Randy Gingeleski gingeleski
📈
gingeleski
/ start_chrome_pentest.sh
Created
October 12, 2021 20:44
Launch isolated Chrome with proxy server at port 8888 hooked up.
View start_chrome_pentest.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --user-data-dir="/tmp/chrome_pen_test" --disable-web-security --proxy-server=localhost:8888 |
View ChromeKey.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class ChromeKey(): | |
| def __init__(self): | |
| self.n = 0xb5d1dc441883596c5d2722832d33cef4e4daa6e9959d6fbd83a9374527e533408448512e7d9509182ef750a7bd7bebbbf3d1d5653d38a41e68af7581d173b168e89b26494b06477b61f9f53a7755ade9cc293135178ffa8e0e6b9b0cafe2a150d6ef0cfd385952b0206fca5398a7dbf6faefd55f00029c15cdc420dece3c7844a72a3054f7d564f1a94f4e33d27ce8284c396e1b140e3568b009a3307ed36c62b3b395d7be57750e6f9155ccf72b3a668445fcae8d5de1e2c1c645b4c2b2a615c0c6a53bb866366b5e9b0b74c41b9fe49ba26bbb75b1cb89ca943c948d6212c07e259568dd4a2f7daf67357d209794c0ab5b4087a339e7fb6da56022ad61ef09 | |
| self.__Rinv = 0x82f67980ee005a822d8425256906bde8151f4ff78ce42a7cc360d3d9a0f502ad0b88b65d1f5afeae3b3f8a0be60891b705fade98bfc075a9921fd91b08626c4408e25bf6c0077797a8ac579573bef6dd2351017c86a921e0cbc507ab02305a5bf022e8b3013f64ff612aba70d0a9190fc96d37d8b7f30c605198cb905dc35c1fa9244a897db199ffbdb3509cad349aa971e49de347feb79f4b2e8db9fa28129f202dbcf114562ecbe0ec37905a72caabce379000504cbe0c9c74c74f98486f2e5f2df85f2ed0be7373bfea40c42a6763a9d9c34a9e48c1a68f53b85e |
gingeleski
/ start_chrome_pentest.ps1
Last active
October 12, 2021 20:43
Launch isolated Chrome with proxy server at port 8888 hooked up.
View start_chrome_pentest.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cd 'C:\Program Files (x86)\Google\Chrome\Application'; | |
| .\chrome.exe --proxy-server=127.0.0.1:8888 --user-data-dir="C:\chrometempdir" --disable-web-security; |
gingeleski
/ parse_some_args.js
Created
June 19, 2020 21:19
Part of a Node program I wrote, just dealing with argument parsing, to show my sister how to do that.
View parse_some_args.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Parse command line arguments with the Minimist library | |
| const argv = require('minimist')(process.argv.slice(2)); | |
| // Main browser automation dependencies | |
| const { chromium, firefox, webkit } = require('playwright'); | |
| // Other dependencies | |
| const crypto = require('crypto'); | |
| const fse = require('fs-extra'); | |
| const path = require('path'); |
gingeleski
/ thwart_csv_injection.js
Created
November 9, 2019 20:27
Sanitize CSV data from having any executable functions in its cells.
View thwart_csv_injection.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var csvData = 'generate,=your(stuff),@here'; | |
| // Protect against CSV injection - ensure cells don't have ( ), or start with = @ + - unless followed by digit | |
| csvData = csvData.replace(/([()])/g, '').replace(/(^|[,\n\r])([=@+-]+)(?=[\D\.])/g, (match, offset, string) => { | |
| return match.replace(/[^,\n\r]/g, ''); | |
| }); |
gingeleski
/ bad_sessions.py
Created
June 9, 2019 20:24
Creates thousands of weak session token/cookie values. Used to demo Burp Suite Sequencer (you can "Manual Load" these in there) for security training.
View bad_sessions.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import random | |
| import string | |
| bad_random_chars1 = 'ABCFG123' # length = 8 | |
| bad_random_chars2 = 'HIKLN589' | |
| bad_random_chars3 = 'OQRTUVYZ' | |
| number_of_tokens = 5000 | |
| for _ in range(number_of_tokens): |
gingeleski
/ domain_extensions_payloads.txt
Created
November 7, 2018 01:45
Payload list of domain name (TLD) extensions.
View domain_extensions_payloads.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .com | |
| .co | |
| .app | |
| .online | |
| .space | |
| .store | |
| .tech | |
| .net | |
| .org | |
| .club |
gingeleski
/ grab_all_dp.py
Created
May 9, 2018 02:29
Download all cached Danger & Play posts. Dependencies: bs4, requests
View grab_all_dp.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from bs4 import BeautifulSoup | |
| import requests | |
| def get_all_links(r): | |
| all_links = [] | |
| soup = BeautifulSoup(r.content,'lxml') | |
| for url in soup.findAll('loc'): | |
| all_links.append(url.string) | |
| return all_links |
gingeleski
/ anaconda-python-3-download.jpg
Last active
March 28, 2017 00:08
Keyword Captain wiki images
gingeleski
/ bucksFizz.java
Created
January 18, 2017 00:58
Prints numbers 1 to 100, but for multiples of 3 prints “Bucks” instead and for multiples of 5 prints “Fizz”
View bucksFizz.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public static void printBucksFizzOrNumber() | |
| { | |
| for (int number = 1; number <= 100; number++) | |
| { | |
| boolean hasThreeOrFiveAsMultiple = false; | |
| // If number is a multiple of 3, print "Bucks" and set flag | |
| if (number % 3 == 0) | |
| { | |
| hasThreeOrFiveAsMultiple = true; |
NewerOlder