Skip to content

Instantly share code, notes, and snippets.

View marz-hunter's full-sized avatar
🕷️
bug

Marzuki marz-hunter

🕷️
bug
View GitHub Profile
Loki
https://www.shodan.io/search?query=%22Loki+Locker%22
BlackBit
https://www.shodan.io/search?query=%22Encrypted+by+BlackBit%22
BlackHunt
https://www.shodan.io/search?query=%22Your+Network+Infected+with+BlackHunt+Ransomware+Team%22
Amelia, Proxima
@fransr
fransr / customcsrf.py
Created February 16, 2021 08:30
Hackvertor Custom CSRF tag
import httplib
import urllib
http = httplib.HTTPSConnection('example.com', 443)
cookie = 'your=cookies';
http.request("GET", "/api/v1/csrf", "", {
'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.146 Safari/537.36',
'referer': 'https://example.com/',
import xml.etree.ElementTree as ET
import urllib
import base64
import math
import sys
import re
# usage: Open Burp, navigate to proxy history, ctrl-a to select all records, right click and "Save Items" as an .xml file.
# python burplist.py burprequests.xml
# output is saved to wordlist.txt
@aayla-secura
aayla-secura / JSON_to_URL_encoded_form.py
Last active January 2, 2023 02:31
Convert JSON data to URL encoded form (application/x-www-form-urlencoded)
#!/usr/bin/env python3
import json
from urllib.parse import quote, quote_plus
import sys
import os
import argparse
parser = argparse.ArgumentParser(
.php
.html
.txt
.htm
.aspx
.asp
.js
.css
.pgsql.txt
.mysql.txt
@tillson
tillson / gist:620e8ef87bc057f25b0a27c423433fda
Created May 10, 2020 19:22
Decode Base64 strings in a git repo's commit history
from pydriller import RepositoryMining
import re
import base64
foundSet = set()
for commit in RepositoryMining('./').traverse_commits():
for mod in commit.modifications:
if mod.source_code_before != None:
regex = re.findall(r"<text encoding=\"base64\">[^>]+</text>", mod.source_code_before)
for result in regex:
@nullenc0de
nullenc0de / auto_git_query
Last active January 6, 2024 15:08
Automated Github Queries (Can open 29 tabs at a time)
https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code
https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code
https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code
https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code
https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI
@earthgecko
earthgecko / bash.generate.random.alphanumeric.string.sh
Last active February 22, 2024 13:56
shell/bash generate random alphanumeric string
#!/bin/bash
# bash generate random alphanumeric string
#
# bash generate random 32 character alphanumeric string (upper and lowercase) and
NEW_UUID=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
# bash generate random 32 character alphanumeric string (lowercase only)
cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 32 | head -n 1