Skip to content

Instantly share code, notes, and snippets.

🔴
<script>alert(1);</script>

Edoardo Rosa edoz90

🔴
<script>alert(1);</script>
Block or report user

Report or block edoz90

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View keybase.md

Keybase proof

I hereby claim:

  • I am edoz90 on github.
  • I am edoardo_rosa (https://keybase.io/edoardo_rosa) on keybase.
  • I have a public key whose fingerprint is 1220 9C4A 9062 019F 3D1D 9B77 BDC2 40F8 81A5 C413

To claim this, I am signing this object:

@edoz90
edoz90 / ssround.zsh
Last active Jan 4, 2020
Scan a list of IPs/subnets with Nmap and multiple from random and multiple VPNs to avoid IP filtering.
View ssround.zsh
#!/usr/bin/env zsh
trap ctrl_c INT
#
# author: dodo
#
# Scan a set of IPs/subnets using multiple VPN profiles
#
# Default values of arguments
local IPS=""
local CREDENTIALS_FILE="./credentials.txt"
@edoz90
edoz90 / lfi_generator.py
Created Oct 27, 2019
Create PHP dockers (that are available on the official channel) to create a LFI test laboratory
View lfi_generator.py
#!/usr/bin/env python3
import glob
import requests
import subprocess
import sys
from bs4 import BeautifulSoup
from grp import getgrgid
from os import stat, path, chown
from pwd import getpwuid
@edoz90
edoz90 / mashell.py
Last active Oct 29, 2019
Execute command using HEX or CHAR encoding. Bypass WAF and IPS filtering enabling RCE using xp_cmdshell
View mashell.py
#!/usr/bin/env python3
# Injector script to get a pseudo-interactive shell using xp_cmdshell
# Source post:
# Author: edoz90 (dodo)
# https://twitter.com/_d_0_d_o_
#
# USAGE: python3 ./mashell.py "whoami /priv"
#
import binascii
import hashlib
@edoz90
edoz90 / parse_dump.py
Last active Jul 31, 2019
Parse `sqlmap` dumps from data breaches or leaks file into a JSON file
View parse_dump.py
#!/usr/bin/env python3
# -*- encoding: ascii -*-
#
# AUTHOR: Edoardo Rosa edoz90 https://github.com/edoz90
#
# DESCRIPTION: Parse `sqlmap` dumps from data breaches or leaks into JSON files
#
# Some files have shitty encoding/chars and they must be educated:
# sed -i 's/[^[:print:]\t]//g; s/\\r//g' *.txt
import click
View OSCPbuffer.md

Speed up videos

document.getElementById("video").playbackRate = 1.5;

VPN - NM

[vpn]
dev-type=tap
@edoz90
edoz90 / cleanvba.zsh
Created Dec 31, 2018
Clean VBA: this script should remove unused variables in obfuscated VBAs (should work also for other files)
View cleanvba.zsh
#!/usr/bin/env zsh
#
toclean=${1}
while read line; do
local length=$(echo -n ${line} | \wc -m)
if [[ ${length} -ge 50 ]]; then
local match=$(echo ${line} | \awk '{print $1}')
local file_match=$(\rg -i ${match} * -c | \awk -F ':' '{print $1}')
@edoz90
edoz90 / add_wp_user.sql
Created Nov 6, 2018
Add a Wordpress Admin user from MySQL
View add_wp_user.sql
INSERT INTO `wp_users` (`user_login`, `user_pass`, `user_nicename`, `user_email`, `user_status`) VALUES ('edoz90', MD5('passwordASD'), 'administrator', 'asd@asd.it', '0');
INSERT INTO `wp_usermeta` (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, (SELECT max(id) FROM wp_users), 'wp_capabilities', 'a:1:{s:13:"administrator";s:1:"1";}');
INSERT INTO `wp_usermeta` (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, (SELECT max(id) FROM wp_users), 'wp_user_level', '10');
@edoz90
edoz90 / steghide_brute.py
Last active Sep 8, 2019
CTF Multicore bruteforcer for `steghide`
View steghide_brute.py
#!/usr/bin/env python3
# -*- encoding: utf-8 -*-
import multiprocessing as mp
import os
import subprocess
import time
import sys
try:
import click
from colored import fg, stylize
@edoz90
edoz90 / caesar.py
Last active May 4, 2018
Caesar Cipher bruteforcer with basic support for advanced string trasformation
View caesar.py
#!/usr/bin/env python3
import sys
import base64
try:
import click
except Exception as e:
print(e)
print("Install click")
sys.exit(-1)
You can’t perform that action at this time.