Skip to content

Instantly share code, notes, and snippets.

View codingo's full-sized avatar

Michael Skelton codingo

3.5k followers · 340 following
View GitHub Profile
@Vbitz
Vbitz / LICENSE
Created April 26, 2023 01:35
Github Star and Follow spidering script. Warning very hackish.
Copyright 2023 Joshua D. Scarsbrook
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
@tomnomnom
tomnomnom / short-wordlist.txt
Created September 29, 2019 19:44
short-wordlist
/.s3cfg
/phpunit.xml
/nginx.conf
/.vimrc
/LICENSE.md
/yarn.lock
/Gulpfile
/Gulpfile.js
/composer.json
/.npmignore
@mdisec
mdisec / manageengine_appmanager_exec_0day.rb
Created April 19, 2019 20:33
ManageEngine Applications Manager Remote Code Execution 0day
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::FileDropper
@bayotop
bayotop / hrefs.py
Last active December 4, 2018 08:36
Identify "href" (i.e., free "javascript:" XSS) and dangerouslySetInnerHtml usages in ReactJS SPAs.
import re
import sys
VULNERABLE_HREF = r'href: [^"].+[^\s]?'
DANGEROUSLY_SET_INNER_HTML = r'__html: .+[^\s]?'
STATE_VALUES = r'\.setState\({([\s\S]*?)}\)'
#false_positives = ("this.props.team.", "constants.")
def find_state_candidates(name, states):
@ntrzz
ntrzz / linkfinder-oneliner.sh
Last active January 21, 2023 10:12
curl -s $1 | grep -Eo "(http|https)://[a-zA-Z0-9./?=_-]*" | sort | uniq | grep ".js" > jslinks.txt; while IFS= read link; do python linkfinder.py -i "$link" -o cli; done < jslinks.txt | grep $2 | grep -v $3 | sort -n | uniq; rm -rf jslinks.txt
@Rhynorater
Rhynorater / bookmarklet.js
Created March 27, 2018 01:19
OSCP Video Playback Speed Increase
javascript:document.getElementById("video").defaultPlaybackRate = prompt("Enter your prefered playback rate:");document.getElementById("video").load();
@zeroSteiner
zeroSteiner / log_handler.py
Last active April 6, 2022 19:14
Python logging.Handler for use in external Metasploit modules.
import logging
import metasploit.module as module
class MetasploitLogHandler(logging.Handler):
def emit(self, record):
log_entry = self.format(record)
level = 'debug'
if record.levelno >= logging.ERROR:
level = 'error'
elif record.levelno >= logging.WARNING:
@PaulSec
PaulSec / monitor_cve.py
Created February 26, 2018 09:50
Monitors @cvenew and sends me a message on Telegram if a keyword triggers
from tweepy import StreamListener
from tweepy import Stream
import tweepy
import json
import telebot
import requests
CONSUMER_KEY = 'XXXXXXXXXXXXXXXXXXXXXXX'
CONSUMER_SECRET = 'XXXXXXXXXXXXXXXXXXXXXXX'
ACCESS_KEY = 'XXXXXXXXXXXXXXXXXXXXXXX'
@stefan2904
stefan2904 / index.php
Created October 2, 2016 17:49
TUM CTF: free_as_in_bavarian_beer (writeup on https://hack.more.systems )
<?php
/*
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
@nerandell
nerandell / code-review-checklist.md
Last active August 19, 2025 14:27
PHP Code Review Guidelines

Make sure these boxes are checked before submitting/approving the PR

General

  • The code works
  • The code is easy to understand
  • Follows coding conventions
  • Names are simple and if possible short
  • Names are spelt correctly
  • Names contain units where applicable
  • There are no usages of magic numbers