Skip to content

Instantly share code, notes, and snippets.

Wear mask and stay safe!

Rafal Janicki bl4de

Wear mask and stay safe!
View GitHub Profile
View Dockerfile
FROM python:3.7-stretch as base
RUN mkdir /base
RUN apt-get update
RUN apt-get install -y wget
RUN apt-get -y install libnss3
RUN apt -y install chromium
View fingerprint.js
(() => {
let gadgets = [];
if (typeof _satellite !== 'undefined') {
gadgets.push('Adobe Dynamic Tag Management');
if (typeof BOOMR !== 'undefined') {
gadgets.push('Akamai Boomerang');
View gd-gif.php
//php gd-gif.php image.gif gd-image.gif
$gif = imagecreatefromgif($argv[1]);
imagegif($gif, $argv[2]);
View introspection-query.graphql
query IntrospectionQuery {
__schema {
queryType { name }
mutationType { name }
subscriptionType { name }
types {
directives {
bl4de / wfuzz.log
Created Jun 16, 2019
wfuzz against
View wfuzz.log
bl4de:~ $ wfuzz -c --hc 404 -w ~/hacking/dictionaries/starter.txt
Warning: Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.
* Wfuzz 2.3.4 - The Web Fuzzer *
Total requests: 71935
bl4de /
Created May 8, 2019 — forked from noraj/
crawl a web page, extract all domains and resolve them to IP addresses with bash and common GNU/Linux tools
domains=$(curl $url -s | grep -E 'https?://[^"]*' | cut -d '/' -f 3 | cut -d '"' -f 1 | uniq)
for domain in $domains
View content_discovery_nullenc0de.txt
This file has been truncated, but you can view the full file.
bl4de /
Created Apr 5, 2019 — forked from ajxchapman/
Scripts developed for solving HackerOne H1-702 2019 CTF

Scripts developed for solving HackerOne H1-702 2019 CTF

  • performs character extraction on targetted against the HackerOne H1-702 CTF announcement image
  • performs blind sqli data extraction with encrypted payloads targetting against the FliteThermostat API
  • performs an HTTP piplining based timing against the FliteThermostat Backend
  • generates wordlists from a give corpus or set of corpuses
  • performs efficient asynchronous HTTP requests against the FliteThermostat Backend
bl4de / generate.c
Created Mar 4, 2019 — forked from munificent/generate.c
A random dungeon generator that fits on a business card
View generate.c
#include <time.h> // Robert Nystrom
#include <stdio.h> // @munificentbob
#include <stdlib.h> // for Ginny
#define r return // 2008-2019
#define l(a, b, c, d) for (i y=a;y\
<b; y++) for (int x = c; x < d; x++)
typedef int i;const i H=40;const i W
=80;i m[40][80];i g(i x){r rand()%x;
}void cave(i s){i w=g(10)+5;i h=g(6)
+3;i t=g(W-w-2)+1;i u=g(H-h-2)+1;l(u
# Author: Adam Jordan
# Date: 2019-02-15
# Repository:
# PoC for: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)
import argparse
import jenkins