Skip to content

Instantly share code, notes, and snippets.

View Jiab77's full-sized avatar
🤖
Search, Hack and Dev

Doctor Who Jiab77

🤖
Search, Hack and Dev
71 followers · 121 following
View GitHub Profile
@win3zz
win3zz / GitHub-Leaked-API-Keys-and-Secrets.md
Last active May 25, 2024 05:51

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

@EhsanCh
EhsanCh / fpm_get_status.php
Created February 19, 2023 10:54
PHP-FPM real-time status page (Single file without the need for web server configuration)
<?php
// Upload to private url or implement authorization...
if (isset($_GET["json"])) {
header("Content-type: application/json");
exit(json_encode( fpm_get_status() ));
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!--
@SkyperTHC
SkyperTHC / gist:cb4ebb633890ac36ad86e80c6c7a9bb2
Last active November 11, 2023 09:41
docker exec not sending SIGHUP to shell when docker-cli is killed?

Before we get to the problem we need to have a common understand of how PTYs work.

There are two sides: a master and a slave. The shell's STDIN/STDOUT/STDERR are connected to the slaves side the master (a single FD) is connected to .... normally sshd (when we log into a remote system).

The PTY takes care of special characters. Of course there is a PTY on the client side as well but the ssh client puts this into raw mode and it wont do anything. We can ignore this. Let's focus on the PTY on the server side.

The user presses Ctrl-c on the client side and the ssh client reads \003 (Ctrl-C character) and forwards this to the sshd server. The sshd server sends it to the MASTER end of the PTY.

@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active May 27, 2024 18:05
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@Linerre
Linerre / Setting $PATH for zsh on macOS.md
Last active May 24, 2024 09:28
Properly setting $PATH for zsh on macOS (fighting with path_helper)
@AnatomicJC
AnatomicJC / android-backup-apk-and-datas.md
Last active May 28, 2024 11:46
Backup android app, data included, no root needed, with adb

Backup android app, data included, no root needed, with adb

Note: This gist may be outdated, thanks to all contributors in comments.

adb is the Android CLI tool with which you can interact with your android device, from your PC

You must enable developer mode (tap 7 times on the build version in parameters) and install adb on your PC.

Don't hesitate to read comments, there is useful tips, thanks guys for this !

@moeiscool
moeiscool / clientSideFileDownloadWithProgress-jQuery.js
Last active May 1, 2024 12:33
jQuery File Download with Progress
// Found at https://stackoverflow.com/questions/19126994/what-is-the-cleanest-way-to-get-the-progress-of-jquery-ajax-request
var url = "REMOTE_URL"
$.ajax({
xhr: function() {
var xhr = new window.XMLHttpRequest();
xhr.upload.addEventListener("progress", function(evt) {
if (evt.lengthComputable) {
var percentComplete = evt.loaded / evt.total;
//Do something with upload progress here
}
@bkmeneguello
bkmeneguello / curl-stat.sh
Created May 17, 2019 11:39
echo <<EOT > curl-format.txt
time_namelookup: %{time_namelookup}\n
time_connect: %{time_connect}\n
time_appconnect: %{time_appconnect}\n
time_pretransfer: %{time_pretransfer}\n
time_redirect: %{time_redirect}\n
time_starttransfer: %{time_starttransfer}\n
----------\n
time_total: %{time_total}\n
EOT
@bkmeneguello
bkmeneguello / createLocalhostCert.sh
Created April 23, 2019 12:27
Generate a "localhost" valid certificate
openssl req -x509 -out localhost.crt -keyout localhost.key \
-newkey rsa:2048 -nodes -sha256 \
-subj '/CN=localhost' -extensions EXT -config <( \
printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
@moeiscool
moeiscool / tcpproxy.js
Created February 10, 2019 00:59 — forked from kfox/tcpproxy.js
A basic TCP proxy written in node.js
var net = require("net");
process.on("uncaughtException", function(error) {
console.error(error);
});
if (process.argv.length != 5) {
console.log("usage: %s <localport> <remotehost> <remoteport>", process.argv[1]);
process.exit();
}