vitalysim / awesome-hacking-resources Goto Github PK

Challenge Land redirects to tradebrains.in.

The website BadBinaries is not responding.

s/pentetration/penetration in "A collection of hacking / pentetration testing resources to make you better!" ?

Please mark forums based on their formality. You have two in there that are circle-jerk dumpster fires.

I was wondering if this resource listing, especially in terms of the tools list, is specific to open source software or if we could include proprietary/closed source software in the listing.

LOL srsly?

local http = require "http"
local httpspider = require "httpspider"
local shortport = require "shortport"
local stdnse = require "stdnse"
local table = require "table"
local url = require "url"

description = [[
Spiders a website and attempts to identify output escaping problems
where content is reflected back to the user. This script locates all
parameters, ?x=foo&y=bar and checks if the values are reflected on the
page. If they are indeed reflected, the script will try to insert
ghz>hzx"zxc'xcv and check which (if any) characters were reflected
back onto the page without proper html escaping. This is an
indication of potential XSS vulnerability.
]]

-- @Usage
-- nmap --script=http-unsafe-output-escaping

-- @output
-- PORT STATE SERVICE REASON
-- | http-unsafe-output-escaping:
-- | Characters [> " '] reflected in parameter kalle at http://foobar.gazonk.se/xss.php?foo=bar&kalle=john
-- |_ Characters [> " '] reflected in parameter foo at http://foobar.gazonk.se/xss.php?foo=bar&kalle=john

-- @Args http-unsafe-output-escaping.maxdepth the maximum amount of directories beneath
-- the initial url to spider. A negative value disables the limit.
-- (default: 3)
-- @Args http-unsafe-output-escaping.maxpagecount the maximum amount of pages to visit.
-- A negative value disables the limit (default: 20)
-- @Args http-unsafe-output-escaping.url the url to start spidering. This is a URL
-- relative to the scanned host eg. /default.html (default: /)
-- @Args http-unsafe-output-escaping.withinhost only spider URLs within the same host.
-- (default: true)
-- @Args http-unsafe-output-escaping.withindomain only spider URLs within the same
-- domain. This widens the scope from withinhost and can
-- not be used in combination. (default: false)

-- @see http-dombased-xss.nse
-- @see http-stored-xss.nse
-- @see http-phpself-xss.nse
-- @see http-xssed.nse

author = "Martin Holst Swende"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"discovery", "intrusive"}

portrule = shortport.http

local dbg = stdnse.debug2

local function getHostPort(parsed)
return parsed.host, parsed.port or url.get_default_port(parsed.scheme)
end

local function getReflected(parsed, r)
local reflected_values,not_reflected_values = {},{}
local count = 0
-- Now, we need to check the parameters and keys
local q = url.parse_query(parsed.query)
-- Check the values (and keys) and see if they are reflected in the page
for k,v in pairs(q) do
if r.response.body and r.response.body:find(v, 1, true) then
dbg("Reflected content %s=%s", k,v)
reflected_values[k] = v
count = count +1
else
not_reflected_values[k] = v
end
end
if count > 0 then
return reflected_values,not_reflected_values,q
end
end

local function addPayload(v)
return v.."ghz>hzx"zxc'xcv"
end

local function createMinedLinks(reflected_values, all_values)
local new_links = {}
for k,v in pairs(reflected_values) do
-- First of all, add the payload to the reflected param
local urlParams = { [k] = addPayload(v)}
for k2,v2 in pairs(all_values) do
if k2 ~= k then
urlParams[k2] = v2
end
end
new_links[k] = url.build_query(urlParams)
end
return new_links
end

local function locatePayloads(response)
local results = {}
if response.body:find("ghz>hzx") then table.insert(results,">") end
if response.body:find('hzx"zxc') then table.insert(results,'"') end
if response.body:find("zxc'xcv") then table.insert(results,"'") end
return #results > 0 and results
end

local function visitLinks(host, port,parsed,new_links, results,original_url)
for k,query in pairs(new_links) do
local ppath = url.parse_path(parsed.path or "")
local url = url.build_path(ppath)
if parsed.params then url = url .. ";" .. parsed.params end
url = url .. "?" .. query
dbg("Url to visit: %s", url)
local response = http.get(host, port, url)
local result = locatePayloads(response)
if result then
table.insert(results, ("Characters [%s] reflected in parameter %s at %s"):format(table.concat(result," "),k, original_url))
end
end
end

action = function(host, port)

local crawler = httpspider.Crawler:new(host, port, nil, { scriptname = SCRIPT_NAME } )
crawler:set_timeout(10000)

local results = {}
while(true) do
local status, r = crawler:crawl()
-- if the crawler fails it can be due to a number of different reasons
-- most of them are "legitimate" and should not be reason to abort
if ( not(status) ) then
if ( r.err ) then
return stdnse.format_output(false, r.reason)
else
break
end
end

-- parse the returned url
local parsed = url.parse(tostring(r.url))
-- We are only interested in links which have parameters
if parsed.query and #parsed.query > 0 then
  local host, port = getHostPort(parsed)
  local reflected_values,not_reflected_values,all_values = getReflected(parsed, r)


  -- Now,were any reflected ?
  if  reflected_values then
    -- Ok, create new links with payloads in the reflected slots
    local new_links = createMinedLinks(reflected_values, all_values)

    -- Now, if we had 2 reflected values, we should have 2 new links to fetch
    visitLinks(host, port,parsed, new_links, results,tostring(r.url))
  end
end

end
if ( #results> 0 ) then
return stdnse.format_output(true, results)
end
end

If it is possible, could you please add following vulnerable app in Vulnerable Web Application?
https://github.com/anil-yelken/Vulnerable-Soap-Service
https://github.com/anil-yelken/Vulnerable-Flask-App

Seems like the free 32 labs are no longer availible.

Should probably remove it from the resource list

in progress

Clicking on the Link on line 46 redirects to a domain name registrar. The site does seem to no longer be up and running. I therefore suggest its removal from this repo

I'll be going through README.md again today and scanning for typos, I noticed a few this morning..

Will fix and do a pull request soon.

Both the login and register links are broken, confirmed on various browsers,

These three tools definitely belong on your list.

• Pwntools: Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible (https://pwntools.com)
• Pwndbg: Pwndbg is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers. (https://pwndbg.com)
• GEF: GEF is a set of commands for x86/64, ARM, MIPS, PowerPC and SPARC to assist exploit developers and reverse-engineers when using old school GDB. It provides additional features to GDB using the Python API to assist during the process of dynamic analysis and exploit development. (https://github.com/hugsy/gef)

I propose this one should be removed from the list, the channel only has 1 video.

Forgot to create a pull request(Added links/sources on recon tab of the content).You can remove changes I made if you want,I can do a pull request later.

This repository is really nice, but I think that its usefulness would be much improved if there was a really short description accompanying the links.

Right now one has to open all the links and investigate there to know what it is about.