/jumpman/Desktop/Dev/Security/Brosec/payloads/injection.js:52:26
This app needs a flag finding regex. Would use, A+++++.
...maybe even a section of useful regex for pentesting, you know?
I notice that HTTP is occasionally the only (easy) outgoing method that I have on some engagements. It would be nice if the bros http server supported a very basic multipart/form-data with file picking functionality for exfiltration purposes.
While this isn't supported out of the box by SimpleHTTPServer by default, here is an example - https://gist.github.com/3346170
Node specific references:
https://howtonode.org/really-simple-file-uploads
https://github.com/expressjs/multer
Colors such as gray don't show up on particular configurations. I use http://ethanschoonover.com/solarized for example and can't see certain text.
Note that 'help' and '(1-5):' don't appear unless highlighted.
After it emits -"Output copied to clipboard", what is the the next step? I have set RHOST, RPORT, LHOST, LPORT, USER and PATH but failed to understand how these can be useful to attack the remote IP?
The text given is not exactly clear in what it is asking and what it expects as input.
Enter the type of shell to use (/bin/sh, cmd.exe, etc: ::
Additionally, there is no closing parenthesis.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.