Skip to content

Instantly share code, notes, and snippets.

View mswell's full-sized avatar
🎯
Focusing

Wellington Moraes mswell

🎯
Focusing
236 followers · 60 following
View GitHub Profile
@mswell
mswell / swaggerXSS.json
Last active April 8, 2024 22:32
swagger: '2.0'
info:
title: Example yaml.spec
description: |
<?math ><![CDATA[ ><img src onerror=alert(1)> ]]> ?>
paths:
/accounts:
get:
responses:
'200':
@mswell
mswell / keybase.md
Last active May 13, 2022 11:59

Keybase proof

I hereby claim:

  • I am mswell on github.
  • I am wellpunk (https://keybase.io/wellpunk) on keybase.
  • I have a public key whose fingerprint is CD45 E640 4277 A713 BC26 1D0B 0F11 7A6F 93A5 E716

To claim this, I am signing this object:

@mswell
mswell / regexJS
Last active August 30, 2021 17:59 — forked from m4ll0k/file.txt
-api
secretaccesskey
dev_key
accesskeyid
eyj
-api-key
-auth
-authorization
-back
-client
@mswell
mswell / JavascriptRecon.md
Created August 18, 2021 20:55
My Javascript Recon Process - BugBounty

Description

This is a simple guide to perform javascript recon in the bugbounty

Steps

  • The first step is to collect possibly several javascript files (more files = more paths,parameters -> more vulns)
@mswell
mswell / hackerone-update-program-scopes.sh
Created August 12, 2021 18:27 — forked from honoki/hackerone-update-program-scopes.sh
Update the scope of your HackerOne programs
#!/bin/bash
# Update the scope of your HackerOne programs
h1name="<your-hackerone-username>"
apitoken="<your-hackerone-api-token>"
next='https://api.hackerone.com/v1/hackers/programs?page%5Bsize%5D=100'
for p in $(bbrf programs where platform is hackerone --show-empty-scope); do
h1id=$(bbrf show $p | jq -r .tags.h1id)
@mswell
mswell / hackerone-initiate-programs.sh
Created August 12, 2021 18:27 — forked from honoki/hackerone-initiate-programs.sh
Create new BBRF programs from your private and public HackerOne programs.
#!/bin/bash
# Initiate new BBRF programs from your public and private HackerOne programs
h1name="<your-hackerone-username>"
apitoken="<your-hackerone-api-token>"
next='https://api.hackerone.com/v1/hackers/programs?page%5Bsize%5D=100'
while [ "$next" ]; do
@mswell
mswell / python-guide.sh
Last active July 9, 2020 17:41 — forked from henriquebastos/python-guide.sh
The definitive guide to setup my Python workspace
# The definitive guide to setup my Python workspace with ubuntu and ZSH
# Author: Henrique Bastos <henrique@bastos.net>
# Modified by Wellington Moraes <wellpunk@gmail.com>
PY3=3.8.3
PY2=2.7.18
PY3TOOLS="youtube-dl pytest nornir stormssh flake8 pylint requests virtualenvwrapper"
PY2TOOLS="rename"
VENVS=~/.ve
@mswell
mswell / all.txt
Created July 15, 2019 17:30 — forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
.
..
........
@
*
*.*
*.*.*
🐎
@mswell
mswell / git.md
Created December 19, 2017 10:53 — forked from leocomelli/git.md
Lista de comandos úteis do GIT

#GIT

Estados

  • Modificado (modified);
  • Preparado (staged/index)
  • Consolidado (comitted);

Ajuda

@mswell
mswell / install.md
Created November 14, 2017 19:27 — forked from brady-vitrano/install.md
Install Booked on Ubuntu