Posts

Showing posts from 2018

Burp Extension - Bing Translator

Image
Testing non-English web apps is pretty straightforward which you can just use browser extension to translate what you see on screens. But that's not so straightforward for non-English mobile apps especially where no English support is available; in this case, pentesters have no choice but to translate each foreign keywords manually using browser navigating to translator web site..... https://github.com/yehgdotnet/burp-extention-bing-translator Keywords: Burp Suite Extension translator, translator plugin

pyt (python secure code scanner) wrapper

Quick and dirty wrapper as pyt doesn't support scanning directory from first look https://gist.github.com/yehgdotnet/074ab79528ccdac7653bb641beb3b7c5 # https://github.com/python-security/pyt - python secure code scanner @echo off IF %1.==. GOTO No1 IF %2.==. GOTO Missing_Argument set dir=%1 set type=%2 dir /s /b %dir% | find ".py" > source_listing.txt for /F "tokens=*" %%A in (source_listing.txt) do echo. && echo Scanning %%A && pyt -a %type% -f "%%A" GOTO End1 :No1 GOTO Missing_Argument :Missing_Argument @echo. echo Usage: scan.bat source_directory type(Flask, Django,Every or Pylons) @echo. echo e.g. echo scan "example\django.nV" Django GOTO End1 :End1

GitBook Released: Secure Code - PHP

https://yehgdotnet.gitbooks.io/secure-php-codes/content/ This Gitbook serves as ready-to-use one-place reference for PHP secure codes that have been implemented in various sources/frameworks/articles on the web. Copyright and licensing belong to respective owners. If you like to implement them into your commercial products, make sure you check the source and its licensing terms for compliance. Those code samples may not be easy copy-paste. They may require you to include associated functions in header files. Detailed explanations of each attack can be found on OWASP and CWE sites. Hence, this book features only actionable secure codes (In real world of rushing dead-time in DevOps, developers don't have time to deep dive learn security stuffs most of the times). In future,  secure codes for other languages will be extended.  Stay tuned. Regardless of saying a word "secure", those functions may possibly be bypassed or abused. Happy secure coding,

Evilsocket plugins: replaceimage, injectjson, injecttext

# evilsocket-plugins Modified evilsocket's bettercap plugins minimally changed from existing ones written by the author Simone  'evilsocket' Margaritelli.    Credit goes to the author for creating such awesome easy moduler tool. https://github.com/yehgdotnet/evilsocket-plugins Instructions: 1. Git clone 2. Place it the orginal source folder