Skip to content

Instantly share code, notes, and snippets.


Keybase proof

I hereby claim:

  • I am xeroday on github.
  • I am xeroday ( on keybase.
  • I have a public key ASDvPiH6WDr2FVcuLgItEaxHG16R6yRFs-57o5lNObzxjQo

To claim this, I am signing this object:

Xeroday /
Last active Aug 29, 2015 User Enumeration
import subprocess
# Make sure you set the Cookie header to your cookies and the ticket id (tid)
for i in range(100967, 103325):
subprocess.Popen("curl '' -H 'Cookie: ...' -H 'Origin:' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: en-US,en;q=0.8' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'Accept: */*' -H 'Referer:' -H 'X-Requested-With: XMLHttpRequest' -H 'Connection: keep-alive' --data 'content=" + str(i) + "&tid=5090&uid=" + str(i) + "' --compressed", shell=True, stdout=subprocess.PIPE)
import static org.junit.Assert.*;
import org.junit.Test;
public class TwistListTest {
public void testAdd() {
TwistList<String> l1 = new TwistList<>();
import requests
import subprocess
import json
import sys
import threading
import time
from Queue import Queue
numberOfViewers = int(sys.argv[1])
builderThreads = int(sys.argv[2])
Xeroday / delete-targz.php
Created Jul 21, 2013
Deletes .tar.gz files older than 7 days.
View delete-targz.php
$files = glob("*.tar.gz");
foreach($files as $file) {
&& time() - filemtime($file) >= 7*24*60*60) { // 7 days
Xeroday / clickjack.html
Last active Dec 17, 2015
Hovering over the link shows one URL, but clicking on it sends you to another.
View clickjack.html
function showLink() {
document.getElementById("theLink").setAttribute("href",""); //URL to show
function clickJack() {
document.getElementById("theLink").setAttribute("href",""); //URL that it actually goes to
<a id="theLink" href="#" onmouseover="showLink()" onmousedown="clickJack()">Click me</a>