cat introspection_query.json
{
"query": "query IntrospectionQuery {
__schema {
queryType { name }
mutationType { name }
h0tak88r
/ # Registration Feature
Last active
June 4, 2024 07:36
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Registration Feature Security Testing |
nullenc0de
/ 365doms.py
Created
February 23, 2023 01:37
modified from https://github.com/expl0itabl3/check_mdi
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Python script to enumerate valid Microsoft 365 domains, retrieve tenant name, and check for an MDI instance. | |
| Based on: https://github.com/thalpius/Microsoft-Defender-for-Identity-Check-Instance. | |
| Usage: ./check_mdi.py -d <domain> | |
| """ | |
| import argparse | |
| import dns.resolver |
tehseensagar
/ gist:d82931fa8427b3b8a8825714b5b113c4
Last active
October 31, 2025 16:58
SQLi WAF Bypass All Method
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| `-=[SQL injection Queries]=- | |
| HOW TO SUCCESSFULLY INJECTING SQL INJECTION | |
| [~] after id no. like id=1 +/*!and*/+1=0 [~] | |
| EX: site.com?index.php?pageid=3 div+0 Union select 1,version(),3,4,5 | |
| +div+0 | |
| +div false | |
| +Having+1=0+ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| CRLF = '\r\n' | |
| DEFAULT_HTTP_VERSION = 'HTTP/1.1' | |
| class RequestParser(object): | |
| def __parse_request_line(self, request_line): | |
| request_parts = request_line.split(' ') |
tetrillard
/ rss_hackerone_hacktivity.py
Last active
January 22, 2025 18:14
HackerOne Hacktivity to RSS feed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import sys | |
| import requests | |
| import urllib3 | |
| import json | |
| import re | |
| from types import SimpleNamespace as Namespace | |
| from feedgen.feed import FeedGenerator | |
| output = '' |
yassineaboukir
/ List of API endpoints & objects
Last active
September 24, 2025 15:54
A list of 3203 common API endpoints and objects designed for fuzzing.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | |
| 00 | |
| 01 | |
| 02 | |
| 03 | |
| 1 | |
| 1.0 | |
| 10 | |
| 100 | |
| 1000 |
ndavison
/ hbh-header-abuse-test.py
Last active
June 16, 2025 15:30
Attempts to find hop-by-hop header abuse potential against the provided URL.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # github.com/ndavison | |
| import requests | |
| import random | |
| import string | |
| from argparse import ArgumentParser | |
| parser = ArgumentParser(description="Attempts to find hop-by-hop header abuse potential against the provided URL.") | |
| parser.add_argument("-u", "--url", help="URL to target (without query string)") |
martinheld
/ GraphQL introspection query via curl.md
Last active
August 15, 2025 00:10
GraphQL introspection query via curl
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | |
| 1 | |
| 11 | |
| 12 | |
| 13 | |
| 14 | |
| 15 | |
| 16 | |
| 17 | |
| 2 |
jhaddix
/ content_discovery_all.txt
Created
May 26, 2018 11:51
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ` | |
| ~/ | |
| ~ | |
| ×™× | |
| ___ | |
| __ | |
| _ |
NewerOlder