A combination of my own methodology and the Web Application Hacker's Handbook Task checklist, as a Github-Flavored Markdown file
Daehee daehee
jhaddix
/ Testing_Checklist.md
Last active
April 26, 2024 21:38
— forked from amotmot/WAHH_Task_Checklist.md
Fast Simple Appsec Testing Checklist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Usage : ./scanio.sh <save file> | |
| # Example: ./scanio.sh cname_list.txt | |
| # Premium | |
| function ech() { | |
| spinner=( "|" "/" "-" "\\" ) | |
| while true; do | |
| for i in ${spinner[@]}; do | |
| echo -ne "\r[$i] $1" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Telegraf Configuration | |
| # | |
| # Telegraf is entirely plugin driven. All metrics are gathered from the | |
| # declared inputs, and sent to the declared outputs. | |
| # | |
| # Plugins must be declared in here to be active. | |
| # To deactivate a plugin, comment out the name and any variables. | |
| # | |
| # Use 'telegraf -config telegraf.conf -test' to see what metrics a config | |
| # file would generate. |
As an avid CTF'er, I was very much excited when I heard about the H1-212 CTF. Thus, letting my misguided priorities get the better of me, I decided to set my studies aside and try this HackerOne CTF 😄
It didn't take me too long though to realize that I suck at bug bounties and that this challenge wasn't going to be easy...
PaulSec
/ retrieve_scope.py
Created
October 19, 2017 11:41
Retrieve scope from HackerOne (using their directory) + all public reports (commented part)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import csv | |
| import json | |
| hackerone_url = "https://hackerone.com" | |
| page = 1 | |
| session = requests.Session() | |
| # titles = [] | |
| reports = [] |
This is a story about how I tried to use Go for scripting. In this story, I’ll discuss the need for a Go script, how we would expect it to behave and the possible implementations; During the discussion I’ll deep dive to scripts, shells, and shebangs. Finally, we’ll discuss solutions that will make Go scripts work.
While python and bash are popular scripting languages, C, C++ and Java are not used for scripts at all, and some languages are somewhere in between.
crittermike
/ wget.sh
Last active
March 26, 2024 22:49
Download an entire website with wget, along with assets.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # One liner | |
| wget --recursive --page-requisites --adjust-extension --span-hosts --convert-links --restrict-file-names=windows --domains yoursite.com --no-parent yoursite.com | |
| # Explained | |
| wget \ | |
| --recursive \ # Download the whole site. | |
| --page-requisites \ # Get all assets/elements (CSS/JS/images). | |
| --adjust-extension \ # Save files with .html on the end. | |
| --span-hosts \ # Include necessary assets from offsite as well. | |
| --convert-links \ # Update links to still work in the static version. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| #################################################################################### | |
| # Slack Bash console script for sending messages. | |
| #################################################################################### | |
| # Installation | |
| # $ curl -s https://gist.githubusercontent.com/andkirby/67a774513215d7ba06384186dd441d9e/raw --output /usr/bin/slack | |
| # $ chmod +x /usr/bin/slack | |
| #################################################################################### | |
| # USAGE | |
| # Send message to slack channel/user |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| . | |
| .. | |
| ........ | |
| @ | |
| * | |
| *.* | |
| *.*.* | |
| 🎠|
pauloromeira
/ tlp
Last active
April 29, 2024 09:35
My TLP config file (/etc/default/tlp) for ThinkPad
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ------------------------------------------------------------------------------ | |
| # tlp - Parameters for power saving | |
| # See full explanation: http://linrunner.de/en/tlp/docs/tlp-configuration.html | |
| # dir: /etc/default/tlp | |
| # Hint: some features are disabled by default, remove the leading # to enable | |
| # them. | |
| # Set to 0 to disable, 1 to enable TLP. |