Skip to content

Instantly share code, notes, and snippets.

🔴
<script>alert(1);</script>

Edoardo Rosa edoz90

🔴
<script>alert(1);</script>
Block or report user

Report or block edoz90

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@edoz90
edoz90 / lfi_generator.py
Created Oct 27, 2019
Create PHP dockers (that are available on the official channel) to create a LFI test laboratory
View lfi_generator.py
#!/usr/bin/env python3
import glob
import requests
import subprocess
import sys
from bs4 import BeautifulSoup
from grp import getgrgid
from os import stat, path, chown
from pwd import getpwuid
@edoz90
edoz90 / mashell.py
Last active Oct 29, 2019
Execute command using HEX or CHAR encoding. Bypass WAF and IPS filtering enabling RCE using xp_cmdshell
View mashell.py
#!/usr/bin/env python3
# Injector script to get a pseudo-interactive shell using xp_cmdshell
# Source post:
# Author: edoz90 (dodo)
# https://twitter.com/_d_0_d_o_
#
# USAGE: python3 ./mashell.py "whoami /priv"
#
import binascii
import hashlib
@edoz90
edoz90 / parse_dump.py
Last active Jul 31, 2019
Parse `sqlmap` dumps from data breaches or leaks file into a JSON file
View parse_dump.py
#!/usr/bin/env python3
# -*- encoding: ascii -*-
#
# AUTHOR: Edoardo Rosa edoz90 https://github.com/edoz90
#
# DESCRIPTION: Parse `sqlmap` dumps from data breaches or leaks into JSON files
#
# Some files have shitty encoding/chars and they must be educated:
# sed -i 's/[^[:print:]\t]//g; s/\\r//g' *.txt
import click
View OSCPbuffer.md

Speed up videos

document.getElementById("video").playbackRate = 1.5;

VPN - NM

[vpn]
dev-type=tap
@edoz90
edoz90 / cleanvba.zsh
Created Dec 31, 2018
Clean VBA: this script should remove unused variables in obfuscated VBAs (should work also for other files)
View cleanvba.zsh
#!/usr/bin/env zsh
#
toclean=${1}
while read line; do
local length=$(echo -n ${line} | \wc -m)
if [[ ${length} -ge 50 ]]; then
local match=$(echo ${line} | \awk '{print $1}')
local file_match=$(\rg -i ${match} * -c | \awk -F ':' '{print $1}')
@edoz90
edoz90 / add_wp_user.sql
Created Nov 6, 2018
Add a Wordpress Admin user from MySQL
View add_wp_user.sql
INSERT INTO `wp_users` (`user_login`, `user_pass`, `user_nicename`, `user_email`, `user_status`) VALUES ('edoz90', MD5('passwordASD'), 'administrator', 'asd@asd.it', '0');
INSERT INTO `wp_usermeta` (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, (SELECT max(id) FROM wp_users), 'wp_capabilities', 'a:1:{s:13:"administrator";s:1:"1";}');
INSERT INTO `wp_usermeta` (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, (SELECT max(id) FROM wp_users), 'wp_user_level', '10');
@edoz90
edoz90 / steghide_brute.py
Last active Sep 8, 2019
CTF Multicore bruteforcer for `steghide`
View steghide_brute.py
#!/usr/bin/env python3
# -*- encoding: utf-8 -*-
import multiprocessing as mp
import os
import subprocess
import time
import sys
try:
import click
from colored import fg, stylize
@edoz90
edoz90 / caesar.py
Last active May 4, 2018
Caesar Cipher bruteforcer with basic support for advanced string trasformation
View caesar.py
#!/usr/bin/env python3
import sys
import base64
try:
import click
except Exception as e:
print(e)
print("Install click")
sys.exit(-1)
@edoz90
edoz90 / anti-memcached.py
Last active Mar 12, 2018
List of all memcached servers from shodan and script to kill (flush_all) DDoSing IPs.
View anti-memcached.py
#!/usr/bin/env python
import json
import socket
import urllib.request
from random import shuffle
def send_flush(s):
s.sendall("{}\r\n".format("flush_all").encode())
print(s.recv(4096).decode().strip())
@edoz90
edoz90 / windows_list.zsh
Last active Sep 13, 2019
Prints windows list on focused desktop (bspwm) with dedicated icons
View windows_list.zsh
#!/usr/bin/env zsh
#Get id of all non-floating windows on current desktop
WINDOWS=(${(f)"$(bspc query -N -d focused -n .window)"})
#Get id of currently focused window
FOCUSED="$(bspc query -N -d focused -n .focused.window)"
FORMAT="-f3-"
You can’t perform that action at this time.