Skip to content

Instantly share code, notes, and snippets.

Avatar

dade 0xdade

View GitHub Profile
View keybase.md

Keybase proof

I hereby claim:

  • I am 0xdade on github.
  • I am dade (https://keybase.io/dade) on keybase.
  • I have a public key ASDoG6G5j-BprfJi_lqfeOzU-n5EYAOLuucR6uECqM6yXwo

To claim this, I am signing this object:

@0xdade
0xdade / echosrv.py
Created Aug 2, 2019
Simple flask app that prints POST data to the console. Useful for testing open redirects and other things where you can control where something get's POSTed.
View echosrv.py
#!/usr/bin/env python
from flask import Flask, request, Response
app = Flask(__name__)
@app.route('/', defaults={'path': ''}, methods=['GET', 'POST'])
@app.route('/<path:path>', methods=['GET', 'POST'])
def catch_all(path):
if request.form:
@0xdade
0xdade / SSRF.py
Created Aug 2, 2019
Simple SSRF example server
View SSRF.py
from flask import Flask, request, Response
import requests
app = Flask(__name__)
@app.route('/')
def index():
url = requests.args.get("url")
r = requests.get(url)
return Response(r)
@0xdade
0xdade / rename-master-branch.md
Last active Oct 17, 2019
Changing default branches on github
View rename-master-branch.md
  1. $ git branch -m master main
  2. $ git push origin main
  3. Change "Default Branch" in Settings->Branches on github. https:github.com/your/repo/settings/branches.
  4. Accept any warnings about changing the default branch.
  5. If you have any branch protection rules that affect the master branch, delete them.
  6. $ git push origin :master
  7. If you had any branch protection rules affecting the master branch, recreate them on the main branch.
  8. Look through your repo for references to master and replace with main as necesary.
    • Examples of this include URLs to a file in the REPO that are not relative
  9. If you get a warning "Your branch is based on 'origin/master', but the upstream is gone." then use the command it recommends: git branch --unset-upstream
View prowl.sh
# Based on https://twitter.com/stokfredrik/status/1185580290108018694
# Turns into a bash function to ease use further
# Relies on:
# - https://github.com/tomnomnom/unfurl
# - https://github.com/michenriksen/aquatone
# - https://cli.shodan.io/
# Put this function in your .bash_profile or .bashrc file and then source it and you can use it like so:
# $ prowl elasticsearch
function prowl {
@0xdade
0xdade / graphdracula-example.html
Last active Nov 2, 2019
graphdracula without es6 modules
View graphdracula-example.html
<html>
<head>
<!-- Using this pre-ES6 fork of Dracula https://github.com/grigoryk/dracula-js-fork -->
<script type="text/javascript" src="dracula-js-fork/raphael-min.js"></script>
<script type="text/javascript" src="dracula-js-fork/dracula_graph.js"></script>
<script type="text/javascript" src="dracula-js-fork/dracula_algorithms.js"></script>
<script type="text/javascript" src="dracula-js-fork/dracula_graffle.js"></script>
<script type="text/javascript" src="dracula-js-fork/seedrandom.js"></script>
<script>
function drawGraph() {
View breachgen.py
#!/usr/bin/env python3
'''
Python version of generating excuses that are generated by http://whythefuckwasibreached.com/
These actors, methods, targets, mitigations are not my own - they are copied directly from the whythefuckwasibreached website.
I ported it to a python script so that it could be used for easy command line integration
Long live LOLBOAT Enterprise Edition
'''
import random
@0xdade
0xdade / fetch-natlas-results.py
Created Nov 8, 2019
Simple script for downloading a list of ip addresses that match a query from a natlas server
View fetch-natlas-results.py
#!/usr/bin/env python3
'''
Simple script for downloading a list of ip addresses that match a query from a natlas server
Input:
- Required: natlas url
- Required: Search query, contained in quotes if it includes spaces
- Optional: filename to save results to
Example: ./fetch-natlas-results.py https://natlas.io 'ports.port:443 "application/json"' json-443.txt
If no filename is present, the script will spit the results to stdout once they are all downloaded
'''
View update-blog.sh
#!/bin/bash
# Enter repository folder and pull the latest version
# (This is done with a read-only deploy key on a private repo)
# `hugo` with no parameters builds the default version of the site, which has baseUrl="https://0xda.de"
# Copy the built files (from public/*) into the webserver folder
# Build a new version of the site with the baseUrl set to the onion address
# Copy the built files from public/* to the onion web server directory
cd 0xdade.github.com && \
git pull && \
@0xdade
0xdade / selfdestruct.py
Created Jan 23, 2020
Simple code snippet for a python file to delete itself, whether it's a standalone .py file or compiled into an executable using pyinstaller
View selfdestruct.py
#!/usr/bin/env python3
'''
Determine if this python is part of an executable or a standalone script and then delete the file accordingly.
If the script has been bundled into an executable using pyinstaller (such as pyinstaller --onefile <fname>.py) then the realpath of __file__ will be incorrect, thus the use of sys.executable.
Example of just relying on __file__:
$ pyinstaller --onefile test.py
[...]
$ ls dist/