The Web Application Firewall Paranoia Level Test Tool.

Overview

Quick WAF "paranoid" Doctor Evaluation

wafparano1d3
WAFPARAN01D3

The Web Application Firewall Paranoia Level Test Tool.
— From alt3kx.github.io

Introduction to Paranoia Levels

In essence, the Paranoia Level (PL) allows you to define how aggressive the Core Rule Set is.
Reference: https://coreruleset.org/20211028/working-with-paranoia-levels/

How it works

  • The wafparan01d3.py python3 script takes malicious requests using encoded payloads placed in different parts of HTTP requests based on GET parameters, The results of the evaluation are recorded in the report debug file wafparan01d3.log created on your machine.
  • Observe the behavior and response for each WAF paranoia level setting different attacks or payloads by using the default config level.
  • The PoC below provide de basic installation and configuration from scratch and re-use byself the current WAF deployed by settting a basic "Mock" and simulate the backend.
  • The default payloads avaiable was called mysql_gosecure.txt based on the research "A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection" from gosecure available here https://www.gosecure.net/blog/2021/10/19/a-scientific-notation-bug-in-mysql-left-aws-waf-clients-vulnerable-to-sql-injection/ evaluating our WAFs using modsecurity in their different levels of paranoia either in a default configuration or by disabling different rules / IDs in a staggered and quick way.

Approach

  • Pentesters: GreyBox scope with limited access to WAF Linux box using a "shell" with privileges to start/reload and edit WAF Apache config files on DEV/STG/TEST enviroments sending diferent payloads.
  • Secutity Officers: Take the best decision to apply the level of WAF paranoia for each solution in your organization.
  • Blueteamers: Rule enforcement, best alerting , less false positive results in your organization.
  • Integrators: Perform a depper troubheshooting and define the adequate level of WAF paranoia quickly customizing rules or creating virtual patches.

Proof of Concept: Based on Ubuntu 20.04.3 and OWASP Core Rule Set (CRS) v3.3.2

Reference: https://www.inmotionhosting.com/support/server/apache/install-modsecurity-apache-module/

Initial installation

  1. Update software repos:
$ sudo apt update -y && sudo apt dist-upgrade -y
  1. Install Essentials:
$ sudo apt-get install build-essential -y
  1. Install apache2 for ubuntu (if it is not installed):
$ sudo apt-get install apache2 -y
  1. Download and install the ModSecurity Apache module:
$ sudo apt install libapache2-mod-security2 -y
  1. Install curl for ubuntu (if it is not installed):
$ sudo apt-get install curl vim gridsite-clients net-tools -y
  1. Restart the Apache service:
$ sudo systemctl restart apache2
  1. Ensure the installed software version is at least 2.9.x:
$ sudo apt-cache show libapache2-mod-security2

install

Configure ModSecurity

  1. Copy and rename the file:
$ sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

Next, change the ModSecurity detection mode. First, move into the cd /etc/modsecurity folder
2. Edit the ModSecurity configuration file with vi, vim, emacs, or nano.

$ sudo vim /etc/modsecurity/modsecurity.conf
  1. Near the top of the file, you’ll see SecRuleEngine DetectionOnly. Change DetectionOnly to On.

Original value: SecRuleEngine DetectionOnly
New value: SecRuleEngine On

modsec

  1. Save changes.
  2. Restart Apache:
$ sudo systemctl restart apache2

Download OWASP Core Rule Set

  1. Download the latest CRS from CoreRuleSet.org/installation
$ cd ~
$ wget https://github.com/coreruleset/coreruleset/archive/refs/tags/v3.3.2.zip
  1. Verify the checksum, be sure match of public available here: https://coreruleset.org/installation/
$ sha1sum v3.3.2.zip && echo ProvidedChecksum
88f336ba32a89922cade11a4b8e986f2e46a97cf  v3.3.2.zip
ProvidedChecksum 

checksum

  1. Uncompress the zip file.
$ unzip v3.3.2.zip
  1. Move the CRS setup file from the new directory into your ModSecurity directory:
$ sudo mv coreruleset-3.3.2/crs-setup.conf.example /etc/modsecurity/crs/crs-setup.conf
  • (Optional but recommended) Move the rules directory from the new directory to your ModSecurity directory:
$ sudo mv coreruleset-3.3.2/rules/ /etc/modsecurity/crs/
  1. Edit your Apache security2.conf file to ensure it’ll load ModSecurity rules:
$ sudo vim /etc/apache2/mods-enabled/security2.conf

