Skip to content

Instantly share code, notes, and snippets.

View ceylanb's full-sized avatar
🎯
Focusing

Ceylan Bozoğullarından ceylanb

🎯
Focusing
27 followers · 69 following
View GitHub Profile
@jesstess
jesstess / alexa-top-10000.txt
Created November 25, 2011 04:37
How the Alexa top 10000 respond to unusual HTTP methods
google.com
facebook.com
yahoo.com
youtube.com
live.com
wikipedia.org
blogger.com
baidu.com
msn.com
yahoo.co.jp
@yeyewangwang
yeyewangwang / Freenode IRC.md
Created June 26, 2016 14:01
Freenode Nickserv Commands

Freenode IRC

Connect

/server chat.freenode.net

Nick

@kstan
kstan / liferay-wordlist.txt
Last active October 3, 2023 21:42
File/folder wordlist for Liferay generated from https://github.com/Stackato-Garage/Liferay.
/dtd
/dtd/datatypes.dtd
/dtd/facelet-taglib_1_0.dtd
/dtd/hibernate-mapping-3.0.dtd
/dtd/j2ee_1_4.xsd
/dtd/j2ee_web_services_client_1_1.xsd
/dtd/javaee_5.xsd
/dtd/javaee_6.xsd
/dtd/javaee_web_services_client_1_2.xsd
/dtd/javaee_web_services_client_1_3.xsd
@mgeeky
mgeeky / xml-attacks.md
Last active July 6, 2024 22:34
XML Vulnerabilities and Attacks cheatsheet

XML Vulnerabilities

XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.

The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.

@staaldraad
staaldraad / awk_netstat.sh
Last active July 5, 2024 01:55
AWK to get details from /proc/net/tcp and /proc/net/udp when netstat and lsof are not available
# Gawk version
# Remote
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($3,index($3,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($3,i,2))}{print x":"strtonum("0x"substr($3,index($3,":")+1,4))}'
# Local
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($2,i,2))}{print x":"strtonum("0x"substr($2,index($2,":")+1,4))}'
# No Gawk
# Local
grep -v "rem_address" /proc/net/tcp | awk 'function hextodec(str,ret,n,i,k,c){
@roycewilliams
roycewilliams / pwnedpasswords-v2-top20k.txt
Last active May 29, 2024 07:42
pwnedpasswords-v2-top20k.txt
#------------------------------------------------------------------------------
# Top 20K hashes from the Troy Hunt / haveibeenpwned Pwned Passwords list v2 (2018-02-21)
# with frequency count and cracked plaintext passwords
#
# The latest version of this file can be found here:
# https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7
#
# NOTE: THIS FILE IS DEPRECATED.
# The equivalent of this file, but based on v6 of the Pwned Passwords, is here:
# https://gist.github.com/roycewilliams/226886fd01572964e1431ac8afc999ce
@mutin-sa
mutin-sa / Top_Public_Recursive_Name_Servers.md
Last active July 16, 2024 02:38
List of Top Public Recursive Name Servers

DNS:

IPv4 Addr IPv6 Addr ASn Political Region Loc Svc Org
8.8.8.8 2001:4860:4860::8888 AS15169 US Worldwide (Anycast) Google Public DNS Google
8.8.4.4 2001:4860:4860::8844 AS15169 US Worldwide (Anycast) Google Public DNS Google
1.1.1.1 2606:4700:4700::1111 AS13335 US Worldwide (Anycast) Cloudflare-DNS Cloudflare/APNIC
1.0.0.1 2606:4700:4700::1001 AS13335 US Worldwide (Anycast) Cloudflare-DNS Cloudflare/APNIC
208.67.222.222 2620:119:35::35 AS36692 US *W
@localh0t
localh0t / introspection_urlencoded.txt
Last active November 20, 2023 23:49
Introspection query from GraphQL-JS (URL-encoded)
%0A%20%20query%20IntrospectionQuery%20%7B%0A%20%20%20%20__schema%20%7B%0A%20%20%20%20%20%20queryType%20%7B%20name%20%7D%0A%20%20%20%20%20%20mutationType%20%7B%20name%20%7D%0A%20%20%20%20%20%20subscriptionType%20%7B%20name%20%7D%0A%20%20%20%20%20%20types%20%7B%0A%20%20%20%20%20%20%20%20...FullType%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20directives%20%7B%0A%20%20%20%20%20%20%20%20name%0A%20%20%20%20%20%20%20%20description%0A%20%20%20%20%20%20%20%20locations%0A%20%20%20%20%20%20%20%20args%20%7B%0A%20%20%20%20%20%20%20%20%20%20...InputValue%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%7D%0A%0A%20%20fragment%20FullType%20on%20__Type%20%7B%0A%20%20%20%20kind%0A%20%20%20%20name%0A%20%20%20%20description%0A%20%20%20%20fields(includeDeprecated%3A%20true)%20%7B%0A%20%20%20%20%20%20name%0A%20%20%20%20%20%20description%0A%20%20%20%20%20%20args%20%7B%0A%20%20%20%20%20%20%20%20...InputValue%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20type%20%7B%0A%20%20%20%20%20%20%20%20...TypeRef%0A
@eur0pa
eur0pa / waywords.go
Last active April 11, 2024 08:32 — forked from lc/waywords.go
generate wordlists utilizing the wayback machine
package main
import (
"bufio"
"fmt"
"net/url"
"os"
"strings"
)
@ziot
ziot / hostsbyasnname.py
Created July 15, 2019 23:07
Get hosts by ASN->CIDR->Hosts via company name
import requests, json
from requests.packages.urllib3.exceptions import InsecureRequestWarning, InsecurePlatformWarning, SNIMissingWarning
from bs4 import BeautifulSoup
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
requests.packages.urllib3.disable_warnings(InsecurePlatformWarning)
requests.packages.urllib3.disable_warnings(SNIMissingWarning)
# another source of cidrs by asn
def getIPCidrs(asn):