Skip to content

Instantly share code, notes, and snippets.

Avatar
:octocat:
BugBounty

Mehtab Zafar mzfr

:octocat:
BugBounty
View GitHub Profile
@mzfr
mzfr / ip2dh.py
Created May 27, 2020
Convert IP address to Decimal or hexadecimal format
View ip2dh.py
"""
You can run this in the following format:
For decimal: python3 ip2dh.py D <Ip-address>
For Hexadecimal: python3 ip2dh.py H <Ip-address>
"""
#!/usr/bin/python3
import sys
if len(sys.argv) < 3:
@mzfr
mzfr / WAHH_Task_Checklist.md
Created Aug 19, 2020 — forked from jhaddix/WAHH_Task_Checklist.md
The Web Application Hacker's Handbook - Task Checklist - Github-Flavored Markdown
View WAHH_Task_Checklist.md
@mzfr
mzfr / google-dorks
Created Aug 10, 2020 — forked from stevenswafford/google-dorks
Listing of a number of useful Google dorks.
View google-dorks
" _ _ "
" _ /|| . . ||\ _ "
" ( } \||D ' ' ' C||/ { % "
" | /\__,=_[_] ' . . ' [_]_=,__/\ |"
" |_\_ |----| |----| _/_|"
" | |/ | | | | \| |"
" | /_ | | | | _\ |"
It is all fun and games until someone gets hacked!
@mzfr
mzfr / findtraitor.py
Created Jun 11, 2019
Find users who unstarred your repository
View findtraitor.py
"""Help you find users who unstared your repository
"""
import os
import sys
import requests_cache
import argparse
URL = "https://api.github.com/repos/{}/{}/stargazers?per_page=100&page={}"
@mzfr
mzfr / duplicate.py
Created Jan 19, 2019
Find all the duplicate line of codes using AST
View duplicate.py
"""
Python code clone detector,
using Abstract Syntax Trees.
"""
import ast
import collections
class Position(ast.NodeVisitor):
View DB-details.md

What data do we store?

Currently the data that is stored in redis is in 3 category::

  1. The snare data which looks like:

    Code

@mzfr
mzfr / cloud_metadata.txt
Created Jul 30, 2020 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
View cloud_metadata.txt
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
View BurpSuiteSSLPassTrough.json
{
"proxy":{
"ssl_pass_through":{
"automatically_add_entries_on_client_ssl_negotiation_failure":false,
"rules":[
{
"enabled":true,
"host":".*\\.google\\.com",
"protocol":"any"
},
@mzfr
mzfr / bb-foxyproxy-pattern.json
Created Jun 26, 2020 — forked from ignis-sec/bb-foxyproxy-pattern.json
foxyproxy pattern (install Storage area explorer and import this file, foxyproxy import/export is broken)
View bb-foxyproxy-pattern.json
{
"30523382": {
"className": "Proxy",
"data": {
"bypassFPForPAC": true,
"color": "#f57575",
"configUrl": "",
"credentials": "U2FsdGVkX1+tf3lvD5TBClW2UUSZAT4AWsCo/i0kU2M=",
"cycle": false,
"enabled": true,
@mzfr
mzfr / Tanner-data-analysis.ipynb
Created May 31, 2020
Some sample code for analyzing data
View Tanner-data-analysis.ipynb
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.