Skip to content

Instantly share code, notes, and snippets.

View lowk3v's full-sized avatar
💪
Finding bugs

LowK lowk3v

💪
Finding bugs
47 followers · 104 following
View GitHub Profile
@lowk3v
lowk3v / xss-owasp-cheatsheet
Created October 23, 2016 02:45 — forked from sseffa/xss-owasp-cheatsheet
xss-owasp-cheatsheet
#
# https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
# based on the RSnake original http://ha.ckers.org/xss.html
# Retrieved on 2013-11-20
# Much of this wildly obsolete
#
# XSS Locator 2
'';!--"<XSS>=&{()}
@lowk3v
lowk3v / google-dorks
Created June 10, 2018 18:49 — forked from stevenswafford/google-dorks
Listing of a number of useful Google dorks.
" _ _ "
" _ /|| . . ||\ _ "
" ( } \||D ' ' ' C||/ { % "
" | /\__,=_[_] ' . . ' [_]_=,__/\ |"
" |_\_ |----| |----| _/_|"
" | |/ | | | | \| |"
" | /_ | | | | _\ |"
It is all fun and games until someone gets hacked!
@lowk3v
lowk3v / web-servers.md
Created June 27, 2018 11:42 — forked from willurd/web-servers.md
Big list of http static server one-liners

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

Discussion on reddit.

Python 2.x

$ python -m SimpleHTTPServer 8000
@lowk3v
lowk3v / alexa.js
Created August 16, 2018 10:06 — forked from chilts/alexa.js
Getting the Alexa top 1 million sites directly from the server, unzipping it, parsing the csv and getting each line as an array.
var request = require('request');
var unzip = require('unzip');
var csv2 = require('csv2');
request.get('http://s3.amazonaws.com/alexa-static/top-1m.csv.zip')
.pipe(unzip.Parse())
.on('entry', function (entry) {
entry.pipe(csv2()).on('data', console.log);
})
;
@lowk3v
lowk3v / AEScipher.py
Created October 7, 2018 03:04
AES cipher encrypt / decrypt
import base64
import hashlib
from Crypto import Random
from Crypto.Cipher import AES
from binascii import unhexlify
class AESCipher(object):
def __init__(self, key):
self.bs = 64
@lowk3v
lowk3v / flask-session.py
Created October 7, 2018 03:20
Encode / Decode session in flask
""" Flask Session Cookie Decoder/Encoder """
__author__ = 'Wilson Sumanang, Alexandre ZANNI'
# standard imports
import sys
import zlib
from itsdangerous import base64_decode
import ast
# Lib for argument parsing
@lowk3v
lowk3v / AES slipt attack
Created October 7, 2018 03:25
Change plain text in AES CBC using change IV
from flask import Flask, render_template, request, url_for, redirect, make_response, flash
import json
from hashlib import md5
from base64 import b64decode
from base64 import b64encode
from Crypto import Random
from Crypto.Cipher import AES
app = Flask(__name__)
app.secret_key = 'seed removed'
@lowk3v
lowk3v / kvthering.py
Last active October 12, 2019 14:00
Information gathering: real ip, server deploy
#!/usr/bin/python3
# Version: 2.0
# Author: Kev
import os
import sys
import threading
import datetime
from requests.packages.urllib3.exceptions import InsecureRequestWarning
import requests
@lowk3v
lowk3v / ArchLinux-install-guideline
Created October 26, 2018 05:04
Install Arch Linux
# Testing for a UEFI Boot
ls /sys/firmware/efi/efivars
# Connecting to the Internet
ping -c 3 www.google.co.uk
systemctl start dhcpcd.service
# identify the drive
lsblk
@lowk3v
lowk3v / create_dict.py
Created November 24, 2018 08:33
create dictionary for bruteforce in python
from itertools import chain, product
import string
def dict_all_size(charset, minlength, maxlength):
return (''.join(candidate)
for candidate in chain.from_iterable(product(charset, repeat=i)
for i in range(minlength, maxlength + 1)))
print([i for i in dict_all_size(string.hexdigits[:16], 2, 2)])