m4ll0k
/ _deobfuscating-unminifying-obfuscated-web-app-code.md
Created
March 26, 2024 20:04
— forked from 0xdevalias/_deobfuscating-unminifying-obfuscated-web-app-code.md
Some notes and tools for reverse engineering / deobfuscating / unminifying obfuscated web app code
m4ll0k
/ firebase_apiKeys_testing.html
Created
March 22, 2023 16:46
— forked from Anon-Exploiter/firebase_apiKeys_testing.html
For testing the Firebase API keys found in Web Applications or in JavaScript Code --
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title></title> | |
| </head> | |
| <body> | |
| <script src="https://www.gstatic.com/firebasejs/7.6.1/firebase-app.js"></script> | |
| <!-- If you enabled Analytics in your project, add the Firebase SDK for Analytics --> |
m4ll0k
/ nuclei-templates-delete.py
Last active
October 22, 2022 10:54
Delete nuclei shitty templates
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os,sys,yaml,argparse | |
| # example | |
| # python nuclei-templates-delete.py -p <nuclei-templates-dir> -d <id,id1,id2> or <ids.txt file> | |
| ids = [] | |
| nuclei_template_path = '' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /plaid/mobile/oauth_callback | |
| /callback | |
| /oauth2/idpresponse | |
| /signin-google | |
| /twitter_oauth_signin | |
| /soundcloud_oauth_signin | |
| /23andme_oauth_signin | |
| /500px_oauth_signin | |
| /agave_oauth_signin | |
| /amazon_oauth_signin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -api | |
| secretaccesskey | |
| dev_key | |
| accesskeyid | |
| eyj | |
| -api-key | |
| -auth | |
| -authorization | |
| -back | |
| -client |
m4ll0k
/ gist:11f40f41fac6277dd5a7c57367094873
Created
February 11, 2021 19:34
List of real addresses
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 777 Brockton Avenue, Abington MA 2351 | |
| 30 Memorial Drive, Avon MA 2322 | |
| 250 Hartford Avenue, Bellingham MA 2019 | |
| 700 Oak Street, Brockton MA 2301 | |
| 66-4 Parkhurst Rd, Chelmsford MA 1824 | |
| 591 Memorial Dr, Chicopee MA 1020 | |
| 55 Brooksby Village Way, Danvers MA 1923 | |
| 137 Teaticket Hwy, East Falmouth MA 2536 | |
| 42 Fairhaven Commons Way, Fairhaven MA 2719 | |
| 374 William S Canning Blvd, Fall River MA 2721 |
m4ll0k
/ gist:9cf22d4c76dbe0e1a0cc874f12c04963
Created
January 28, 2021 20:56
— forked from cjaoude/gist:fd9910626629b53c4d25
Test list of Valid and Invalid Email addresses
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Use: for testing against email regex | |
| ref: http://codefool.tumblr.com/post/15288874550/list-of-valid-and-invalid-email-addresses | |
| List of Valid Email Addresses | |
| email@example.com | |
| firstname.lastname@example.com | |
| email@subdomain.example.com | |
| firstname+lastname@example.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # github.com/m4ll0k (@m4ll0k2) | |
| ''' | |
| Steps: | |
| 0. Make dir like chaos 'mkdir chaos' | |
| 1. Download this script in choas dir 'wget https://..' | |
| 2. Now: 'python3 choas.py |sort -u > dns_wordlist.txt' | |
| ''' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| undefined | |
| undef | |
| null | |
| NULL | |
| (null) | |
| nil | |
| NIL | |
| true | |
| false | |
| True |
m4ll0k
/ gist:c33c3bac057584642c8a63144888e3d1
Created
June 22, 2020 13:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # replace $mytarget with your target | |
| gau $mytarget|egrep -iv '\.json'|grep -iE '\.js'|antiburl|awk '{print $4}' | xargs -I %% bash -c 'python3 SecretFinder.py -i %% -o cli' | |
| # use -r option for extract anything | |
| gau $mytarget|egrep -iv '\.json'|grep -iE '\.js'|antiburl|awk '{print $4}' | xargs -I %% bash -c 'python3 SecretFinder.py -i %% -o cli -r "$anything"' |
NewerOlder