Skip to content

Instantly share code, notes, and snippets.

"><img src=x onerror=alert('Github @ethicalhack3r')><"

Ryan Dewhurst ethicalhack3r

"><img src=x onerror=alert('Github @ethicalhack3r')><"
View GitHub Profile
ethicalhack3r / info.text
Last active Nov 13, 2020
Simple WPScan commands
View info.text
Get your API token from if you also want the vulnerabilities associated with the detected plugin displaying.
For all plugins with known vulnerabilities:
wpscan --url -e vp --plugins-detection mixed --api-token YOUR_TOKEN
For all plugins in our database (could take a very long time):
wpscan --url -e ap --plugins-detection mixed --api-token YOUR_TOKEN
View ids.txt
> select id from vulnerabilities where poc != '';
| id |
| 6028 |
| 6219 |
| 6499 |
| 6548 |
| 7680 |
| 7710 |
View is_wordpress.rb
#!/usr/bin/env ruby
require 'wpscan'
require 'uri'
filename = ARGV[0]
def check_wordpress( website )
WPScan::Browser.instance( disable_tls_checks: true )
View mad5.txt
Yes, this is a joke. But we will really be releasing a WordPress plugin. Let us know if you find any vulnerabilities ;)
ethicalhack3r / http_ntlm__auth_brute.rb
Created Aug 17, 2018
Brute Forces HTTP NTLM Basic Authentication using Typhoeus
View http_ntlm__auth_brute.rb
#!/usr/bin/env ruby
require 'typhoeus'
target_url = ARGV[0]
usernames =[1]).split("\n")
passwords =[2]).split("\n")
hydra =
ethicalhack3r / wp_php_object_injection.rb
Last active Oct 28, 2019
Burp Suite Extension to detect PHP Object Injection in WordPress Plugins (read the code comments for additional info)
View wp_php_object_injection.rb
java_import 'burp.IBurpExtender'
java_import 'burp.IScannerCheck'
java_import 'burp.IScanIssue'
require 'java'
java_import 'java.util.Arrays'
java_import 'java.util.ArrayList'
# You will need to download JRuby's Complete.jar file from and configure Burp Extender with its path.
ethicalhack3r / html_test.html
Created Mar 6, 2017 — forked from rwestergren/html_test.html
HTML Email Filter Test
View html_test.html
<a onafterprint="console.log(244599)" onbeforeprint="console.log(309354)" onbeforeunload="console.log(879813)" onerror="console.log(949564)" onhashchange="console.log(575242)" onload="console.log(301053)" onmessage="console.log(976974)" onoffline="console.log(796090)" ononline="console.log(432638)" onpagehide="console.log(504345)" onpageshow="console.log(696619)" onpopstate="console.log(398418)" onresize="console.log(943097)" onstorage="console.log(882233)" onunload="console.log(929443)" onblur="console.log(932104)" onchange="console.log(102339)" oncontextmenu="console.log(761265)" onfocus="console.log(188946)" oninput="console.log(143653)" oninvalid="console.log(304208)" onreset="console.log(318472)" onsearch="console.log(778420)" onselect="console.log(942035)" onsubmit="console.log(603589)" onkeydown="console.log(650647)" onkeypress="console.log(579383)" onkeyup="console.log(821763)" onclick="console.log(284098)" ondblclick="console.log(477370)" ondrag="console.log(439095)" ondragend="console.log(546684)" o
ethicalhack3r / magento_version.rb
Created Dec 12, 2016
Finds the remote version of magento
View magento_version.rb
#!/usr/bin/env ruby
require 'typhoeus'
require 'json'
require 'uri'
require 'digest/md5'
target = ARGV[0]
ethicalhack3r / events.txt
Last active Oct 5, 2016
List of event attributes
View events.txt
ethicalhack3r /
Created Feb 29, 2016
[CFP] EuskalHack (San Sebastian / Donostia) 2016


EuskalHack Security Congress is the first Ethical Hacking association in Euskadi, with the aim of promoting the community and culture in digital security to anyone who may be interested.

This exclusive conference is shaping up to be the most relevant in the Basque Country, with an estimated 125 attendees for the first edition.

The participants include specialised companies, state security organisations, professionals, hobbyists and students in the area of security and Information Technology.

Estimated date and location