Skip to content

Instantly share code, notes, and snippets.

random-robbie /
Created Apr 1, 2020
Grab all Plugins for drupal via drupal gitlab.
import requests
import json
from requests.packages.urllib3.exceptions import InsecureRequestWarning
session = requests.Session()
http_proxy = ""
proxyDict = {
"http" : http_proxy,
"https" : http_proxy,
BlackFan /
Last active Apr 10, 2022
Bootstrap XSS Collection


Bootstrap < 3.4.1 || < 4.3.1

✔️ CSP strict-dynamic bypass

Requires user interaction

Requires $('[data-toggle="tooltip"]').tooltip();

tomnomnom / alert.js
Last active May 6, 2022
Ways to alert(document.domain)
View alert.js
// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:
// Direct invocation
ethicalhack3r / wp_php_object_injection.rb
Last active Feb 9, 2022
Burp Suite Extension to detect PHP Object Injection in WordPress Plugins (read the code comments for additional info)
View wp_php_object_injection.rb
java_import 'burp.IBurpExtender'
java_import 'burp.IScannerCheck'
java_import 'burp.IScanIssue'
require 'java'
java_import 'java.util.Arrays'
java_import 'java.util.ArrayList'
# You will need to download JRuby's Complete.jar file from and configure Burp Extender with its path.
import requests
import sys
import json
def waybackurls(host, with_subs):
if with_subs:
url = '*.%s/*&output=json&fl=original&collapse=urlkey' % host
url = '*&output=json&fl=original&collapse=urlkey' % host
cure53 /
Last active Jan 8, 2021
WordPress SOME bug in plupload.flash.swf
cure53 /
Last active Jan 16, 2022
WordPress Flash XSS in flashmediaelement.swf
atcuno / gist:3425484ac5cce5298932
Last active Apr 30, 2022
HowTo: Privacy & Security Conscious Browsing
View gist:3425484ac5cce5298932

The purpose of this document is to make recommendations on how to browse in a privacy and security conscious manner. This information is compiled from a number of sources, which are referenced throughout the document, as well as my own experiences with the described technologies.

I welcome contributions and comments on the information contained. Please see the How to Contribute section for information on contributing your own knowledge.

Table of Contents

Neo23x0 /
Last active Apr 5, 2020
Wordpress Watcher - WPScan Vulnerabilty Scan on Wordpress Sites and Reporting
#!/usr/bin/env python
# -*- coding: iso-8859-1 -*-
# -*- coding: utf-8 -*-
# Wordpress Watcher
# Automating WPscan to scan and report vulnerable Wordpress sites
# Florian Roth
# v0.1
# March 2015
takeshixx /
Last active May 13, 2022
OpenSSL heartbeat PoC with STARTTLS support.
#!/usr/bin/env python2
Author: takeshix <>
PoC code for CVE-2014-0160. Original PoC by Jared Stafford (
Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP.
import sys,struct,socket
from argparse import ArgumentParser