Skip to content

Instantly share code, notes, and snippets.

View refabr1k's full-sized avatar

refabr1k

11 followers · 0 following
  • refabr1k
  • Singapore
View GitHub Profile
@refabr1k
refabr1k / ciscat_html_to_excel.py
Created November 28, 2023 12:54
ciscat html to excel - csv with "title, description, rationale, remediation"
from bs4 import BeautifulSoup
import csv
def extract_data_from_html(html_path):
with open(html_path, 'r', encoding='utf-8') as file:
html_content = file.read()
soup = BeautifulSoup(html_content, 'html.parser')
extracted_data = []
@refabr1k
refabr1k / server.js
Last active October 26, 2023 02:19
nodejs csp example
const express = require('express');
const helmet = require('helmet');
const app = express();
const PORT = 3000;
// Using Helmet to set CSP
// app.use(helmet());
// app.use(helmet.contentSecurityPolicy({
@refabr1k
refabr1k / setup xrdp server.md
Created October 25, 2023 23:34
setup xrdp server

On the Linux Server:

  1. Install xrdp and xfce (or another desktop environment)

    sudo apt update
sudo apt install xrdp xfce4 xfce4-goodies

  2. Configure xrdp to use xfce

@refabr1k
refabr1k / gist:b2122437894892aa6c2d997d9c9a4075
Created July 22, 2023 05:54
cryptsetup luks2
https://www.cyberciti.biz/security/howto-linux-hard-disk-encryption-with-luks-cryptsetup-command/
@refabr1k
refabr1k / AWS Pentesting Playbook.md
Last active July 21, 2023 17:31
AWS Pentesting Playbook
@refabr1k
refabr1k / ippsec_genymotion_setup.md
Last active July 5, 2023 14:21
ippsec guide to genymotion (windows edition)

video: https://www.youtube.com/watch?v=xp8ufidc514

Genymotion cannot start android emulator - shows the error "The VirtualBox DHCP server has not assigned an IP address to the virtual device"

Workaround:

  • on your virtualbox, select and start the created android emulator vm
@refabr1k
refabr1k / win cmd.txt
Last active June 29, 2023 02:30
win cmd
# Local Group Policy blocks powershell
## Windows Setting > Security Settings > Software Restriction Policies > Additional Rules > PowerShell.EXE (Type Hash, Disallowed)
copy system32 powershell to desktop
Set /p comm=cmd~
cmd~echo >> C:\path\of\desktop\powershell.exe
# 'Prevent access to command prompt' bypass (refer as runcmd.bat)
@echo off
:a
Set /p comm=cmd~
@refabr1k
refabr1k / setup bugbounty tools.md
Last active July 23, 2023 07:56
setup bugbounty tools 
#!/bin/bash

#mkdir tools dir
mkdir ~/Tools
mkdir ~/Wordlists


#sublime
@refabr1k
refabr1k / app.php
Created March 1, 2023 14:55
Intigriti - 2023-02-23 Can you spot the vulnerability?
<?php
if (isset($_GET['email']))
$email = filter_var($_GET['email'],
FILTER_SANITIZE_EMAIL);
if (isset($_GET['xss']))
$xss = htmlspecialchars($_GET['xss']);
if (isset($_GET['path'])) {
$path = $_GET['path'];
while (strpos($path, '../') !== false) {
$path = str_replace('../', '', $path);
@refabr1k
refabr1k / gist:a5326b054474396caccf6114b731df56
Created January 30, 2022 13:30
linux java versions
You can find a mirror of different Java versions to run on Linux at this location. http://mirrors.rootpei.com/jdk/
Select the jdk-8u181-linux-x64.tar.gz package (or alternatively, download the file attached to this task, added for your convenience).
Download this into your attacking machine, and run the following commands to configure your system to use this Java version by default (adjust the download filesystem path as appropriate):
sudo mkdir /usr/lib/jvm
cd /usr/lib/jvm
sudo tar xzvf ~/Downloads/jdk-8u181-linux-x64.tar.gz # modify as needed