- https://github.com/projectdiscovery/subfinder – a subdomain discovery tool
- https://github.com/owasp-amass/amass – asset discovery
- https://github.com/nmap/nmap – port enumiration
- https://github.com/projectdiscovery/httpx – HTTP toolkit (server discovery)
- https://github.com/tomnomnom/waybackurls – discover known URLs from Wayback Machine
- https://github.com/lc/gau – discover known URLs from Wayback Machine and so on
- https://github.com/trufflesecurity/trufflehog – secrets detection
- https://github.com/projectdiscovery/nuclei – known vulnerabilities
- https://github.com/ffuf/ffuf + https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Content – discover hidden folders
- https://github.com/OJ/gobuster – discover hidden folders
Kirill Kirill89
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # For the URL https://share.vidyard.com/watch/ySQXtKoGAXS656HscU4yNe | |
| curl https://play.vidyard.com/player/ySQXtKoGAXS656HscU4yNe.json | jq -r '.payload.chapters |.[0].sources.mp4 |.[0].url' > 1.txt && curl -H "Referer: https://play.vidyard.com/ySQXtKoGAXS656HscU4yNe" -vvv $(cat 1.txt) > 111.mp4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import path from 'node:path'; | |
| import {fileURLToPath} from 'node:url'; | |
| const SCRIPT_FOLDER = path.dirname(fileURLToPath(import.meta.url)); | |
| const DATA_FOLDER = path.join(SCRIPT_FOLDER, 'data'); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| // Usage example: | |
| async function scrapeUrl() { | |
| // ... | |
| } | |
| const urls = ['http://foo.com', 'http://bar.com', 'more URLs...']; | |
| // Scrape all URLs with maximun 10 in parralel. | |
| const scrapeUrlLimit = limit(10, scrapeUrl); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const fs = require('fs'); | |
| let data = fs.readFileSync('IRONCLAD.autosave.json', 'utf8'); | |
| const out = []; | |
| for (let i = 0; i < data.length; i++) { | |
| const key = 'key'; | |
| out.push(data.charCodeAt(i) ^ key.charCodeAt(i % key.length)); | |
| } |
Kirill89
/ gist:8a19a391a207962e07d902d7d229d0b8
Created
August 6, 2020 15:03
— forked from looping/gist:cd25b16e93b8fa3158cf
Hack a .a library file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Using libtool, lipo, ar and otool | |
| lipo -info input.a | |
| lipo -extract_family arm64 -output output.a input.a | |
| # output.a is a fat file (use libtool(1) or lipo(1) and ar(1) on it) | |
| # lipo output.a -thin arm64 -output output_arm64.a | |
| ar -x output_arm64.a |
Kirill89
/ Dockerfile
Created
March 12, 2020 08:36
Prototype Pollution security vulnerability in yargs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM ubuntu:18.04 | |
| COPY ./app /app | |
| RUN chmod u+s /app | |
| RUN useradd -s /bin/bash just-user | |
| USER just-user |
Kirill89
/ Dockerfile
Last active
March 6, 2023 10:27
Prototype Pollution security vulnerability in minimist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM ubuntu:18.04 | |
| COPY ./app /app | |
| RUN chmod u+s /app | |
| RUN useradd -s /bin/bash just-user | |
| USER just-user |
Kirill89
/ prototype-pollution-merge-check.js
Last active
June 27, 2023 15:32
prototype pollution check
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // https://github.com/Kirill89/prototype-pollution-explained | |
| const mergeFn = require('lodash').defaultsDeep; | |
| const payloads = [ | |
| '{"constructor": {"prototype": {"a0": true}}}', | |
| '{"__proto__": {"a1": true}}', | |
| ]; | |
| function check() { | |
| for (const p of payloads) { | |
| mergeFn({}, JSON.parse(p), {}); |
Kirill89
/ readFileSync_vs_readFile.js
Last active
March 23, 2019 00:10
readFileSync vs readFile benchmark
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const fs = require('fs'); | |
| const util = require('util'); | |
| const readFile = util.promisify(fs.readFile); | |
| fs.writeFileSync('a', 'a'); | |
| const attempts = 100000; | |
| function runInCallback(left, cb) { |
NewerOlder