   
    
        # Default Debian dir for modsecurity's persistent data
        SecDataDir /var/cache/modsecurity

        # Include all the *.conf files in /etc/modsecurity.
        # Keeping your local configuration in that directory
        # will allow for an easy upgrade of THIS file and
        # make your life easier
        IncludeOptional /etc/modsecurity/crs-setup.conf
        IncludeOptional /etc/modsecurity/rules/*.conf

        # Include OWASP ModSecurity CRS rules if installed
        #IncludeOptional /usr/share/modsecurity-crs/*.load

   

secmodule

  1. Ensure both the default ModSecurity and new CRS configuration files are listed. The first line conf file path may already be included. The second file path should be wherever you moved the /rules directory.
  2. Edit /etc/apache2/apache2.conf
$ sudo vim /etc/apache2/apache2.conf

Copy & Paste the following code and save it.

# Include list of ports to listen on
Include ports.conf

Include /etc/modsecurity/modsecurity.conf
Include /etc/modsecurity/crs/crs-setup.conf
Include /etc/modsecurity/crs/rules/*.conf

ports

Apache Load Modules Rewrite & Proxy

  1. Copy the following modules. Enable Proxy and Rewrite module.
$ cd /etc/apache2
$ sudo cp mods-available/proxy_http.load mods-enabled
$ sudo cp mods-available/proxy.load mods-enabled/
$ sudo cp mods-available/rewrite.load mods-enabled/
  1. Restart Apache
$ sudo systemctl restart apache2

Add Virtualhosts for testing "Mocks"

  1. Add ports, edit /etc/apache2/ports.conf
$ sudo vim /etc/apache2/ports.conf

Copy & Paste the following code and save it.

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf

Listen 8080
Listen 18080


   
    
        Listen 443

   


   
    
        Listen 443

   

ports2

  1. Go to /etc/apache2/sites-enabled, create the file 001-test.conf
$ cd /etc/apache2/sites-enabled/
$ sudo touch 001-test.conf
$ sudo vim 001-test.conf

Copy & Paste the following code and save it.


   
    
        ServerName test.domain:8080

        SecRuleEngine On

        ErrorLog ${APACHE_LOG_DIR}/test_error.log
        CustomLog ${APACHE_LOG_DIR}/test_access.log combined
        SecAuditLog ${APACHE_LOG_DIR}/test_audit.log

        ProxyPass / http://127.0.0.1:18080/
        ProxyPassReverse / http://127.0.0.1:18080/

   
  1. Go to /etc/apache2/sites-enabled, create the file 002-moc.conf
$ cd /etc/apache2/sites-enabled/
$ sudo touch 002-moc.conf
$ sudo vim 002-moc.conf

Copy & Paste the following code and save it.


   
    

        ErrorLog ${APACHE_LOG_DIR}/moc_error.log
        CustomLog ${APACHE_LOG_DIR}/moc_access.log combined

        RewriteEngine On
        RewriteRule ^(.*)$ $1 [R=200,L]

   
  1. Restart apache
$ sudo systemctl restart apache2
  1. Create the file wafparan01d3_rulesremove.conf inside of /etc/apache2/conf-enabled
$ sudo touch /etc/apache2/conf-enabled/wafparan01d3_rulesremove.conf
  1. Reload Apache
$ sudo service apache2 reload

Test your FE and BE (mock)

200 OK

OK

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.


Apache/2.4.41 (Ubuntu) Server at 127.0.0.1 Port 18080
$ curl -i -k -s -XGET http://localhost:18080/ HTTP/1.1 200 OK Date: Mon, 22 Nov 2021 06:27:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 571 Content-Type: text/html; charset=iso-8859-1 200 OK

OK

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.


