Skip to content

Instantly share code, notes, and snippets.

Avatar
🎯
Focusing

Splint3r7 Splint3r7

🎯
Focusing
View GitHub Profile
@Splint3r7
Splint3r7 / CF_waf_generate.sh
Last active December 27, 2022 19:22
bash script to genereate a firewall rule for CloudFlare WAF
View CF_waf_generate.sh
#!/bin/bash
filename=$1
output_str="("
while read -r line; do
output_str+="ip.src eq $line) or ("
done < "$filename"
output_str=${output_str% or (*}
@Splint3r7
Splint3r7 / npm-package-emails.py
Last active November 1, 2022 06:48
Extract Emails from Npm Packge Names - https://api.npms.io/
View npm-package-emails.py
import requests
import sys
import json
import concurrent.futures
output_file = open("emails_res.txt", "w")
def Emails(package):
req = requests.get("https://api.npms.io/v2/package/{}".format(package))
@Splint3r7
Splint3r7 / AllRubyGemNames.txt
Created October 31, 2022 21:34
Extract All Ruby Gem Names From - https://rubygems.org/gems
View AllRubyGemNames.txt
This file has been truncated, but you can view the full file.
a
a--
A-
a0
a0-tzmigration-ruby
a1
a11n
A_123
a1330ks_bmi
a13g
View tlds.txt
.aaa
.aarp
.abarth
.abb
.abbott
.abbvie
.abc
.able
.abogado
.abudhabi
@Splint3r7
Splint3r7 / similarity.py
Last active July 25, 2022 09:29
Domain Similarity Script
View similarity.py
# Coded by Geekink
#!/usr/bin/env python3
import urllib.request
import sqlite3
import os.path
import re
import math
@Splint3r7
Splint3r7 / plugin.php
Created March 16, 2022 07:14 — forked from htdat/plugin.php
An intentionally vulnerable plugin developed for WordPress plugin author education. http://make.wordpress.org/plugins/2013/04/09/intentionally-vulnerable-plugin/
View plugin.php
<?php
/* Plugin Name: Damn Vulnerable WordPress Plugin
* Description: Intentionally vulnerable plugin for plugin author education
* Version: 0.1
* Plugin URI: http://make.wordpress.org/plugins/2013/04/09/intentionally-vulnerable-plugin/
* Author: Jon Cave
* Author URI: http://joncave.co.uk
* License: GPLv2+
*
* DO NOT RUN THIS PLUGIN ON AN INTERNET ACCESSIBLE SITE
@Splint3r7
Splint3r7 / gist:eadcdd8eee22b91d91771d4b60407667
Last active March 15, 2022 05:40
qnotsquiz authenticated XSS
View gist:eadcdd8eee22b91d91771d4b60407667
# Exploit Title: Authenticated Stored XSS in qnotsquiz WordPress Plugin
# Author: Muhammad Hassan Khan ( Splint3r7 )
# Organization: SpiderSilk
# Date: 14/03/2022
# Software Link: https://downloads.wordpress.org/plugin/qnotsquiz.zip
# Version: 1.0.0
## Description:
An authenticated stored cross site scripting vulnerability has been identified in qnotsquiz, which allows an attacker to execute arbitrary javascript using qnotsquiz plugin.
@Splint3r7
Splint3r7 / ssrf_wkhtmltopdf.php
Created March 29, 2021 17:17
WKHTMLTOPDF SSRF PHP CODE
View ssrf_wkhtmltopdf.php
<?php
# Before starting this lab make sure wkhtmltopdf is installed.
header("Content-Type: text/html");
$bad = "script";
$param = $_GET["xss"];
echo "Printing your payload on pdf file sur ;_;</br>";
@Splint3r7
Splint3r7 / read.php
Created March 29, 2021 17:15
Read pdf files
View read.php
<?php
$file = 'test.pdf';
$filename = 'test.pdf'; /* Note: Always use .pdf at the end. */
header('Content-type: application/pdf');
header('Content-Disposition: inline; filename="' . $filename . '"');
header('Content-Transfer-Encoding: binary');
header('Content-Length: ' . filesize($file));
header('Accept-Ranges: bytes');
View httprobe_full
| httprobe -p https:10000 -p https:1010 -p https:1085 -p https:11371 -p https:12443 -p https:1311 -p https:1414 -p https:14439 -p https:16080 -p https:1776 -p https:18091 -p https:18092 -p https:2031 -p https:20720 -p https:20790 -p https:2082 -p https:2087 -p https:2095 -p https:2096 -p https:21011 -p https:21012 -p https:21021 -p https:21022 -p https:2381 -p https:24465 -p https:2480 -p https:280 -p https:28017 -p https:300 -p https:3000 -p https:311 -p https:3128 -p https:3333 -p https:3702 -p https:4125 -p https:4243 -p https:4444 -p https:4567 -p https:4711 -p https:4712 -p https:4847 -p https:4993 -p https:5000 -p https:5010 -p https:5104 -p https:5108 -p https:5280 -p https:5357 -p https:5433 -p https:5800 -p https:591 -p https:593 -p https:6543 -p https:7000 -p https:7002 -p https:7396 -p https:7474 -p https:8000 -p https:8001 -p https:8008 -p https:8011 -p https:8014 -p https:8042 -p https:8069 -p https:8080 -p https:8081 -p https:8086 -p https:8088 -p https:8090 -p https:8091 -p https:81 -p https:81