↳ https://blog.spoock.com/2019/04/20/jdwp-rce/
…
from Hack+ http://bit.ly/2WyYg66
via IFTTT
↳ https://github.com/woj-ciech/LeakLooker
LeakLooker Find open databases with Shodan Background: https://medium.com/@woj_ciech/leaklooker-find-open-databases-in-a-second-9da4249c8472 Requirements: Python 3 Shodan paid plan, except Kibana search Put your Shodan API key in line 65 pip3 install shodan pip3 install colorama pip3 install hurry….
↳ https://github.com/wcventure/FuzzingPaper
Abstract: Side-channel attacks allow an adversary to uncover secret program data by observing the behavior of a program with respect to a resource, such as execution time, consumed memory or response size….
↳ https://github.com/streaak/keyhacks#AWS-Access-Key-ID-and-Secret
KeyHacks shows ways in which particular API keys found on a Bug Bounty Program can be used, to check if they are valid. If the below command returns missing_text_or_fallback_or_attachments, it means that the URL is valid, any other responses would mean that the URL is invalid….
↳ https://deadcode.me/blog/2016/09/02/Blind-Java-Deserialization-Commons-Gadgets.html
TL;DR: Exploitation of Java Deserialization vulnerability in restricted environments (firewalled system, updated Java). Technique similar to blind SQL injection enables to extract data from the target system (read files, properties, env vars)….
↳ https://github.com/oliverrickfors/param-extract
White box testing script to find and try all web URI paramters found in backend code….