Apache/2.4.41 (Ubuntu) Server at localhost Port 18080
">
Must be specify a domain , edit the following lines  

Windows:
C:\Windows\System32\drivers\etc\hosts
192.168.56.106 test.domain <-- add this line and specify your IP address  

Linux: 
/etc/hosts
192.168.1.23 test.domain <-- add this line and specify your IP address 

$ curl -i -k -s -XGET http://test.domain:8080/
HTTP/1.1 200 OK
Date: Mon, 22 Nov 2021 06:31:41 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 571
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding



200 OK

OK

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.


Apache/2.4.41 (Ubuntu) Server at 127.0.0.1 Port 18080
$ curl -i -k -s -XGET http://localhost:18080/ HTTP/1.1 200 OK Date: Mon, 22 Nov 2021 06:27:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 571 Content-Type: text/html; charset=iso-8859-1 200 OK

OK

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.


Apache/2.4.41 (Ubuntu) Server at localhost Port 18080

How do I use it

For help you can make use of the help option. The basic usage is to pass diferent arguments defined.
Example:

$ sudo python3 wafparan01d3.py -h 

           (                                  )   ) (       )
 (  (      ))\ )          ) (      )        ( /(( /( )\ ) ( /(
 )\))(  ( /(()/( `  )  ( /( )(  ( /(  (     )\())\()|()/( )\())
((_)()\ )(_))(_))/(/(  )(_)|()\ )(_)) )\ ) ((_)((_)\ ((_)|(_)\
_(()((_|(_)(_) _((_)_\((_)_ ((_|(_)_ _(_/( /  (_) (_)_| |__ (_)
\ V  V / _` |  _| '_ \) _` | '_/ _` | ' \)) () || |/ _` ||_ \
 \_/\_/\__,_|_| | .__/\__,_|_| \__,_|_||_| \__/ |_|\__,_|___/
                |_|

                    ~ WAFPARANO1D3 : v1.1 ~
     The Web Application Firewall Paranoia Level Test Tool.

usage: wafparan01d3.py [-h] [--run [_RUN]] [--debug [_DEBUG]] [--pl [_PARANOIALEVEL ...]] [--proxy [_PROXY]] [--payload [_PAYLOAD]] [--rules-remove [_RULESREMOVE]] [--log [_LOG]] [--domain [_DOMAIN]] [--conf-file [_CONF_FILE]]
                       [--time-sleep [_TIME_TO_SLEEP]] [--time-sleep-request [_TIME_TO_SLEEP_REQUEST]] [--desc [_DESC]] [--output-desc [_OUTPUT_DESC]]

optional arguments:
  -h, --help            show this help message and exit
  --run [_RUN]          Run script
  --debug [_DEBUG]      Debug mode
  --pl [_PARANOIALEVEL ...]
                        Define paranoia level Ex. -pl 2
  --proxy [_PROXY]      Define Proxy. Ex: http://127.0.0.1:8081
  --payload [_PAYLOAD]  Define payload file. Ex. --payload payload2.txt
  --rules-remove [_RULESREMOVE]
                        Define rules remove file. Ex. --rules-remove rules1.txt
  --log [_LOG]          Define path of the log file. Ex. --log /var/log/apache/wafparan01d3.log
  --domain [_DOMAIN]    Define your domain. Ex. --domain example.domain:8080
  --conf-file [_CONF_FILE]
                        Define configuration file. Ex. --conf-file /opt/modsecurity/crs/rules/INITIALIZATION.conf
  --time-sleep [_TIME_TO_SLEEP]
                        Sleep time per PL. Ex. --time-sleep 3
  --time-sleep-request [_TIME_TO_SLEEP_REQUEST]
                        Sleep time per Request. Ex. --time-sleep-request 3
  --desc [_DESC]        Description of the script and authors
  --output-desc [_OUTPUT_DESC]
                        Description of the output on console mode.
                                                              

Optional Arguments

$ sudo python3 wafparan01d3.py -h 
	- show the help message

$ sudo python3 wafparan01d3.py --run
	- run the script with default options.

