Skip to content

Instantly share code, notes, and snippets.

Avatar
🤔
Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Nathan nmalcolm

🤔
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
View GitHub Profile
View open_redirect_wordlist.txt
/http://example.com
/%5cexample.com
/%2f%2fexample.com
/example.com/%2f%2e%2e
/http:/example.com
/?url=http://example.com&next=http://example.com&redirect=http://example.com&redir=http://example.com&rurl=http://example.com
/?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com
/?url=/\/example.com&next=/\/example.com&redirect=/\/example.com
/redirect?url=http://example.com&next=http://example.com&redirect=http://example.com&redir=http://example.com&rurl=http://example.com
/redirect?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com
@nmalcolm
nmalcolm / base.py.patch
Created Nov 29, 2014
Instagram Pushpin
View base.py.patch
diff --git a/core/base.py b/core/base.py
index 4d957f8..67e838c 100644
--- a/core/base.py
+++ b/core/base.py
@@ -120,7 +120,7 @@ class Recon(framework.Framework):
# create the database and table
self.query_keys('CREATE TABLE keys (name TEXT PRIMARY KEY, value TEXT)')
# populate key names
- for name in ['bing_api', 'builtwith_api', 'facebook_api', 'facebook_password', 'facebook_secret', 'facebook_username', 'flickr_api', 'google_api', 'google_cse', 'ipinfodb_api', 'jigsaw_api', 'jigsaw_password', 'jigsaw_username', 'linkedin_api', 'linkedin_secret', 'linkedin_token', 'pwnedlist_api', 'pwnedlist_iv', 'pwnedlist_secret', 'rapportive_token', 'shodan_api', 'sonar_api', 'twitter_api', 'twitter_secret', 'twitter_token', 'virustotal_api']:
+ for name in ['bing_api', 'builtwith_api', 'facebook_api', 'facebook_password', 'facebook_secret', 'facebook_username', 'flickr_api', 'instagram_api', 'google_api', 'google_cse', 'ipinfodb_api', 'jigsaw_api', 'jigsaw_pas
@nmalcolm
nmalcolm / gist:74ba3211cd67e9139e10
Created Aug 2, 2014
Fetch size of remote file in bytes.
View gist:74ba3211cd67e9139e10
curl -sI www.site.com/file.tar.gz | grep Content-Length | awk '{print $2}'
You can’t perform that action at this time.