Skip to content

Instantly share code, notes, and snippets.

View norsec0de's full-sized avatar

norsey norsec0de

45 followers · 70 following
  • Sydney, Australia
View GitHub Profile
@coolaj86
coolaj86 / ChatGPT-Dan-Jailbreak.md
Last active May 27, 2024 22:22
@jhaddix
jhaddix / reconftw.cfg
Last active April 13, 2024 20:42
reconFTW config file: NO google/osint, wordlist creation, nuclei js analysis
#################################################################
# reconFTW config file #
#################################################################
# General values
tools=~/Tools # Path installed tools
SCRIPTPATH="$( cd "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" # Get current script's path
profile_shell=".$(basename $(echo $SHELL))rc" # Get current shell profile
reconftw_version=$(git rev-parse --abbrev-ref HEAD)-$(git describe --tags) # Fetch current reconftw version
generate_resolvers=false # Generate custom resolvers with dnsvalidator
@jhaddix
jhaddix / Github Dorks
Created January 28, 2023 00:20
echo ""
echo "************ Github Dork Links (must be logged in) *******************"
echo ""
echo " password"
echo "https://github.com/search?q="hackertarget.site"+password&type=Code"
echo "https://github.com/search?q=""hackertarget""+password&type=Code"
echo ""
echo " npmrc _auth"
@defparam
defparam / fuzz.py
Created March 13, 2021 23:54
Differential Fuzzing of Regex using Atheris
import sys, re
import atheris
from urllib.parse import urlparse
# Our sketchy regex to be tested
OurRegex = re.compile(b"^(((([A-Za-z0-9.-]*\.)?example1\.com)|(([A-Za-z0-9.-]*\.)\?example2\.com)|(([A-Za-z0-9.-]*\.)?example3\.com)))")
# The allow list of domains the regex is trying to validate
Allowlist = [b"example1.com", b"example2.com", b"example3.com"]
@pich4ya
pich4ya / SCM_backdoor.txt
Last active April 9, 2024 17:06
Persistence (Backdoor) access to Windows with SCM (Service Control Manager) a.k.a. psexec without admin users
@author LongCat (Pichaya Morimoto)
By default, only admin users have right to manage SCM
but if you (mistakenly) grant a non-admin user to manage SCM,
he will be able to perform tasks on behalf admin / nt authority system rights.
This fact is a known system design mentioned in ..
1. Service Security and Access Rights
https://docs.microsoft.com/en-us/windows/desktop/Services/service-security-and-access-rights
@jhaddix
jhaddix / cloud_metadata.txt
Last active May 26, 2024 10:17 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key