Skip to content

Instantly share code, notes, and snippets.

View dzmitry-savitski's full-sized avatar

Dzmitry Savitski dzmitry-savitski

View GitHub Profile
@dzmitry-savitski
dzmitry-savitski / healhtcheck.java
Last active May 15, 2024 15:23
GSS healthcheck
https://github.com/ymartin59/java-kerberos-sfudemo/blob/df1f7dfd4801b06f1debc923e1cce4416ec02a7c/src/main/java/sfudemo/KerberosDemo.java#L154
#!/bin/bash
while true
do
oci resource-manager job create-apply-job --stack-id ocid1.ormstack.oc1.iad.<id> --execution-plan-strategy AUTO_APPROVED
sleep 300
done
@dzmitry-savitski
dzmitry-savitski / studocu.com unblur
Created November 4, 2023 11:50
Studocu uBlock Origin unblur, remove banner, latest 2023
studocu.com##div[style="display: block; user-select: none; filter: blur(4px);"]:style(filter: none !important;)
studocu.com##[id^="pf"] > [class^="_"]
@dzmitry-savitski
dzmitry-savitski / jenkins_decrypt.py
Created October 2, 2022 00:12
Jenkins decrypt credentials.xml python 3
#!/usr/bin/env python3
import re
import sys
import base64
from hashlib import sha256
from binascii import hexlify, unhexlify
from Crypto.Cipher import AES
MAGIC = b"::::MAGIC::::"
@dzmitry-savitski
dzmitry-savitski / user-name-rules.txt
Last active April 20, 2020 20:24
Generate user name lists suitable for brute force attacks from first name and last name using these John the Ripper rules
# Generate loins from First name & Last name wordlist (case insensitive)
# https://dzmitry-savitski.github.io/2020/04/generate-a-user-name-list-for-brute-force-from-first-and-last-name
[List.Rules:Login-Generator-i]
# johndoe
%1?w l Dp
# john_doe
%1?w l op_
#!/usr/bin/python
# Author: Dzmitry Savitski
# Get a new version at: https://github.com/dzmitry-savitski/vhost_bruteforcer
from __future__ import print_function
import requests
import urllib3
import argparse
import netaddr
from termcolor import colored
#!/bin/bash
for domain in $(cat $1);
do
# -L - follow redirect
# echo [http://$domain] - $(curl -w '%{size_download}' --output /dev/null -s http://$domain);
echo [https://$domain] - $(curl -w '%{size_download}' -L --insecure --max-time 2 --output /tmp/out/$domain.https.html -s https://$domain);
done;
@dzmitry-savitski
dzmitry-savitski / xpath_bruter_or.py
Last active March 1, 2019 07:08
Modified XPath injection module for recon-ng for 'OR' injections.
from __future__ import print_function
from recon.core.module import BaseModule
import urllib
import sys
# List of modifications:
# - swaped from and to or condition
# - added option to invers True/False strings
# - headers are now also checked for unique string
# - connection exceptions are handled
@dzmitry-savitski
dzmitry-savitski / ShellController.java
Created January 29, 2018 11:33
Spring MVC shell using controller and AsyncContext
package com.dsavitski.vulnerable.controllers;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.AsyncContext;
import javax.servlet.ServletInputStream;
import javax.servlet.ServletOutputStream;