Skip to content

Instantly share code, notes, and snippets.

View hackerpain's full-sized avatar
🎯
popping shellz on ya box

hackerpain

🎯
popping shellz on ya box
10 followers · 25 following
View GitHub Profile
@s0md3v
s0md3v / concurrency.go
Last active October 15, 2020 08:52
concurrency in golang
package main
import (
"sync"
"net/http"
)
func example_function(){
// function to be run concurrently
}
@hackerpain
hackerpain / nbAdBypass.js
Created June 12, 2020 20:24
javascript:(function(){document.querySelector('.bootbox').style.display="none";})()
/*
Bookmarklet to get rid of NameBio ads.
Requires some effort, to click on the bookmark, to execute the JS code.
I may port it to an extension at some point of time if the ads get more intrusive ;)
*/
@dwisiswant0
dwisiswant0 / .bash_profile
Created May 27, 2020 07:38
SQLi & XSS Vulnerability Scanner
###
# ▶ go get -u github.com/lc/gau
# ▶ go get -u github.com/tomnomnom/qsreplace
# ▶ go get -u github.com/tomnomnom/hacks/kxss
# ▶ go get -u github.com/hahwul/dalfox
# ▶ git clone https://github.com/dwisiswant0/DSSS
###
gauq() {
@payloadartist
payloadartist / firefox.sh
Last active February 6, 2021 20:42
Enumerate sub-domains, then open them in Firefox automatically. Useful for taking a quick glance at target's assets, and make notes, while doing recon.
# ------Instructions---------
# Install (and configure) subfinder, assetfinder, and httprobe
# go get -v github.com/projectdiscovery/subfinder/cmd/subfinder && go get -v github.com/tomnomnom/httprobe && go get -v github.com/tomnomnom/assetfinder
# cat firefox.sh >> ~/.bashrc
# source ~/.bashrc
# Usage - subf_ff target.tld
# asset_ff target.tld
subf_ff () {
subfinder -d $1 -silent -t 100 | httprobe -c 50 | sort -u | while read line; do firefox $line; sleep 10; done
@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active April 20, 2024 01:36
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@wh1tney
wh1tney / deploy-static-site-heroku.md
Last active April 23, 2024 17:49
How to deploy a static website to Heroku

Gist

This is a quick tutorial explaining how to get a static website hosted on Heroku.

Why do this?

Heroku hosts apps on the internet, not static websites. To get it to run your static portfolio, personal blog, etc., you need to trick Heroku into thinking your website is a PHP app. This 6-step tutorial will teach you how.

Basic Assumptions

@evilpacket
evilpacket / gist:3628941
Created September 5, 2012 01:35
Top 1000 from Alexa Top 1million
wget -q http://s3.amazonaws.com/alexa-static/top-1m.csv.zip;unzip top-1m.csv.zip; awk -F ',' '{print $2}' top-1m.csv|head -1000 > top-1000.txt; rm top-1m.csv*