Skip to content

Instantly share code, notes, and snippets.



View GitHub Profile
import json, asyncio, pickle, os
from pathlib import Path
from takeover.takeover import takeover
home = str(Path.home())
# config is an dictionary. See ~/.config/takeover/config.json for structure
config = json.load(open(home + "/.config/takeover/config.json"))
# Do not forget to replace pointer to fingerprints with the valid data. See ~/.config/takeover/fingerprints.json for structure
View sdto.json
"fingerprint":"The site you are looking for could not be found."
#!/usr/bin/env zsh
rm ~/bugbounty -rf
mkdir ~/bugbounty
cd ~/bugbounty
curl -O ""
cat chaos-bugbounty-list.json | grep '"name"' | awk '{$1=$1};1' | sed 's/"name": "//g' | sed 's/"name":"//g' | sed 's/",//g' | while read folder; do mkdir -p $folder -v; done
for (( i=0; i < $(cat chaos-bugbounty-list.json | jq -r .programs | jq length); i++ ))
cat chaos-bugbounty-list.json | jq --arg i "$i" -r ".programs[($i | tonumber)].domains | .[]" > "$(cat chaos-bugbounty-list.json | jq --arg i "$i" -r '.programs[($i | tonumber)].name')/assets.txt" && echo -n "."
0xcrypto /
Created Mar 18, 2021
SharePoint Authenticated (Low Privileged) RCE Exploit
# Exploit Title: Microsoft SharePoint Server 2019 - Remote Code Execution
# Google Dork: inurl:quicklinks.aspx
# Date: 2020-08-14
# Exploit Author: West Shepherd
# Vendor Homepage:
# Version: SharePoint Enterprise Server 2013 Service Pack 1, SharePoint Enterprise Server 2016 , SharePoint Server 2010 Service
# Pack 2, SharePoint Server 2019
# Tested on: Windows 2016
# CVE : CVE-2020-1147
# Credit goes to Steven Seele and Soroush Dalili
0xcrypto / bookmarklet.js
Last active Mar 17, 2021
Google Links Extractor (Extracts links from the visible page. Drag to bookmark bar to create a bookmarklet
View bookmarklet.js
javascript:alert((function() {links=[];document.querySelectorAll('.yuRUbf').forEach(function (e) {e.childNodes.forEach(function (f) {links.push(f.getAttribute('href'));});});return links;})().join("\n"))
0xcrypto / rce.php
Created Mar 9, 2021
RCE payload test
View rce.php
echo phpinfo();
View multithreaded infinite
def ping(ip):
# database change value of ip to processing here
if(not os.system("ping %s" % ip)):
# database change value of ip to up here
return True
# database change value of ip to down here
return False

Keybase proof

I hereby claim:

  • I am 0xcrypto on github.
  • I am 0xcrypto ( on keybase.
  • I have a public key whose fingerprint is 2D9E 1CD7 9F1B 0881 C087 34AB 9E68 4472 FF0C 51D4

To claim this, I am signing this object:

0xcrypto / License.php
Last active Apr 4, 2018
License.php backdoor in
View License.php
Obfuscation provided by FOPO - Free Online PHP Obfuscator:
This code was created on Tuesday, May 30th, 2017 at 22:29 UTC from IP
Checksum: ff73395f7b16ebacc0415646d7fe6909dd11f804