This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| javascript:(function()%7Bvar j %3D document.getElementsByTagName("input")%3Bif (document.location.href.indexOf("%3F")>-1)%7Bvar l %3D "%26"%3B%7Delse%7Bvar l %3D "%3F"%3B%7Dfor (i%3D0%3Bi<j.length%3Bi%2B%2B)%7Bl%2B%3Dj%5Bi%5D.getAttribute("name")%2B'%3D"><test1234>%26'%7Ddocument.location %3D document.location%2Bl%7D)() |
EdOverflow
/ ghcheck
Created
April 6, 2019 15:26
Quickly determine the validity and scope of a GitHub access token.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| GREEN='\033[0;32m' | |
| RED='\033[0;31m' | |
| END='\033[0m' | |
| request=$(curl -s -u "hehe:$1" https://api.github.com/user) | |
| name=$(echo "$request" | jq -r ".login" 2> /dev/null) | |
| if [[ $name == "null" ]]; then | |
| echo -e "${RED}Not a GitHub access token.${END}" |
coderholic
/ ipinfo_resolv.sh
Created
September 30, 2020 00:03
Bulk hostname resolution with the IPinfo.io bulk endpoint
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| sed 's/$/\/hostname/' | parallel --jobs=12 --pipe -N1000 \ | |
| "curl -s -XPOST -H 'Content-Type: text/plain' --data-binary @- 'ipinfo.io/batch?token=$TOKEN&filter=1'" | \ | |
| grep '"' | sed 's|/hostname||' | cut -d'"' -f2,4 | tr '"' '\t' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Usage: ./dns_check.py <list_of_domain_names.txt> | |
| import dns.resolver | |
| import requests | |
| import re | |
| import json | |
| import sys | |
| resolver = dns.resolver.Resolver() | |
| resolver.timeout = 5 | |
| resolver.lifetime = 5 |
deeso
/ download_new_domains.py
Created
March 22, 2018 03:02
Download new domains from Whois Newly Registered Domains
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pymongo import MongoClient | |
| import json, os, time, signal, threading, sys | |
| from datetime import datetime, timedelta | |
| from gglsbl import SafeBrowsingList | |
| import requests | |
| from datetime import datetime | |
| from datetime import datetime, timedelta | |
| from virus_total_apis import PrivateApi, PublicApi | |
| import argparse |
nullenc0de
/ api-linkfinder.sh
Created
August 7, 2021 11:17
Exports links and params from API documentation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wget https://gist.githubusercontent.com/nullenc0de/bb16be959686295b3b1caff519cc3e05/raw/2016dc0e692821ec045edd5ae5c0aba5ec9ec3f1/api-linkfinder.yaml | |
| echo https://stripe.com/docs/api | hakrawler -t 500 -d 10 |nuclei -t ./linkfinder.yaml -o api.txt | |
| cat api.txt |grep url_params |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_params.txt | |
| cat api.txt |grep relative_links |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_link_finder.txt |
jboursiquot
/ limit_goroutines_with_semaphores.go
Last active
October 6, 2023 15:56
Limiting the number of running goroutines using semaphores in #golang
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var ( | |
| concurrency = 5 | |
| semaChan = make(chan struct{}, concurrency) | |
| ) | |
| func doWork(item int) { | |
| semaChan <- struct{}{} // block while full | |
| go func() { | |
| defer func() { | |
| <-semaChan // read releases a slot |
kasparsd
/ clone-popular.sh
Last active
January 3, 2024 16:06
Get the top 1000 most popular plugins on WordPress.org
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| mkdir -p popular | |
| while read repo; | |
| do | |
| [ -d "popular/$repo" ] || svn export "https://plugins.svn.wordpress.org/$repo/trunk" "popular/$repo" | |
| done <popular-plugins.txt |
nullenc0de
/ auto_git_query
Last active
January 6, 2024 15:08
Automated Github Queries (Can open 29 tabs at a time)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code | |
| https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code | |
| https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code | |
| https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code | |
| https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code | |
| https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code | |
| https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI |
lanmaster53
/ whey-cewler.py
Last active
January 9, 2024 18:49
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| Based on the initial work of Digininja at https://github.com/digininja/CeWL. While CeWL is a script written | |
| in Ruby that requires an independent crawl of a website in order to build a custom wordlist, Whey CeWLer | |
| runs within Portswigger's Burp Suite and parses an already crawled sitemap to build a custom wordlist. It | |
| does not have the meta data parsing capabilities that CeWL does, but it more than makes up for it in | |
| convenience. | |
| The name gets its origins from the CeWLer portion of the CO2 Burp extension by Jason Gillam, which is written | |
| in Java and does something similar, but Whey CeWLer is a completely reimagined extension written in Python, | |
| making it "way cooler". |
OlderNewer