GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → sinsinology → Priest

sinsinology / Priest

Licence: other
Extract server and IP address information from Browser SSRF

Programming Languages

python
139335 projects - #7 most used programming language
HTML
75241 projects

Labels

reconbugbountyssrfbugbounty-toolssrf-payload

Projects that are alternatives of or similar to Priest

Reconky-Automated Bash Script
Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
Stars: ✭ 167 (+1184.62%)
Mutual labels:  recon, bugbounty, bugbounty-tool
SubWalker
Simultaneously execute various subdomain enumeration tools and aggregate results.
Stars: ✭ 26 (+100%)
Mutual labels:  recon, bugbounty
OffensiveCloudDistribution
Leverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.
Stars: ✭ 86 (+561.54%)
Mutual labels:  recon, bugbounty
osmedeus-workflow
Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own
Stars: ✭ 26 (+100%)
Mutual labels:  recon, bugbounty
Passivehunter
Subdomain discovery using the power of 'The Rapid7 Project Sonar datasets'
Stars: ✭ 83 (+538.46%)
Mutual labels:  bugbounty, bugbounty-tool
continuous-nuclei
Running nuclei Continuously
Stars: ✭ 45 (+246.15%)
Mutual labels:  bugbounty, bugbounty-tool
Payloads
Payload Arsenal for Pentration Tester and Bug Bounty Hunters
Stars: ✭ 421 (+3138.46%)
Mutual labels:  bugbounty, bugbounty-tool
AttackSurfaceManagement
Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Stars: ✭ 45 (+246.15%)
Mutual labels:  bugbounty, bugbounty-tool
reconness-agents
Reconness Agents Script
Stars: ✭ 25 (+92.31%)
Mutual labels:  recon, bugbounty
Eagle
Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
Stars: ✭ 85 (+553.85%)
Mutual labels:  bugbounty, ssrf
targets
A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.
Stars: ✭ 85 (+553.85%)
Mutual labels:  recon, bugbounty
DeadDNS
DNS hijacking via dead records automation tool
Stars: ✭ 44 (+238.46%)
Mutual labels:  bugbounty, bugbounty-tool
bulkssrf
Tests for SSRF by injecting a specified location into different headers. This is a Rust port of m4ll0k's tool.
Stars: ✭ 35 (+169.23%)
Mutual labels:  ssrf, bugbounty-tool
sub404
A python tool to check subdomain takeover vulnerability
Stars: ✭ 205 (+1476.92%)
Mutual labels:  bugbounty, bugbounty-tool
Virtual-Host
Modified Nuclei Templates Version to FUZZ Host Header
Stars: ✭ 38 (+192.31%)
Mutual labels:  bugbounty, ssrf
Galaxy-Bugbounty-Checklist
Tips and Tutorials for Bug Bounty and also Penetration Tests.
Stars: ✭ 34 (+161.54%)
Mutual labels:  bugbounty, bugbounty-tool
goverview
goverview - Get an overview of the list of URLs
Stars: ✭ 93 (+615.38%)
Mutual labels:  recon, bugbounty
Sub-Drill
A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.
Stars: ✭ 70 (+438.46%)
Mutual labels:  recon, bugbounty
nuubi
Nuubi Tools (Information-ghatering|Scanner|Recon.)
Stars: ✭ 76 (+484.62%)
Mutual labels:  recon, bugbounty
leaky-paths
A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Stars: ✭ 507 (+3800%)
Mutual labels:  recon, bugbounty
View All Similar Projects ➔


Arjun Arjun

What is Priest?

Priest is a simple index.html file containing JavaScript code which can extract useful information from Browser SSRF Vulnerabilities


Arjun

What Inforamtion can get extracted:

  • Extract complete navigator object
  • Browser User-Agent
  • OS Platform version
  • Language
  • Browser Version
  • IP Address v4/v6
  • ASN Number
  • Org Name
  • Timezone
  • Number of System Logical Processors
  • etc.

How to use:

in order to make our lives easier, a simple python3-WebServer script has been included which will server http on http://0.0.0.0:8000/index.html and when a browser requests the address all the information will get extracted and shown in the webpage, this is useful in pdf exports, controllable headless browsers, etc.

- Using Seperate index.html

git clone https://github.com/sinsinsecurity/priest.git
cd priest
put index.html on a webserver

- OR Using the priest.py webserver

git clone https://github.com/sinsinsecurity/priest.git
cd priest
chmod +x priest.py
./priest.py 8000

Result:

This is very useful when dealing with EC2 Servers, Google Clouds and html renderes in order to detect the used technology for further exploitation


Arjun
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].