Skip to content

Instantly share code, notes, and snippets.

@iosifnicolae2
iosifnicolae2 / Readme.md
Last active Nov 1, 2022
Youtube is Boring
View Readme.md

How To Make Youtube Less Boring

Tutorial: https://www.youtube.com/watch?v=hIqMrPTeGTc
Paste the below code in your browser console (F12 > Console):

(()=>{
    markAllVideosAsNotBeingInteresting({
        iterations: 1
    });
})();
View playwright-stealth.js
const pw = require('playwright');
const UserAgent = require('user-agents');
const uuid = require('uuid');
const tmp = require('tmp-promise');
const UINT32_MAX = (2 ** 32) - 1;
const WEBGL_RENDERERS = ['ANGLE (NVIDIA Quadro 2000M Direct3D11 vs_5_0 ps_5_0)', 'ANGLE (NVIDIA Quadro K420 Direct3D9Ex vs_3_0 ps_3_0)', 'ANGLE (NVIDIA Quadro 2000M Direct3D9Ex vs_3_0 ps_3_0)', 'ANGLE (NVIDIA Quadro K2000M Direct3D11 vs_5_0 ps_5_0)', 'ANGLE (Intel(R) HD Graphics Direct3D9Ex vs_3_0 ps_3_0)', 'ANGLE (Intel(R) HD Graphics Family Direct3D9Ex vs_3_0 ps_3_0)', 'ANGLE (ATI Radeon HD 3800 Series Direct3D9Ex vs_3_0 ps_3_0)', 'ANGLE (Intel(R) HD Graphics 4000 Direct3D11 vs_5_0 ps_5_0)', 'ANGLE (Intel(R) HD Graphics 4000 Direct3D11 vs_5_0 ps_5_0)', 'ANGLE (AMD Radeon R9 200 Series Direct3D11 vs_5_0 ps_5_0)', 'ANGLE (Intel(R) HD Graphics Direct3D9Ex vs_3_0 ps_3_0)', 'ANGLE (Intel(R) HD Graphics Family Direct3D9Ex vs_3_0 ps_3_0)', 'ANGLE (Intel(R) HD Graphics Direct3D9Ex vs_3_0 ps_3_0)', 'ANGLE (Intel(R) HD Graphics Family Direct3D
View chaos.py
# github.com/m4ll0k (@m4ll0k2)
'''
Steps:
0. Make dir like chaos 'mkdir chaos'
1. Download this script in choas dir 'wget https://..'
2. Now: 'python3 choas.py |sort -u > dns_wordlist.txt'
'''
@pry0cc
pry0cc / cold
Created Aug 13, 2020
A quick script to generate an on-the-fly CSV of resolved assets. Useful for generating asset discovery lists.
View cold
#!/bin/bash
(echo "Subdomain,IP,Region,Country,Organization,Netblock,Link Type" && while read line; do ip=$(echo $line| cut -d " " -f 2); name=$(echo $line | cut -d " " -f 1); echo -n "$name,"; echo $ip | ipi '[.ip,.city,.region,.country,.company.name,.asn.name,.asn.route,.asn.type] | @csv'; done) | tee -a assets.csv
View common-domain-prefix-suffix-list.tsv
Rank Type Prefix/Suffix Length
1 Prefix my+ 2
2 Suffix +online 6
3 Prefix the+ 3
4 Suffix +web 3
5 Suffix +media 5
6 Prefix web+ 3
7 Suffix +world 5
8 Suffix +net 3
9 Prefix go+ 2
View bongchie.md

How to store all the bug bounty assets like domains, ip addresses, etc. in file and automatically check for the any 0day vuln that comes into the market?

Here is a simple approach that might work for you. Perform reconnaissance as you would typically do and collect hosts and targets. Next, find an application running the target software or setup a local instance. Gather strings that would easily allow you to discern the piece of software from other applications (e.g. with GitLab this may be _gitlab_session). With that small list of keywords in hand, fingerprint all hosts by requesting the index page using a tool such as meg by @TomNomNom and then grepping for the strings. Make sure to then store your findings in a structured fashion that allows you to query applications running that software in future. I primarily use text files in folders for this purpose but I know of others who prefer to store everything in a database.

View ecowater.py
#!/usr/bin/python3
import requests
import json
import re
import paho.mqtt.client as mqtt
import paho.mqtt.publish as publish
# Regex to match the hidden input on the initial log in page
@jhaddix
jhaddix / Github bash generated search links (from hunter.sh)
Created Jan 12, 2020
Github bash generated search links (from hunter.sh)
View Github bash generated search links (from hunter.sh)
@spikegrobstein
spikegrobstein / docker-compose.yml
Last active Jan 4, 2023
docker-compose file for sabnzbd/sonarr/radarr
View docker-compose.yml
# start up with 'docker-compose up -d' to start in background
# update images with 'docker-compose pull'
# this assumes that you have a sibling directory to this file called 'config' that contains all of the config for these services
# you can reference 'sabnzbd' 'radarr' or 'sonarr' from inside the containers (in the apps) to reference the other containers. no need to deal with IPs or hostnames
# remember that docker is isolated from the rest of your filesystem. you need to add volumes to the entries
# in order to give the processes access to them. so if you have multiple target directories for TV or Movies,
# then make sure you add each one that you want radarr/sonarr/sabnzbd to see.
version: '3'
services:
@vavkamil
vavkamil / blind-xss-cloudflare-worker.js
Last active Dec 2, 2022
Serverless Blind XSS hunter with Cloudflare Worker
View blind-xss-cloudflare-worker.js
addEventListener("fetch", event => {
event.respondWith(handleRequest(event.request))
})
////////////////////////////////////////////////////////////////////////////////////////////////////
// ! DON'T LEAK THE SECRETS !
// Use Workers KV if you can https://developers.cloudflare.com/workers/reference/storage/
const telegram_token = "*****REDACTED*****";
const telegram_url = "https://api.telegram.org/bot" + telegram_token + "/sendMessage";