Skip to content

Instantly share code, notes, and snippets.

View storenth's full-sized avatar

Kirill Zhdanov storenth

52 followers · 61 following
View GitHub Profile
@bagder
bagder / h3-server-howto.md
Last active March 10, 2024 21:13
Setup an HTTP/3 test server

Setup a local HTTP/3 test server

... to toy with and run curl against it.

This is not advice on how to run anything in production. This is for development and experimenting.

Preqreqs

An existing local HTTP/1.1 server that hosts files. Preferably also a few huge ones.

@six2dez
six2dez / axiom_config.sh
Last active May 9, 2023 07:32
axiom_config.sh
#!/bin/bash
# Use this as initial axiom's script on reconftw.cfg file to copy config files to the fleet
axiom-exec 'mkdir -p /home/op/.config/amass/ /home/op/Tools/ /home/op/.config/subfinder/ /home/op/.config/notify/'
axiom-scp ~/.config/amass/config.ini '*':/home/op/.config/amass/config.ini
axiom-scp ~/Tools/h8mail_config.ini '*':/home/op/Tools/h8mail_config.ini
axiom-scp ~/Tools/.github_tokens '*':/home/op/Tools/.github_tokens
axiom-scp ~/.config/notify/notify.conf '*':/home/op/.config/notify/notify.conf
axiom-scp ~/Tools/.gitlab_tokens '*':/home/op/Tools/.gitlab_tokens
@lanmaster53
lanmaster53 / whey-cewler.py
Last active January 9, 2024 18:49
'''
Based on the initial work of Digininja at https://github.com/digininja/CeWL. While CeWL is a script written
in Ruby that requires an independent crawl of a website in order to build a custom wordlist, Whey CeWLer
runs within Portswigger's Burp Suite and parses an already crawled sitemap to build a custom wordlist. It
does not have the meta data parsing capabilities that CeWL does, but it more than makes up for it in
convenience.
The name gets its origins from the CeWLer portion of the CO2 Burp extension by Jason Gillam, which is written
in Java and does something similar, but Whey CeWLer is a completely reimagined extension written in Python,
making it "way cooler".
@0xblackbird
0xblackbird / open-redirect.md
Created April 1, 2021 19:04
Open redirect bypasses
@six2dez
six2dez / subdomains.txt
Last active June 17, 2024 07:32
subdomains.txt
This file has been truncated, but you can view the full file.
0
001
002
003
01
02
03
1
2
2014
@saurabh96216
saurabh96216 / CGI fuzzing.txt
Created February 9, 2021 01:15
CGI wordlist
TiVoConnect?Command=QueryServer
TiVoConnect?Command=QueryContainer&Container=/&Recurse=Yes
cgi-bin/cart32.exe
cgi-bin/classified.cgi
cgi-bin/download.cgi
cgi-bin/flexform.cgi
cgi-bin/flexform
cgi-bin/lwgate.cgi
cgi-bin/LWGate.cgi
cgi-bin/lwgate
@h4ms1k
h4ms1k / asyncio_ssrf.py
Last active August 7, 2022 01:09
#https://github.com/m4ll0k/Bug-Bounty-Toolz/blob/master/ssrf.py
import aiohttp
import asyncio
import urllib3
import sys
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
injectable_headers = [
@CMNatic
CMNatic / cloudSettings
Last active October 5, 2023 19:22
TryHackMe OWASP-10-A8: Insecure Deserialization RCE PoC
{"lastUpload":"2021-08-31T08:20:42.057Z","extensionVersion":"v3.4.3"}
@cihanmehmet
cihanmehmet / CVE-2020-5902.md
Last active January 29, 2024 12:34
BIGIP CVE-2020-5902 Exploit POC

🚨BIGIP CVE-2020-5902 Exploit POC 🔥🧱🔨👀

Shodan Seaarch

title:"Big-IP®" org:"Organization Name"
http.title:"BIG-IP®- Redirect" org:"Organization Name"
http.favicon.hash:-335242539 "3992" org:"Organization Name"

🔸LFI

@aslushnikov
aslushnikov / install-mouse-helper.js
Last active June 11, 2024 14:01
// This injects a box into the page that moves with the mouse;
// Useful for debugging
async function installMouseHelper(page) {
await page.evaluateOnNewDocument(() => {
// Install mouse helper only for top-level frame.
if (window !== window.parent)
return;
window.addEventListener('DOMContentLoaded', () => {
const box = document.createElement('puppeteer-mouse-pointer');
const styleElement = document.createElement('style');