Skip to content

Instantly share code, notes, and snippets.

View pikpikcu's full-sized avatar
😊
putune simbah

PikPikcU pikpikcu

😊
putune simbah
495 followers · 129 following
View GitHub Profile
@pikpikcu
pikpikcu / xss-cheat-sheet.md
Created January 21, 2020 02:18
layout title
post
xss cheat sheet

# xss-cheat-sheet

# Basics Xss

HTML Context - Simple Tag Injection

@pikpikcu
pikpikcu / short-wordlist.txt
Created January 21, 2020 02:36 — forked from tomnomnom/short-wordlist.txt
short-wordlist
/.s3cfg
/phpunit.xml
/nginx.conf
/.vimrc
/LICENSE.md
/yarn.lock
/Gulpfile
/Gulpfile.js
/composer.json
/.npmignore
@pikpikcu
pikpikcu / php-curl-crlf-injection.mkd
Created January 21, 2020 02:37 — forked from tomnomnom/php-curl-crlf-injection.mkd
CRLF Injection Into PHP's cURL Options

CRLF Injection Into PHP's cURL Options

I spent the weekend meeting hackers in Vegas, and I got talking to one of them about CRLF Injection. They'd not seen many CRLF Injection vulnerabilities in the wild, so I thought I'd write up an example that's similar to something I found a few months ago.

If you're looking for bugs legally through a program like hackerone, or you're a programmer wanting to write secure PHP: this might be useful to you.

@pikpikcu
pikpikcu / subdo_scan.md
Created January 21, 2020 05:59

subdo scann

#!/bin/sh

if [[ $# -eq 0 ]] ;
then
	echo "Usage: ./subdo.sh site.com"
	exit 1
else
@pikpikcu
pikpikcu / tmux.conf
Created January 26, 2020 09:37 — forked from spicycode/tmux.conf
The best and greatest tmux.conf ever
# 0 is too far from ` ;)
set -g base-index 1
# Automatically set window title
set-window-option -g automatic-rename on
set-option -g set-titles on
#set -g default-terminal screen-256color
set -g status-keys vi
set -g history-limit 10000
@pikpikcu
pikpikcu / tmux-cheatsheet.markdown
Created January 26, 2020 11:00 — forked from MohamedAlaa/tmux-cheatsheet.markdown
tmux shortcuts & cheatsheet

tmux shortcuts & cheatsheet

start new:

tmux

start new with session name:

tmux new -s myname
@pikpikcu
pikpikcu / .zshrc
Created January 27, 2020 16:09
```zshrc
#▄███████▄ ▄████████ ▄█ █▄ ▄████████ ▄████████
#██▀ ▄██ ███ ███ ███ ███ ███ ███ ███ ███
# ▄███▀ ███ █▀ ███ ███ ███ ███ ███ █▀
#▀█▀▄███▀▄▄ ███ ▄███▄▄▄▄███▄▄ ▄███▄▄▄▄██▀ ███
# ▄███▀ ▀ ▀███████████ ▀▀███▀▀▀▀███▀ ▀▀███▀▀▀▀▀ ███
#▄███▀ ███ ███ ███ ▀███████████ ███ █▄
#███▄ ▄█ ▄█ ███ ███ ███ ███ ███ ███ ███
#▀████████▀ ▄████████▀ ███ █▀ ███ ███ ████████▀
# ███ ███
@pikpikcu
pikpikcu / Base64_CheatSheet.md
Created January 30, 2020 02:22 — forked from Neo23x0/Base64_CheatSheet.md
Learning Aid - Top Base64 Encodings Table

Learning Aid - Top Base64 Encodings Table

MITRE ATT4CK - T1132 - Data Encoding

Base64 Code Mnemonic Aid Decoded* Description
JAB 🗣 Jabber $. Variable declaration (UTF-16)
TVq 📺 Television MZ MZ header
UEs 🏬 Upper East Side PK ZIP, Office documents
SUVY 🚙 SUV IEX PowerShell Invoke Expression
@pikpikcu
pikpikcu / waybackurls.py
Created January 31, 2020 07:31 — forked from mhmdiaa/waybackurls.py
import requests
import sys
import json
def waybackurls(host, with_subs):
if with_subs:
url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host
else:
url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host
@pikpikcu
pikpikcu / ip_encoder.py
Created January 31, 2020 07:35 — forked from mhmdiaa/ip_encoder.py
import sys
def to_octets(ip):
return [int(i) for i in ip.split('.')]
def dotless_decimal(ip):
octets = to_octets(ip)
result = octets[0] * 16777216 + octets[1] * \