Skip to content

Instantly share code, notes, and snippets.

Avatar
😎
Making stuff that breaks stuff

Somdev Sangwan s0md3v

😎
Making stuff that breaks stuff
View GitHub Profile
@s0md3v
s0md3v / cod.py
Created Mar 10, 2021
poc for cod mobile gunsmith helper
View cod.py
# Author: Somdev Sangwan (@s0md3v)
#
# GPL v3 License
# Copyright 2021 Somdev Sangwan
import itertools
attachments = {
'tactical suppressor': {
'type': 'muzzle',
@s0md3v
s0md3v / waffer.py
Created Dec 16, 2020
enumerates working event handlers
View waffer.py
import requests
with open("events", "r") as events:
for event in events:
event = event.rstrip("\n")
print(requests.get("http://game1.aliyundemo.com/demo/xss.php?name=<x/%s=" % event).status_code, event)
@s0md3v
s0md3v / events
Created Dec 16, 2020
event handlers
View events
bruh
onabort
onactivate
onafterprint
onafterscriptexecute
onafterupdate
onanimationend
onanimationiteration
onanimationstart
onariarequest
@s0md3v
s0md3v / concurrency.go
Last active Oct 15, 2020
concurrency in golang
View concurrency.go
package main
import (
"sync"
"net/http"
)
func example_function(){
// function to be run concurrently
}
View recieve.html
<script>
window.addEventListener("message", function(message){
document.write("I heard '" + message.data + "'")
});
</script>
View send.html
<script>
function send_message() {
document.getElementById("frame").contentWindow.postMessage("hello there", "http://localhost/recieve.html");
}
</script>
<iframe id="frame" onload="send_message()" src="recieve.html"></iframe>
@s0md3v
s0md3v / nvd-dump.sql
Created Jan 7, 2020
Dump vuln CPEs from NVD
View nvd-dump.sql
WITH
deep AS(
WITH
nested AS(
SELECT
configurations.nodes AS arr
FROM
`red-team-project.bq_nvd.nvd`
WHERE
EXISTS (
@s0md3v
s0md3v / cli.py
Created Aug 2, 2019
multi-threaded goop
View cli.py
import sys
import json
import concurrent.futures
from goop import goop
green = '\033[92m'
white = '\033[97m'
yellow = '\033[93m'
end = '\033[0m'
@s0md3v
s0md3v / portscanner.py
Created Jul 5, 2019
Striker's 1 second portscanning module
View portscanner.py
import sys
import socket
import concurrent.futures
from contextlib import closing
ports = [1,3,4,6,7,9,13,17,19,20,21,22,23,24,25,26,30,32,33,37,42,43,49,53,70,79,80,81,82,
83,84,85,88,89,90,99,100,106,109,110,111,113,119,125,135,139,143,144,146,161,163,179,199,
211,212,222,254,255,256,259,264,280,301,306,311,340,366,389,406,407,416,417,425,427,443,
444,445,458,464,465,481,497,500,512,513,514,515,524,541,543,544,545,548,554,555,563,587,
593,616,617,625,631,636,646,648,666,667,668,683,687,691,700,705,711,714,720,722,726,749,
@s0md3v
s0md3v / redos.py
Last active Apr 21, 2019
Scan a directory for exploitable regular expressions
View redos.py
#!/usr/bin/env python3
import os, re, sys, glob, math, warnings
end = '\033[0m'
red = '\033[91m'
green = '\033[92m'
info = '\033[93m[!]\033[0m'
good = '\033[92m[+]\033[0m'
line = red + ('-' * 100) + end