Skip to content

Instantly share code, notes, and snippets.

Avatar
:octocat:
BugBounty

Mehtab Zafar mzfr

:octocat:
BugBounty
View GitHub Profile
@mzfr
mzfr / exercise_4.ex
Created Jun 18, 2022
Solutions to The Little Elixir & OTP guidebook exercises
View exercise_4.ex
defmodule Stooge.Worker do
@moduledoc """
Exercises from The Little Elixir & OTP Guidebook, Section 4.4.
Write a `GenServer` taht can store any valid Elixir term, given a key. Here are a few operations to get you started:
- `Cache.write(:stooges, ["Larry", "Curly", "Moe"])`
- `Cache.read(:stooges)`
- `Cache.delete(:stooges)`
- `Cache.clear(:stooges)`
- `Cache.exist(:stooges)`
"""
@mzfr
mzfr / bookstack_md_import.py
Last active May 5, 2022
Script to import markdown to bookstack book
View bookstack_md_import.py
import requests
from glob import glob
from pathlib import Path
from os import path
BOOKSTACK_URL = "" # Your Bookstack URL
API_ID_TOKEN = "" # API ID and TOKEN in "ID:TOKEN" format
BOOK_ID = 8 #Your Book ID
Directory_path = "/home/notes/Web" # Path to the directory having all the files which needs to be uploaded as new pages
@mzfr
mzfr / WAHH_Task_Checklist.md
Created Aug 19, 2020 — forked from jhaddix/WAHH_Task_Checklist.md
The Web Application Hacker's Handbook - Task Checklist - Github-Flavored Markdown
View WAHH_Task_Checklist.md
@mzfr
mzfr / google-dorks
Created Aug 10, 2020 — forked from stevenswafford/google-dorks
Listing of a number of useful Google dorks.
View google-dorks
" _ _ "
" _ /|| . . ||\ _ "
" ( } \||D ' ' ' C||/ { % "
" | /\__,=_[_] ' . . ' [_]_=,__/\ |"
" |_\_ |----| |----| _/_|"
" | |/ | | | | \| |"
" | /_ | | | | _\ |"
It is all fun and games until someone gets hacked!
@mzfr
mzfr / cloud_metadata.txt
Created Jul 30, 2020 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
View cloud_metadata.txt
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
View BurpSuiteSSLPassTrough.json
{
"proxy":{
"ssl_pass_through":{
"automatically_add_entries_on_client_ssl_negotiation_failure":false,
"rules":[
{
"enabled":true,
"host":".*\\.google\\.com",
"protocol":"any"
},
@mzfr
mzfr / bb-foxyproxy-pattern.json
Created Jun 26, 2020 — forked from ignis-sec/bb-foxyproxy-pattern.json
foxyproxy pattern (install Storage area explorer and import this file, foxyproxy import/export is broken)
View bb-foxyproxy-pattern.json
{
"30523382": {
"className": "Proxy",
"data": {
"bypassFPForPAC": true,
"color": "#f57575",
"configUrl": "",
"credentials": "U2FsdGVkX1+tf3lvD5TBClW2UUSZAT4AWsCo/i0kU2M=",
"cycle": false,
"enabled": true,
@mzfr
mzfr / Tanner-data-analysis.ipynb
Created May 31, 2020
Some sample code for analyzing data
View Tanner-data-analysis.ipynb
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@mzfr
mzfr / sessions_downloader.py
Created May 31, 2020
This script helps you download all sessions from tanner if your API is accesible from outside
View sessions_downloader.py
"""
This is a small script that will help you download
all your data from snare tanner using tanner's API.
Always remember to deploy the API if the honeypot is
being deployed in the real world environment.
"""
import json
import requests
@mzfr
mzfr / ip2dh.py
Created May 27, 2020
Convert IP address to Decimal or hexadecimal format
View ip2dh.py
"""
You can run this in the following format:
For decimal: python3 ip2dh.py D <Ip-address>
For Hexadecimal: python3 ip2dh.py H <Ip-address>
"""
#!/usr/bin/python3
import sys
if len(sys.argv) < 3: