{"uuid": "a00fd51a-5bba-478e-9452-b0e0c628954b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24919", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3267", "content": "Tools - Hackers Factory\n\nGourlex \n\nIt is a simple tool that can be used to extract URLs and paths from web pages. It can be helpful during web application assessments to uncover additional targets.\n\nTry the tool :\u00a0 https://github.com/trap-bytes/gourlex\n\nFind xss with this automation of the following work :\n\n1. subfinder -d indeed.com -o indeed.txt //Find Subdomains\n2. httpx -l subdomains.txt -o httpx.txt // Live Subdomains\n3. echo \"indeed.com\" | gau --threads 5 &gt;&gt; Enpoints.txt // Find Endpoints\n4. cat httpx.txt | katana -jc &gt;&gt; Enpoints.txt // Find More Endpoints\n5. cat Enpoints.txt | uro &gt;&gt; Endpoints_F.txt // Remove Duplicates\n6. cat Endpoints_F.txt | gf xss &gt;&gt; XSS.txt // Filter Endpoints for XSS\n7. cat XSS.txt | Gxss -p khXSS -o XSS_Ref.txt // Find reflected Parameters\n8. dalfox file XSS_Ref.txt -o Vulnerable_XSS.txt // Find XSS\n\nScript : https://github.com/dirtycoder0124/xss\n\nA simple powershell script that can run in powershell for linux. The purpose of the script is to identify potential privilege escalation vulnerabilities on Linux systems that run with PowerShell\n\nhttps://github.com/tjnull/pentest-arsenal/tree/main/Cadiclus\n\nInQL makes mapping out a GraphQL API easy! It also includes several automated vulnerability checks!\u00a0 \n\ngithub.com/doyensec/inql\n\nA Microservices-based framework for the study of Network Security and Penetration Test techniques \n\nhttps://github.com/DockerSecurityPlayground/DSP\n\nSnaffler reimplementation in Python -\n\nhttps://github.com/SnaffCon/Snaffler\nhttps://github.com/asmtlab/snafflepy\n\nCVE-2024-24919 \n\nhttps://github.com/johnk3r/nuclei-templates/blob/main/http/cves/2024/CVE-2024-24919.yaml\n\nPython for AWAE (Advanced Web Attacks and Exploitation) \n\nhttps://github.com/shreyaschavhan/python-for-awae\n\nCVE-2024-24919 [Check Point Security Gateway Information Disclosure] \n\nhttps://github.com/ifconfig-me/CVE-2024-24919-Bulk-Scanner\n\nLAZYEGG\n\nTool for extracting different data from web pages:\n\n- cookies\n- leaked credentials\n- domains\n- ips\n- images\n- links\n\nhttps://github.com/schooldropout1337/nuclei-templates/blob/main/lazyegg.py\n\nExtract endpoints from APK files \n\nhttps://github.com/ndelphit/apkurlgrep\n\n#HackersFactory", "creation_timestamp": "2024-06-03T09:13:35.000000Z"}