Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

Stars: ✭ 131 (-17.61%)

Mutual labels: bugbounty

Bug Hunting Colab

A Colab For Bug Hunting!

Stars: ✭ 147 (-7.55%)

Mutual labels: bugbounty

Review Reporter

Bot for reporting Google Play Reviews on Slack with possibility to fast reply and creating Jira issues from low rating reviews.

Stars: ✭ 135 (-15.09%)

Mutual labels: jira

Xss Payload List

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Stars: ✭ 2,617 (+1545.91%)

Mutual labels: bugbounty

Asnip

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

Stars: ✭ 126 (-20.75%)

Mutual labels: bugbounty

Rescope

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

Stars: ✭ 156 (-1.89%)

Mutual labels: bugbounty

Metrogit

A git visualization tool that's more than just git

Stars: ✭ 152 (-4.4%)

Mutual labels: jira

Jiracli

Simple command line interface for Jira

Stars: ✭ 145 (-8.81%)

Mutual labels: jira

Bbr

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

Stars: ✭ 142 (-10.69%)

Mutual labels: bugbounty

Chyle

Changelog generator : use a git repository and various data sources and publish the result on external services

Stars: ✭ 137 (-13.84%)

Mutual labels: jira

Jira Plugin

Jenkins jira plugin

Stars: ✭ 150 (-5.66%)

Mutual labels: jira

Nosqlmap

Automated NoSQL database enumeration and web application exploitation tool.

Stars: ✭ 1,928 (+1112.58%)

Mutual labels: bugbounty

Awesome Bugbounty Writeups

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Stars: ✭ 2,429 (+1427.67%)

Mutual labels: bugbounty

Awesome Mobile Security

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Stars: ✭ 1,837 (+1055.35%)

Mutual labels: bugbounty

Autosetup

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.

Stars: ✭ 140 (-11.95%)

Mutual labels: bugbounty

Proof Of Concepts

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

Stars: ✭ 148 (-6.92%)

Mutual labels: bugbounty

Openmrs Contrib Android Client

Android client for OpenMRS

Stars: ✭ 157 (-1.26%)

Mutual labels: jira

Di.we.h

Repositório com conteúdo sobre web hacking em português

Stars: ✭ 156 (-1.89%)

Mutual labels: bugbounty

View All Similar Projects ➔

Jira-Scan

ONLY TESTED WITH PYTHON 3

Provide a list of websites to test with out the http or https and this will test each one for the SSRF vun.

CVE-2017-9506

The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).

According to the Atlassian Jira the following versions are vulnerable:

Jira < 7.3.5

Overview of SSRF

In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. The attacker can supply or a modify a URL which the code running on the server will read or submit data to, and by carefully selecting the URLs, the attacker may be able to read server configuration such as AWS metadata, connect to internal services like http enabled databases or perform post requests towards internal services which are not intended to be exposed.

Description

The target application may have functionality for importing data from a URL, publishing data to a URL or otherwise reading data from a URL that can be tampered with. The attacker modifies the calls to this functionality by supplying a completely different URL or by manipulating how URLs are built (path traversal etc.).

When the manipulated request goes to the server, the server-side code picks up the manipulated URL and tries to read data to the manipulated URL. By selecting target URLs the attacker may be able to read data from services that are not directly exposed on the internet:

Cloud server meta-data - Cloud services such as AWS provide a REST interface on http://169.254.169.254/latest/meta-data/ where important configuration and sometimes even authentication keys can be extracted

Database HTTP interfaces - NoSQL database such as MongoDB provide REST interfaces on HTTP ports. Docker and Kubetnetes - if the local ports are exposed internally an attacker can create / delete pods & containers and retrive other secrets.

If the database is expected to only be available to internally, authentication may be disabled and the attacker can extract data Internal REST interfaces

Files - The attacker may be able to read files using file:// URIs The attacker may also use this functionality to import untrusted data into code that expects to only read data from trusted sources, and as such circumvent input validation.

Fun SSRF Payloads to try....

AWS - IAM role will leak AWS key

http://169.254.169.254/latest/meta-data/

Alibaba

http://100.100.100.200/latest/meta-data/

Docker - List Containers

http://127.0.0.1:2375/v1.24/containers/json

Kubernetes ETCD - Can contain API keys and internal ip and ports

http://127.0.0.1:2379/v2/keys/?recursive=true

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 159

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