Skip to content

Instantly share code, notes, and snippets.

View erwanlr's full-sized avatar

Erwan erwanlr

206 followers · 3 following
View GitHub Profile
@random-robbie
random-robbie / grab_plugins.py
Created April 1, 2020 10:49
Grab all Plugins for drupal via drupal gitlab.
import requests
import json
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
session = requests.Session()
http_proxy = "http://192.168.1.130:8085"
proxyDict = {
"http" : http_proxy,
"https" : http_proxy,
@cure53
cure53 / wordpress2.md
Last active January 8, 2021 17:55
WordPress SOME bug in plupload.flash.swf
@ethicalhack3r
ethicalhack3r / wp_php_object_injection.rb
Last active February 9, 2022 23:24
Burp Suite Extension to detect PHP Object Injection in WordPress Plugins (read the code comments for additional info)
java_import 'burp.IBurpExtender'
java_import 'burp.IScannerCheck'
java_import 'burp.IScanIssue'
require 'java'
java_import 'java.util.Arrays'
java_import 'java.util.ArrayList'
#
# You will need to download JRuby's Complete.jar file from http://jruby.org/download and configure Burp Extender with its path.
@Neo23x0
Neo23x0 / wpwatcher.py
Last active November 26, 2022 15:42
Wordpress Watcher - WPScan Vulnerabilty Scan on Wordpress Sites and Reporting
#!/usr/bin/env python
# -*- coding: iso-8859-1 -*-
# -*- coding: utf-8 -*-
#
# Wordpress Watcher
# Automating WPscan to scan and report vulnerable Wordpress sites
# Florian Roth
# v0.1
# March 2015
#
@cure53
cure53 / wordpress.md
Last active February 1, 2023 22:47
WordPress Flash XSS in flashmediaelement.swf
@unnitallman
unnitallman / gist:944011
Created April 27, 2011 10:11
sqlite with activerecord outside rails
require 'active_record'
ActiveRecord::Base.logger = Logger.new(STDERR)
ActiveRecord::Base.colorize_logging = false
ActiveRecord::Base.establish_connection(
:adapter => "sqlite3",
:dbfile => ":memory:"
)
@BlackFan
BlackFan / Bootstrap_XSS.md
Last active March 6, 2024 05:33
Bootstrap XSS Collection

CVE-2019-8331

Bootstrap < 3.4.1 || < 4.3.1

✔️ CSP strict-dynamic bypass

➖ Requires user interaction

➖ Requires $('[data-toggle="tooltip"]').tooltip();

@takeshixx
takeshixx / hb-test.py
Last active March 9, 2024 13:37
OpenSSL heartbeat PoC with STARTTLS support.
#!/usr/bin/env python2
"""
Author: takeshix <takeshix@adversec.com>
PoC code for CVE-2014-0160. Original PoC by Jared Stafford (jspenguin@jspenguin.org).
Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP.
"""
import sys,struct,socket
from argparse import ArgumentParser
@atcuno
atcuno / gist:3425484ac5cce5298932
Last active March 25, 2024 13:55
HowTo: Privacy & Security Conscious Browsing

The purpose of this document is to make recommendations on how to browse in a privacy and security conscious manner. This information is compiled from a number of sources, which are referenced throughout the document, as well as my own experiences with the described technologies.

I welcome contributions and comments on the information contained. Please see the How to Contribute section for information on contributing your own knowledge.

Table of Contents

@jbgo
jbgo / git-recover-branch.md
Last active March 29, 2024 05:04
How to recover a git branch you accidentally deleted

UPDATE: A better way! (August 2015)

As pointed out by @johntyree in the comments, using git reflog is easier and more reliable. Thanks for the suggestion!

 $ git reflog
1ed7510 HEAD@{1}: checkout: moving from develop to 1ed7510
3970d09 HEAD@{2}: checkout: moving from b-fix-build to develop
1ed7510 HEAD@{3}: commit: got everything working the way I want
70b3696 HEAD@{4}: commit: upgrade rails, do some refactoring