Skip to content

Instantly share code, notes, and snippets.

View ehsahil's full-sized avatar

Sahil Ahamad ehsahil

256 followers · 257 following
View GitHub Profile
@ehsahil
ehsahil / .bash_profile
Created January 22, 2020 06:03 — forked from natelandau/.bash_profile
Mac OSX Bash Profile
# ---------------------------------------------------------------------------
#
# Description: This file holds all my BASH configurations and aliases
#
# Sections:
# 1. Environment Configuration
# 2. Make Terminal Better (remapping defaults and adding functionality)
# 3. File and Folder Management
# 4. Searching
# 5. Process Management
@ehsahil
ehsahil / find-aws-region.py
Created November 7, 2019 18:21 — forked from LyftGalactic/find-aws-region.py
A quick script to determine AWS Region from IP Address
from ipaddress import ip_network, ip_address
import json
import requests
import sys
def find_aws_region():
ip_json = requests.get('https://ip-ranges.amazonaws.com/ip-ranges.json')
#ip_json = json.load(open('ip-ranges.json'))
ip_json = ip_json.json()
prefixes = ip_json['prefixes']
@ehsahil
ehsahil / List of API endpoints & objects
Created November 4, 2019 06:18 — forked from yassineaboukir/List of API endpoints & objects
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000
@ehsahil
ehsahil / content_discovery_nullenc0de.txt
Created August 29, 2019 04:39 — forked from nullenc0de/content_discovery_nullenc0de.txt
content_discovery_nullenc0de.txt
This file has been truncated, but you can view the full file.
/
$$$lang-translate.service.js.aspx
$367-Million-Merger-Blocked.html
$defaultnav
${idfwbonavigation}.xml
$_news.php
$search2
£º
.0
@ehsahil
ehsahil / auto_git_query
Created August 29, 2019 04:21 — forked from nullenc0de/auto_git_query
Automated Github Queries (Can open 29 tabs at a time)
https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code
https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code
https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code
https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code
https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI
@ehsahil
ehsahil / xss_cheatsheet.txt
Created June 10, 2019 18:49 — forked from ngalongc/xss_cheatsheet.txt
_____ _ _ _ __ _______ _____ _____ _ _ _ _
| __ \ | | | | | \ \ / / ___/ ___| / __ \ | | | | | | |
| | \/ |__ ___| |_| |_ ___ \ V /\ `--.\ `--. | / \/ |__ ___ __ _| |_ ___| |__ ___ ___| |_
| | __| '_ \ / _ \ __| __|/ _ \ / \ `--. \`--. \ | | | '_ \ / _ \/ _` | __/ __| '_ \ / _ \/ _ \ __|
| |_\ \ | | | __/ |_| |_| (_) | / /^\ |\__/ /\__/ / | \__/\ | | | __/ (_| | |_\__ \ | | | __/ __/ |_
\____/_| |_|\___|\__|\__|\___/ \/ \|____/\____/ \____/_| |_|\___|\__,_|\__|___/_| |_|\___|\___|\__|
A ghetto collection of XSS payloads that I find to be useful during penetration tests, especially when faced with WAFs or application-based black-list filtering, but feel free to disagree or shoot your AK-74 in the air.
Simple character manipulations.
@ehsahil
ehsahil / list.txt
Created May 13, 2019 15:46 — forked from shortjared/list.txt
List of AWS Service Principals
acm.amazonaws.com
alexa-appkit.amazon.com
apigateway.amazonaws.com
application-autoscaling.amazonaws.com
appstream.application-autoscaling.amazonaws.com
appsync.amazonaws.com
athena.amazonaws.com
autoscaling.amazonaws.com
batch.amazonaws.com
channels.lex.amazonaws.com
@ehsahil
ehsahil / OSCE Preparation
Created May 9, 2019 18:01 — forked from cyberheartmi9/OSCE Preparation
http://whitelist1.com/
https://ocw.cs.pub.ro/courses/cns/labs/start
https://windowsexploit.com/blog
https://www.securitysift.com/windows-exploit-development-part-1-basics/
http://6.www.shogunlab.com/blog/2017/08/19/zdzg-windows-exploit-1.html
http://corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
https://tuts4you.com/e107_plugins/download/download.php?list.17=
https://learnxinyminutes.com/docs/c/
http://www.thegreycorner.com/
http://www.dmi.unipg.it/bista/didattica/sicurezza-pg/buffer-overrun/hacking-book/0x2a0-writing_shellcode.html
@ehsahil
ehsahil / SoundCloud API Endpoints.cs
Created May 8, 2019 18:06 — forked from JBou/SoundCloud API Endpoints.cs
SoundCloud API Endpoints
//Authorization
{ ApiCommand.AuthorizationCodeFlow, new Uri("https://soundcloud.com/connect?scope=non-expiring&client_id={0}&response_type={1}&redirect_uri={2}") },
{ ApiCommand.UserAgentFlow, new Uri("https://soundcloud.com/connect?client_id={0}&response_type=token&redirect_uri={1}") },
{ ApiCommand.UserCredentialsFlow, new Uri("https://api.soundcloud.com/oauth2/token?client_id={0}&client_secret={1}&grant_type=password&username={2}&password={3}") },
{ ApiCommand.RefreshToken, new Uri("https://api.soundcloud.com/oauth2/token?client_id={0}&client_secret={1}&grant_type=refresh_token&refresh_token={2}") },
//Me
{ ApiCommand.Me, new Uri("https://api.soundcloud.com/me.json") },
{ ApiCommand.MeTracks, new Uri("https://api.soundcloud.com/me/tracks.json") },
{ ApiCommand.MeComments, new Uri("https://api.soundcloud.com/me/comments.json") },