HawkScan - Security Tool For Reconnaissance And Information Gathering On A Website

Security Tool for Reconnaissance and Information Gathering on a website. python 2.x & 3.x This script use "WafW00f" to detect the WAF in the first step https://github.com/EnableSecurity/wafw00f This script use "Sublist3r" to scan subdomains https://github.com/aboul3la/Sublist3r This script use...

Mail.ru: Получаем все домены и поддомены icq с помощью amazonaws.com [config,txt]

Открытый доступ к config.txt на амазоне где лежат все ваши домены и поддомены "api.icq.net": "api.ic2ster.com", "bos.icq.net": "bos.ic2ster.com", "api.login.icq.net": "apilogin.ic2ster.com", "icq.com": "www.ic2ster.com ", "www.icq.com ": "www.ic2ster.com ", "files.icq.com": "files-com.ic2ster.com...

Coursera: Stored XSS via transloadit.com and imageproxy

Hello, due to poor input file validation on transloadit.com, it is possible to upload and process any filetype on their server, which would later be uploaded to coursera-profile-photos.s3.amazonaws.com. From there, since imageproxy trusts coursera-profile-photos.s3.amazonaws.com, one can fetch...