image_extract.py
performs character extraction on targetted against the HackerOne H1-702 CTF announcement imagedecrypt_sqli.py
performs blind sqli data extraction with encrypted payloads targetting against the FliteThermostat APItiming_attack.py
performs an HTTP piplining based timing against the FliteThermostat Backendwordlist_generator.py
generates wordlists from a give corpus or set of corpuseshttplib.py
performs efficient asynchronous HTTP requests against the FliteThermostat Backend
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# If you find a site with /_wpeprivate/config.json file exposed, run this and get all kinds of fun goodies. | |
# If it "no worked" (Technical Term) then you probably need to install jq! | |
TARGET=$1 | |
TARGETDOMAIN=$(echo $TARGET | cut -d/ -f3) | |
# Pretty Colors | |
RESET='\033[00m' | |
GREEN='\033[01;32m' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# encoding: utf-8 | |
# Author: Psycho_Coder <https://psychocoder.github.io/> | |
from re import match | |
from sys import stdout, hexversion, exit, argv | |
import traceback | |
TITLE = """ | |
_ _ _ _____ _ _ _ __ _ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
//php gd-gif.php image.gif gd-image.gif | |
$gif = imagecreatefromgif($argv[1]); | |
imagegif($gif, $argv[2]); | |
imagedestroy($gif); | |
?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
query IntrospectionQuery { | |
__schema { | |
queryType { name } | |
mutationType { name } | |
subscriptionType { name } | |
types { | |
...FullType | |
} | |
directives { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bl4de:~ $ wfuzz -c --hc 404 -w ~/hacking/dictionaries/starter.txt http://example.com/FUZZ | |
Warning: Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information. | |
******************************************************** | |
* Wfuzz 2.3.4 - The Web Fuzzer * | |
******************************************************** | |
Target: http://example.com/FUZZ | |
Total requests: 71935 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
url='rawsec.ml' | |
domains=$(curl $url -s | grep -E 'https?://[^"]*' | cut -d '/' -f 3 | cut -d '"' -f 1 | uniq) | |
filename='/tmp/temporary_ips.txt' | |
for domain in $domains | |
do |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/ | |
$$$lang-translate.service.js.aspx | |
$367-Million-Merger-Blocked.html | |
$defaultnav | |
${idfwbonavigation}.xml | |
$_news.php | |
$search2 | |
£º | |
.0 | |
/0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <time.h> // Robert Nystrom | |
#include <stdio.h> // @munificentbob | |
#include <stdlib.h> // for Ginny | |
#define r return // 2008-2019 | |
#define l(a, b, c, d) for (i y=a;y\ | |
<b; y++) for (int x = c; x < d; x++) | |
typedef int i;const i H=40;const i W | |
=80;i m[40][80];i g(i x){r rand()%x; | |
}void cave(i s){i w=g(10)+5;i h=g(6) | |
+3;i t=g(W-w-2)+1;i u=g(H-h-2)+1;l(u |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
%0A%20%20query%20IntrospectionQuery%20%7B%0A%20%20%20%20__schema%20%7B%0A%20%20%20%20%20%20queryType%20%7B%20name%20%7D%0A%20%20%20%20%20%20mutationType%20%7B%20name%20%7D%0A%20%20%20%20%20%20subscriptionType%20%7B%20name%20%7D%0A%20%20%20%20%20%20types%20%7B%0A%20%20%20%20%20%20%20%20...FullType%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20directives%20%7B%0A%20%20%20%20%20%20%20%20name%0A%20%20%20%20%20%20%20%20description%0A%20%20%20%20%20%20%20%20locations%0A%20%20%20%20%20%20%20%20args%20%7B%0A%20%20%20%20%20%20%20%20%20%20...InputValue%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%7D%0A%0A%20%20fragment%20FullType%20on%20__Type%20%7B%0A%20%20%20%20kind%0A%20%20%20%20name%0A%20%20%20%20description%0A%20%20%20%20fields(includeDeprecated%3A%20true)%20%7B%0A%20%20%20%20%20%20name%0A%20%20%20%20%20%20description%0A%20%20%20%20%20%20args%20%7B%0A%20%20%20%20%20%20%20%20...InputValue%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20type%20%7B%0A%20%20%20%20%20%20%20%20...TypeRef%0A |