Skip to content

Instantly share code, notes, and snippets.

View schniggie's full-sized avatar
💣
/${@𝚓𝚊𝚟𝚊.𝚕𝚊𝚗𝚐.𝚁𝚞𝚗𝚝𝚒𝚖𝚎@𝚐𝚎𝚝𝚁𝚞𝚗𝚝𝚒𝚖𝚎().𝚎𝚡𝚎𝚌("𝚆𝚃𝙵 𝙰𝚝𝚕𝚊𝚜𝚜𝚒𝚊𝚗")}/

ᄃΉЯIƧƬӨPΉΣЯ (BᄂΣᄃKMΛПП-)DЯΣΉΣЯ schniggie

💣
/${@𝚓𝚊𝚟𝚊.𝚕𝚊𝚗𝚐.𝚁𝚞𝚗𝚝𝚒𝚖𝚎@𝚐𝚎𝚝𝚁𝚞𝚗𝚝𝚒𝚖𝚎().𝚎𝚡𝚎𝚌("𝚆𝚃𝙵 𝙰𝚝𝚕𝚊𝚜𝚜𝚒𝚊𝚗")}/
28 followers · 6 following
View GitHub Profile
@Stanback
Stanback / nginx.conf
Last active July 24, 2024 18:44 — forked from michiel/cors-nginx.conf
Example Nginx configuration for adding cross-origin resource sharing (CORS) support to reverse proxied APIs
#
# CORS header support
#
# One way to use this is by placing it into a file called "cors_support"
# under your Nginx configuration directory and placing the following
# statement inside your **location** block(s):
#
# include cors_support;
#
# As of Nginx 1.7.5, add_header supports an "always" parameter which
@morhekil
morhekil / nginx.conf
Created August 14, 2014 12:18
Full request/response body logging in nginx
http {
log_format bodylog '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" $request_time '
'<"$request_body" >"$resp_body"';
lua_need_request_body on;
set $resp_body "";
body_filter_by_lua '
@dciccale
dciccale / docker-enter
Last active March 30, 2022 16:48
docker-enter bash alias to enter a docker container
# usage docker-enter [CONTAINER_ID]
dockerenter() {
docker exec -it $1 bash
}
alias docker-enter=dockerenter
@rhaidiz
rhaidiz / sqlmapapiwrapper.py
Last active April 22, 2023 21:22
sqlmap APIs wrapper
#!/usr/bin/env python3.5
"""
This library provides convenient methods for executing
and accessing sqlmap APIs.
NOTE: Tested only with python3.5
"""
import time
@BuffaloWill
BuffaloWill / cloud_metadata.txt
Last active July 22, 2024 12:50
Cloud Metadata Dictionary useful for SSRF Testing
## IPv6 Tests
http://[::ffff:169.254.169.254]
http://[0:0:0:0:0:ffff:169.254.169.254]
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
@0xjac
0xjac / private_fork.md
Last active July 28, 2024 14:13
Create a private fork of a public repository

The repository for the assignment is public and Github does not allow the creation of private forks for public repositories.

The correct way of creating a private frok by duplicating the repo is documented here.

For this assignment the commands are:

  1. Create a bare clone of the repository. (This is temporary and will be removed so just do it wherever.) 
    

    2. 



git clone --bare git@github.com:usi-systems/easytrace.git



  


  




    


          
    

      

        
        

          

              @mdonkers
          

          

            
                mdonkers
                / server.py
            
            

              Last active
              July 22, 2024 13:51
            

              
                Simple Python 3 HTTP server for logging all GET and POST requests
              
          

        

      

        

  

    
    


        



  


  

        

          
          #!/usr/bin/env python3
        

        

          
          """
        

        

          
          License: MIT License
        

        

          
          Copyright (c) 2023 Miel Donkers
        

        

          
          
        

        

          
          Very simple HTTP server in python for logging requests
        

        

          
          Usage::
        

        

          
              ./server.py [<port>]
        

        

          
          """
        

        

          
          from http.server import BaseHTTPRequestHandler, HTTPServer
        

  





    


  




    


          
    

      

        
        

          

              @1kastner
          

          

            
                1kastner
                / reflect.py
            
            

              Last active
              April 3, 2024 13:52
                — forked from huyng/reflect.py
            

              
                A simple echo server to inspect http web requests
              
          

        

      

        

  

    
    


        



  


  

        

          
          #!/usr/bin/env python
        

        

          
          # Reflects the requests from HTTP methods GET, POST, PUT, and DELETE
        

        

          
          # Written by Nathan Hamiel (2010)
        

        

          
          

        

        

          
          from http.server import HTTPServer, BaseHTTPRequestHandler
        

        

          
          from optparse import OptionParser
        

        

          
          

        

        

          
          class RequestHandler(BaseHTTPRequestHandler):
        

        

          
              
        

        

          
              def do_GET(self):
        

  





    


  




    


          
    

      

        
        

          

              @mgeeky
          

          

            
                mgeeky
                / smtpAudit.py
            
            

              Last active
              April 2, 2024 09:47
            

              
                SMTP Black-Box configuration audit / penetration testing tool - able to parse SPF/DKIM/Banner, test for Open-Relaying, test SSL/TLS enforcement and verify other common misconfigurations.
              
          

        

      

        

  

    
    


        



  


  

        

          
          #!/usr/bin/python3
        

        

          
          #
        

        

          
          #   SMTP Server configuration black-box testing/audit tool, capable of auditing
        

        

          
          # SPF/Accepted Domains, DKIM, DMARC, SSL/TLS, SMTP services, banner, Authentication (AUTH, X-EXPS)
        

        

          
          # user enumerations (VRFY, EXPN, RCPT TO), and others.
        

        

          
          #
        

        

          
          # Currently supported tests:
        

        

          
          #   01) 'spf'                           - SPF DNS record test
        

        

          
          #           - 'spf-version'             - Checks whether SPF record version is valid
        

        

          
          #           - 'all-mechanism-usage'     - Checks whether 'all' mechanism is used correctly
        

  





    


  




    


          
    

      

        
        

          

              @haccer
          

          

            
                haccer
                / scanio.sh
            
            

              Last active
              July 26, 2024 17:30
            

              
                 PoC script to mass-locate vulnerable subdomains using results from Rapid7's Project Sonar
              
          

        

      

        

  

    
    


        



  


  

        

          
          #!/bin/bash
        

        

          
          # Usage : ./scanio.sh <save file>
        

        

          
          # Example: ./scanio.sh cname_list.txt
        

        

          
          

        

        

          
          # Premium
        

        

          
          function ech() {
        

        

          
            spinner=( "|" "/" "-" "\\" )
        

        

          
            while true; do
        

        

          
              for i in ${spinner[@]}; do
        

        

          
                echo -ne "\r[$i] $1"