Skip to content

Instantly share code, notes, and snippets.

Avatar
📈

Randy Gingeleski gingeleski

📈
View GitHub Profile
@gingeleski
gingeleski / start_chrome_pentest.sh
Created Oct 12, 2021
Launch isolated Chrome with proxy server at port 8888 hooked up.
View start_chrome_pentest.sh
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --user-data-dir="/tmp/chrome_pen_test" --disable-web-security --proxy-server=localhost:8888
View ChromeKey.py
class ChromeKey():
def __init__(self):
self.n = 0xb5d1dc441883596c5d2722832d33cef4e4daa6e9959d6fbd83a9374527e533408448512e7d9509182ef750a7bd7bebbbf3d1d5653d38a41e68af7581d173b168e89b26494b06477b61f9f53a7755ade9cc293135178ffa8e0e6b9b0cafe2a150d6ef0cfd385952b0206fca5398a7dbf6faefd55f00029c15cdc420dece3c7844a72a3054f7d564f1a94f4e33d27ce8284c396e1b140e3568b009a3307ed36c62b3b395d7be57750e6f9155ccf72b3a668445fcae8d5de1e2c1c645b4c2b2a615c0c6a53bb866366b5e9b0b74c41b9fe49ba26bbb75b1cb89ca943c948d6212c07e259568dd4a2f7daf67357d209794c0ab5b4087a339e7fb6da56022ad61ef09
self.__Rinv = 0x82f67980ee005a822d8425256906bde8151f4ff78ce42a7cc360d3d9a0f502ad0b88b65d1f5afeae3b3f8a0be60891b705fade98bfc075a9921fd91b08626c4408e25bf6c0077797a8ac579573bef6dd2351017c86a921e0cbc507ab02305a5bf022e8b3013f64ff612aba70d0a9190fc96d37d8b7f30c605198cb905dc35c1fa9244a897db199ffbdb3509cad349aa971e49de347feb79f4b2e8db9fa28129f202dbcf114562ecbe0ec37905a72caabce379000504cbe0c9c74c74f98486f2e5f2df85f2ed0be7373bfea40c42a6763a9d9c34a9e48c1a68f53b85e
@gingeleski
gingeleski / start_chrome_pentest.ps1
Last active Oct 12, 2021
Launch isolated Chrome with proxy server at port 8888 hooked up.
View start_chrome_pentest.ps1
cd 'C:\Program Files (x86)\Google\Chrome\Application';
.\chrome.exe --proxy-server=127.0.0.1:8888 --user-data-dir="C:\chrometempdir" --disable-web-security;
@gingeleski
gingeleski / parse_some_args.js
Created Jun 19, 2020
Part of a Node program I wrote, just dealing with argument parsing, to show my sister how to do that.
View parse_some_args.js
// Parse command line arguments with the Minimist library
const argv = require('minimist')(process.argv.slice(2));
// Main browser automation dependencies
const { chromium, firefox, webkit } = require('playwright');
// Other dependencies
const crypto = require('crypto');
const fse = require('fs-extra');
const path = require('path');
@gingeleski
gingeleski / thwart_csv_injection.js
Created Nov 9, 2019
Sanitize CSV data from having any executable functions in its cells.
View thwart_csv_injection.js
var csvData = 'generate,=your(stuff),@here';
// Protect against CSV injection - ensure cells don't have ( ), or start with = @ + - unless followed by digit
csvData = csvData.replace(/([()])/g, '').replace(/(^|[,\n\r])([=@+-]+)(?=[\D\.])/g, (match, offset, string) => {
return match.replace(/[^,\n\r]/g, '');
});
@gingeleski
gingeleski / bad_sessions.py
Created Jun 9, 2019
Creates thousands of weak session token/cookie values. Used to demo Burp Suite Sequencer (you can "Manual Load" these in there) for security training.
View bad_sessions.py
import random
import string
bad_random_chars1 = 'ABCFG123' # length = 8
bad_random_chars2 = 'HIKLN589'
bad_random_chars3 = 'OQRTUVYZ'
number_of_tokens = 5000
for _ in range(number_of_tokens):
@gingeleski
gingeleski / domain_extensions_payloads.txt
Created Nov 7, 2018
Payload list of domain name (TLD) extensions.
View domain_extensions_payloads.txt
.com
.co
.app
.online
.space
.store
.tech
.net
.org
.club
@gingeleski
gingeleski / grab_all_dp.py
Created May 9, 2018
Download all cached Danger & Play posts. Dependencies: bs4, requests
View grab_all_dp.py
from bs4 import BeautifulSoup
import requests
def get_all_links(r):
all_links = []
soup = BeautifulSoup(r.content,'lxml')
for url in soup.findAll('loc'):
all_links.append(url.string)
return all_links
@gingeleski
gingeleski / bucksFizz.java
Created Jan 18, 2017
Prints numbers 1 to 100, but for multiples of 3 prints “Bucks” instead and for multiples of 5 prints “Fizz”
View bucksFizz.java
public static void printBucksFizzOrNumber()
{
for (int number = 1; number <= 100; number++)
{
boolean hasThreeOrFiveAsMultiple = false;
// If number is a multiple of 3, print "Bucks" and set flag
if (number % 3 == 0)
{
hasThreeOrFiveAsMultiple = true;