Skip to content

Instantly share code, notes, and snippets.

iosifnicolae2 /
Last active Nov 1, 2022
Youtube is Boring

How To Make Youtube Less Boring

Paste the below code in your browser console (F12 > Console):

        iterations: 1
View playwright-stealth.js
const pw = require('playwright');
const UserAgent = require('user-agents');
const uuid = require('uuid');
const tmp = require('tmp-promise');
const UINT32_MAX = (2 ** 32) - 1;
const WEBGL_RENDERERS = ['ANGLE (NVIDIA Quadro 2000M Direct3D11 vs_5_0 ps_5_0)', 'ANGLE (NVIDIA Quadro K420 Direct3D9Ex vs_3_0 ps_3_0)', 'ANGLE (NVIDIA Quadro 2000M Direct3D9Ex vs_3_0 ps_3_0)', 'ANGLE (NVIDIA Quadro K2000M Direct3D11 vs_5_0 ps_5_0)', 'ANGLE (Intel(R) HD Graphics Direct3D9Ex vs_3_0 ps_3_0)', 'ANGLE (Intel(R) HD Graphics Family Direct3D9Ex vs_3_0 ps_3_0)', 'ANGLE (ATI Radeon HD 3800 Series Direct3D9Ex vs_3_0 ps_3_0)', 'ANGLE (Intel(R) HD Graphics 4000 Direct3D11 vs_5_0 ps_5_0)', 'ANGLE (Intel(R) HD Graphics 4000 Direct3D11 vs_5_0 ps_5_0)', 'ANGLE (AMD Radeon R9 200 Series Direct3D11 vs_5_0 ps_5_0)', 'ANGLE (Intel(R) HD Graphics Direct3D9Ex vs_3_0 ps_3_0)', 'ANGLE (Intel(R) HD Graphics Family Direct3D9Ex vs_3_0 ps_3_0)', 'ANGLE (Intel(R) HD Graphics Direct3D9Ex vs_3_0 ps_3_0)', 'ANGLE (Intel(R) HD Graphics Family Direct3D
# (@m4ll0k2)
0. Make dir like chaos 'mkdir chaos'
1. Download this script in choas dir 'wget https://..'
2. Now: 'python3 |sort -u > dns_wordlist.txt'
pry0cc / cold
Created Aug 13, 2020
A quick script to generate an on-the-fly CSV of resolved assets. Useful for generating asset discovery lists.
View cold
(echo "Subdomain,IP,Region,Country,Organization,Netblock,Link Type" && while read line; do ip=$(echo $line| cut -d " " -f 2); name=$(echo $line | cut -d " " -f 1); echo -n "$name,"; echo $ip | ipi '[.ip,.city,.region,.country,,,.asn.route,.asn.type] | @csv'; done) | tee -a assets.csv
View common-domain-prefix-suffix-list.tsv
Rank Type Prefix/Suffix Length
1 Prefix my+ 2
2 Suffix +online 6
3 Prefix the+ 3
4 Suffix +web 3
5 Suffix +media 5
6 Prefix web+ 3
7 Suffix +world 5
8 Suffix +net 3
9 Prefix go+ 2

How to store all the bug bounty assets like domains, ip addresses, etc. in file and automatically check for the any 0day vuln that comes into the market?

Here is a simple approach that might work for you. Perform reconnaissance as you would typically do and collect hosts and targets. Next, find an application running the target software or setup a local instance. Gather strings that would easily allow you to discern the piece of software from other applications (e.g. with GitLab this may be _gitlab_session). With that small list of keywords in hand, fingerprint all hosts by requesting the index page using a tool such as meg by @TomNomNom and then grepping for the strings. Make sure to then store your findings in a structured fashion that allows you to query applications running that software in future. I primarily use text files in folders for this purpose but I know of others who prefer to store everything in a database.

import requests
import json
import re
import paho.mqtt.client as mqtt
import paho.mqtt.publish as publish
# Regex to match the hidden input on the initial log in page
jhaddix / Github bash generated search links (from
Created Jan 12, 2020
Github bash generated search links (from
View Github bash generated search links (from
spikegrobstein / docker-compose.yml
Last active Jan 4, 2023
docker-compose file for sabnzbd/sonarr/radarr
View docker-compose.yml
# start up with 'docker-compose up -d' to start in background
# update images with 'docker-compose pull'
# this assumes that you have a sibling directory to this file called 'config' that contains all of the config for these services
# you can reference 'sabnzbd' 'radarr' or 'sonarr' from inside the containers (in the apps) to reference the other containers. no need to deal with IPs or hostnames
# remember that docker is isolated from the rest of your filesystem. you need to add volumes to the entries
# in order to give the processes access to them. so if you have multiple target directories for TV or Movies,
# then make sure you add each one that you want radarr/sonarr/sabnzbd to see.
version: '3'
vavkamil / blind-xss-cloudflare-worker.js
Last active Dec 2, 2022
Serverless Blind XSS hunter with Cloudflare Worker
View blind-xss-cloudflare-worker.js
addEventListener("fetch", event => {
// Use Workers KV if you can
const telegram_token = "*****REDACTED*****";
const telegram_url = "" + telegram_token + "/sendMessage";