$ sudo python3 wafparan01d3.py --run --debug
	- Print every line on console.
	
$ sudo python3 wafparan01d3.py --run --pl 1
	- Run the script in assigned Paranoia Level.
	- By default runs on Paranoia Level 1, 2, 3, 4

$ sudo python3 wafparan01d3.py --run --payload file_payload2.txt
	- Define the payload file that you want to send to WAF.
	- By default takes the file mysql_gosecure.txt

$ sudo python3 wafparan01d3.py --run --rules-remove rules_removex.txt
	- Define the rules that you want to remove on GWAF.
	- Example of the file: 
		- Default 920000 920001 920002
	- By default takes the files: rules_remove1.txt, rules_remove2.txt, rules_remove3.txt, rules_remove4.txt

$ sudo python3 wafparan01d3.py --run --log /home/waf_user/paranoia.log
	- Define LOG File.
	- By default print the log on paranoia_debug.log

$ sudo python3 wafparan01d3.py --run --domain mydomain.test.com
	- Define Domain of Front End WAF.
	- By default runs over domain domain.test:8080
	
$ sudo python3 wafparan01d3.py --run --conf-file /opt/modsecurity/crs/rules/INITIALIZATION.conf
	- Define the configuration file to update the Paranoia Level
	- By default takes /etc/modsecurity/crs/rules/REQUEST-901-INITIALIZATION.conf

$ sudo python3 wafparan01d3.py --run --time-sleep 3
	- Define the time to sleep per Paranoia Level.

$ sudo python3 wafparan01d3.py --run --time-sleep-request 2
	- Define the time to sleep per request send to WAF.

$ sudo python3 wafparan01d3.py --desc
	- Print the description of the script and the authors.

Demos

You can try wafparan01d3.py by running the VM environment (Ubuntu) that deploys WAF ModSecurity & 'Mock' using latest OWASP Core Rule Set CRS 3.3.2 evaluating ModSecurity paranoia levels easyble customizable.

To run:

$ git clone https://github.com/alt3kx/wafparan01d3.git
$ cd wafparan01d3
$ sudo python3 wafparan01d3.py --help 
$ sudo python3 wafparan01d3.py --run

wafparan01d3_001

$ sudo python3 wafparan01d3.py --run --debug --proxy http://192.168.56.1:8081

wafparan01d3_002

$ sudo python3 wafparan01d3.py --run --debug --pl 1 2 --proxy http://192.168.56.1:8081 --log test.log --domain vulnerable.domain:8080 --time-sleep-request 1 --time-sleep 1 --rules-remove my_rules_remove.txt --payload my_payload.txt

wafparan01d3_003

WAF Rule Scientific Notation

https://github.com/mindhack03d/WAF-Rule-Scientific-Notation

Authors

Alex Hernandez aka (@_alt3kx_)
Jesus Huerta aka @mindhack03d

You might also like...
A Proof-of-Concept Layer 2 Denial of Service Attack that disrupts low level operations of Programmable Logic Controllers within industrial environments. Utilizing multithreaded processing, Automator-Terminator delivers a powerful wave of spoofed ethernet packets to a null MAC address. Source code for
Source code for "A Two-Stream AMR-enhanced Model for Document-level Event Argument Extraction" @ NAACL 2022

TSAR Source code for NAACL 2022 paper: A Two-Stream AMR-enhanced Model for Document-level Event Argument Extraction. 🔥 Introduction We focus on extra

High level cheatsheet that was designed to make checks on the OSCP more manageable

High level cheatsheet that was designed to make checks on the OSCP more manageable. This repository however could also be used for your own studying or for evaluating test systems like on HackTheBox or TryHackMe. DM me via Twitter (@FindingUrPasswd) to request any specific additions to the content that you think would also be helpful!

Log4j rce test environment and poc
Log4j rce test environment and poc

log4jpwn log4j rce test environment See: https://www.lunasec.io/docs/blog/log4j-zero-day/ Experiments to trigger in various software products mentione

Python script to tamper with pages to test for Log4J Shell vulnerability.

log4jShell Scanner This shell script scans a vulnerable web application that is using a version of apache-log4j 2.15.0. This application is a static

Something I built to test for Log4J vulnerabilities on customer networks.

