Skip to content

Instantly share code, notes, and snippets.

Avatar
Focusing

Arbaz Hussain arbazkiraak

Focusing
View GitHub Profile
View m_data_feed.py
import numpy as np
import pandas as pd
from binance.helpers import *
from binance.client import Client
from binance.websockets import BinanceSocketManager
client = Client('API','SECRET')
bm = BinanceSocketManager(client)
View bbprograms.txt
google dork -> site:.co.uk inurl:"responsible disclosure"
https://registry.internetnz.nz/about/vulnerability-disclosure-policy/
http://www.123contactform.com/security-acknowledgements.htm
https://18f.gsa.gov/vulnerability-disclosure-policy/
https://support.1password.com/security-assessments/
https://www.23andme.com/security-report/
https://www.abnamro.com/en/footer/responsible-disclosure.html
https://www.accenture.com/us-en/company-accenture-responsible-disclosure
https://www.accredible.com/white_hat/
https://www.acquia.com/how-report-security-issue
View werkzeug_rce.py
import requests
import sys
import re
import urllib,bs4
response = requests.get('%s/console' % (sys.argv[1]))
if "Werkzeug powered traceback interpreter" not in response.text:
print("[-] Debug is not enabled")
sys.exit(-1)
View s3_bucket_region_checker.py
#!/usr/bin/env python
import boto3,sys,time,requests
import botocore.exceptions
from urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
import datetime,os
os.environ['AWS_DEFAULT_REGION'] = 'us-east-1'
s3 = boto3.resource('s3')
View jsp-jstl-intruders.txt
${0 }
${0 == pageList.maxPage}
${1}
${1 eq currentPageNumber }
${5}
${5/6}
${a+1 }
${a.academyName}
${a.academyNumber}
${academyNumber==a.academyNumber}
@arbazkiraak
arbazkiraak / gist:4defc9a0262c2ab115a996f3496be022
Created Apr 16, 2020 — forked from Screetsec/gist:6ee948503960f1b9d4b7b8465aea2d73
One Liner to get Hidden URL Parameter from Passive scan using Web Archive. Regex using DFA Engine, Support and Collecting URL with multi Parameter to Fuzzing & Removing Duplicate
View gist:4defc9a0262c2ab115a996f3496be022
curl -s "http://web.archive.org/cdx/search/cdx?url=*.bugcrowd.com/*&output=text&fl=original&collapse=urlkey" | grep -P "=" | sed "/\b\(jpg\|png\|js\|svg\|css\|gif\|jpeg\|woff\|woff2\)\b/d" > Output.txt ; for i in $(cat Output.txt);do URL="${i}"; LIST=(${URL//[=&]/=FUZZ&}); echo ${LIST} | awk -F'=' -vOFS='=' '{$NF="FUZZ"}1;' >> Passive_Collecting_URLParamter.txt ; done ; rm Output.txt ; sort -u Passive_Collecting_URLParamter.txt > Passive_Collecting_URLParamter_Uniq.txt
View send_urls_to_burp
#!/usr/bin/python3
import requests,sys
import urllib3,queue,threading
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
headers = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36'}
proxies = {'http':'http://127.0.0.1:8080','https':'http://127.0.0.1:8080'}
urls_inp = sys.argv[1]
@arbazkiraak
arbazkiraak / foxyproxyBB.json
Created Oct 2, 2020 — forked from 0xatul/foxyproxyBB.json
firefox foxy proxy settings for BB stuff
View foxyproxyBB.json
{
"84kr3q1592995213323": {
"type": 1,
"color": "#cc883a",
"title": "Burp",
"active": true,
"address": "127.0.0.1",
"port": 8080,
"proxyDNS": false,
"username": "",
@arbazkiraak
arbazkiraak / CryptoBot.py
Last active Jul 25, 2020
Telegram Bot to automate basics of Crypto Trading
View CryptoBot.py
import requests,json,bs4,time,threading,datetime,logging
from binance.client import Client
requests.packages.urllib3.disable_warnings()
from telegram.ext import Updater
from telegram.ext import CommandHandler
from telegram.ext.dispatcher import run_async
########### KEYS #######################
updater = Updater(token='<TELEGRAM-TOKEN>')
dispatcher = updater.dispatcher
@arbazkiraak
arbazkiraak / bb-foxyproxy-pattern.json
Created Jul 2, 2020 — forked from ignis-sec/bb-foxyproxy-pattern.json
foxyproxy pattern (install Storage area explorer and import this file, foxyproxy import/export is broken)
View bb-foxyproxy-pattern.json
{
"30523382": {
"className": "Proxy",
"data": {
"bypassFPForPAC": true,
"color": "#f57575",
"configUrl": "",
"credentials": "U2FsdGVkX1+tf3lvD5TBClW2UUSZAT4AWsCo/i0kU2M=",
"cycle": false,
"enabled": true,