Skip to content

Instantly share code, notes, and snippets.

Avatar
:octocat:
BugBounty

Mehtab Zafar mzfr

:octocat:
BugBounty
252 followers · 40 following · 1.1k
View GitHub Profile
@mzfr
mzfr / WAHH_Task_Checklist.md
Created Aug 19, 2020 — forked from jhaddix/WAHH_Task_Checklist.md
The Web Application Hacker's Handbook - Task Checklist - Github-Flavored Markdown
View WAHH_Task_Checklist.md
@mzfr
mzfr / google-dorks
Created Aug 10, 2020 — forked from stevenswafford/google-dorks
Listing of a number of useful Google dorks.
View google-dorks
" _ _ "
" _ /|| . . ||\ _ "
" ( } \||D ' ' ' C||/ { % "
" | /\__,=_[_] ' . . ' [_]_=,__/\ |"
" |_\_ |----| |----| _/_|"
" | |/ | | | | \| |"
" | /_ | | | | _\ |"
It is all fun and games until someone gets hacked!
@mzfr
mzfr / cloud_metadata.txt
Created Jul 30, 2020 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
View cloud_metadata.txt
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@mzfr
mzfr / BurpSuiteSSLPassTrough.json
Created Jun 26, 2020 — forked from vsec7/BurpSuiteSSLPassTrough.json
Filter out the noise
View BurpSuiteSSLPassTrough.json
{
"proxy":{
"ssl_pass_through":{
"automatically_add_entries_on_client_ssl_negotiation_failure":false,
"rules":[
{
"enabled":true,
"host":".*\\.google\\.com",
"protocol":"any"
},
@mzfr
mzfr / bb-foxyproxy-pattern.json
Created Jun 26, 2020 — forked from ignis-sec/bb-foxyproxy-pattern.json
foxyproxy pattern (install Storage area explorer and import this file, foxyproxy import/export is broken)
View bb-foxyproxy-pattern.json
{
"30523382": {
"className": "Proxy",
"data": {
"bypassFPForPAC": true,
"color": "#f57575",
"configUrl": "",
"credentials": "U2FsdGVkX1+tf3lvD5TBClW2UUSZAT4AWsCo/i0kU2M=",
"cycle": false,
"enabled": true,
@mzfr
mzfr / Tanner-data-analysis.ipynb
Created May 31, 2020
Some sample code for analyzing data
View Tanner-data-analysis.ipynb
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@mzfr
mzfr / sessions_downloader.py
Created May 31, 2020
This script helps you download all sessions from tanner if your API is accesible from outside
View sessions_downloader.py
"""
This is a small script that will help you download
all your data from snare tanner using tanner's API.
Always remember to deploy the API if the honeypot is
being deployed in the real world environment.
"""
import json
import requests
@mzfr
mzfr / ip2dh.py
Created May 27, 2020
Convert IP address to Decimal or hexadecimal format
View ip2dh.py
"""
You can run this in the following format:
For decimal: python3 ip2dh.py D <Ip-address>
For Hexadecimal: python3 ip2dh.py H <Ip-address>
"""
#!/usr/bin/python3
import sys
if len(sys.argv) < 3:
@mzfr
mzfr / DB-details.md
Last active Aug 24, 2020
View DB-details.md

What data do we store?

Currently the data that is stored in redis is in 3 category::

  1. The snare data which looks like:

    Code

@mzfr
mzfr / MyApps.md
Last active Apr 23, 2020
List of Android apps that I use.
View MyApps.md

Apps

This is the list of apps that I use or have tried in past. Bold ones are those which I am using currently.

Notes

  • Google keep note: Like the simplicity and sync around.
  • Evernote: No good client for Linux and have too much functionality.
  • OneNote: haven't used it and might not use it.
  • journal and various other CLI based: Just didn't got that feel and didn't had a good android support.