Log4J-Scanner Something I built to test for Log4J vulnerabilities on customer networks. I'm not responsible if your computer blows up, catches fire or

These are Simple python scripts to test/scan your network
These are Simple python scripts to test/scan your network

Disclaimer This tool is for Educational purpose only. We do not promote or encourage any illegal activities. Summary These are Simple python scripts t

A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

This project is no longer maintained March 2020 Update: Please go see the amazing Pysa tutorial that should get you up to speed finding security vulne

WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities
WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities

WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities Which is a great tool for web pentesters. Coded in python3, CLI. WebScan is capable of scanning and detecting sql injection vulnerabilities across HTTP and HTTP sites.

Releases(v1.1)
  • v1.1(Nov 22, 2021)

    Optional Arguments

    $ sudo python3 wafparan01d3.py -h 
    	- show the help message
    
    $ sudo python3 wafparan01d3.py --run
    	- run the script with default options.
    
    $ sudo python3 wafparan01d3.py --run --debug
    	- Print every line on console.
    	
    $ sudo python3 wafparan01d3.py --run --pl 1
    	- Run the script in assigned Paranoia Level.
    	- By default runs on Paranoia Level 1, 2, 3, 4
    
    $ sudo python3 wafparan01d3.py --run --payload file_payload2.txt
    	- Define the payload file that you want to send to WAF.
    	- By default takes the file mysql_gosecure.txt
    
    $ sudo python3 wafparan01d3.py --run --rules-remove rules_removex.txt
    	- Define the rules that you want to remove on GWAF.
    	- Example of the file: 
    		- Default 920000 920001 920002
    	- By default takes the files: rules_remove1.txt, rules_remove2.txt, rules_remove3.txt, rules_remove4.txt
    
    $ sudo python3 wafparan01d3.py --run --log /home/waf_user/paranoia.log
    	- Define LOG File.
    	- By default print the log on paranoia_debug.log
    
    $ sudo python3 wafparan01d3.py --run --domain mydomain.test.com
    	- Define Domain of Front End WAF.
    	- By default runs over domain domain.test:8080
    	
    $ sudo python3 wafparan01d3.py --run --conf-file /opt/modsecurity/crs/rules/INITIALIZATION.conf
    	- Define the configuration file to update the Paranoia Level
    	- By default takes /etc/modsecurity/crs/rules/REQUEST-901-INITIALIZATION.conf
    
    $ sudo python3 wafparan01d3.py --run --time-sleep 3
    	- Define the time to sleep per Paranoia Level.
    
    $ sudo python3 wafparan01d3.py --run --time-sleep-request 2
    	- Define the time to sleep per request send to WAF.
    
    $ sudo python3 wafparan01d3.py --desc
    	- Print the description of the script and the authors.
    
    Source code(tar.gz)
    Source code(zip)
    wafparan01d3.py(8.92 KB)
Owner
Red Teamer | PentTester | Bug Bounty | 0day guy! | Researcher | Lone Wolf...l opinions expressed are mine
A Telegram Bot to force users to join a specific channel before sending messages in a group.

Promoter A Telegram Bot to force users to join a specific channel before sending messages in a group. Introduction A Telegram Bot to force users to jo

Mr. Dynamic 1 Jan 27, 2022
Subdomain enumeration,Web scraping and finding usernames automation script written in python

Subdomain enumeration,Web scraping and finding usernames automation script written in python

Syam 12 Nov 22, 2022
This tool was created in order to automate some basic OSINT tasks for penetration testing assingments.

This tool was created in order to automate some basic OSINT tasks for penetration testing assingments. The main feature that I haven't seen much anywhere is the downloadd google dork function where t

Tobias 5 May 31, 2022
Remote control your Greenbone Vulnerability Manager (GVM)

Greenbone Vulnerability Management Tools The Greenbone Vulnerability Management Tools gvm-tools are a collection of tools that help with remote contro

Greenbone 130 Dec 17, 2022
Microsoft Exchange Server SSRF漏洞(CVE-2021-26855)

Microsoft_Exchange_Server_SSRF_CVE-2021-26855 zoomeye dork:app:"Microsoft Exchange Server" 使用Seebug工具箱及pocsuite3编写的脚本Microsoft_Exchange_Server_SSRF_CV

conjojo 37 Nov 12, 2022
This is a keylogger in python for Windows, Mac and Linux!

Python-Keylogger This is a keylogger in python for Windows, Mac and Linux! #How to use it by downloading the zip file? Download the zip file first The

Zeus_Dxvxm 2 Nov 12, 2021
GitLab CE/EE Preauth RCE using ExifTool

CVE-2021-22205 GitLab CE/EE Preauth RCE using ExifTool This project is for learning only, if someone's rights have been violated, please contact me to

3ND 164 Dec 10, 2022
POC for detecting the Log4Shell (Log4J RCE) vulnerability.

log4shell-poc-py POC for detecting the Log4Shell (Log4J RCE) vulnerability. Run on a system with python3 python3 log4shell-poc.py pathToTargetFile

BCC Risk Advisory 2 Dec 22, 2021
This Repository is an up-to-date version of Harvard nlp's Legacy code and a Refactoring of the jupyter notebook version as a shell script version.

This Repository is an up-to-date version of Harvard nlp's Legacy code and a Refactoring of the jupyter notebook version as a shell script version.

신재욱 17 Sep 25, 2022
Operational information regarding the vulnerability in the Log4j logging library.

Log4j Vulnerability (CVE-2021-44228) This repo contains operational information regarding the vulnerability in the Log4j logging library (CVE-2021-442

Nationaal Cyber Security Centrum (NCSC-NL) 1.9k Dec 26, 2022
A simple automatic tool for finding vulnerable log4j hosts

Log4Scan A simple automatic tool for finding vulnerable log4j hosts Installation pip3 install -r requirements.txt Usage usage: log4scan.py [-h] (-f FI

Federico Rapetti 20018955 6 Mar 10, 2022
Python tool for dumping flash via uboot reliably

Reliable Uboot Flash Dumper is a Python tool for dumping flash via uboot reliably. If you've ever had to dump flash via uboot and a serial connection and became frustrated about doing it several time

SecurityJon 25 May 10, 2022
Generate malicious files using recently published homoglyphic-attack (CVE-2021-42694)

CVE-2021-42694 Generate malicious files using recently published homoglyph-attack vulnerability, which was discovered at least in C, C++, C#, Go, Pyth

js-on 17 Dec 11, 2022
RedTeam-Security - In this repo you will get the information of Red Team Security related links

OSINT Passive Discovery Amass - https://github.com/OWASP/Amass (Attack Surface M

Abhinav Pathak 5 May 18, 2022
This repo explains in details about buffer overflow exploit development for windows executable.

Buffer Overflow Exploit Development For Beginner Introduction I am beginner in security community and as my fellow beginner, I spend some of my time a

cris_0xC0 11 Dec 17, 2022
This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

PYTHON-EXPLOITATION This is a repository filled with scripts that were made with Python, and designed to exploit computer systems. Networking tcp_clin

Nathan Galindo 1 Oct 30, 2021
Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app.

django-permissions-policy Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app. Requirements Python 3.

Adam Johnson 76 Nov 30, 2022
CVE-2022-22965 : about spring core rce

CVE-2022-22965: Spring-Core-Rce EXP 特性: 漏洞探测(不写入 webshell,简单字符串输出) 自定义写入 webshell 文件名称及路径 不会追加写入到同一文件中,每次检测写入到不同名称 webshell 文件 支持写入 冰蝎 webshell 代理支持,可

东方有鱼名为咸 53 Nov 09, 2022
POC using subprocess lib in Python 🐍

POC subprocess ☞ POC using the subprocess library with Python. References: https://github.com/GuillaumeFalourd/poc-subprocess https://geekflare.com/le

Guillaume Falourd 2 Nov 28, 2022
A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.

TProxer A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF. How • Install • Todo • Join Discord How it works

Krypt0mux 162 Nov 25, 2022